Fair Digital Finance Evaluation Framework

Principle 2: Privacy

People have control over their data and understand what is collected, how it is used, and with whom it is shared.

 

Subprinciple: Data Minimization

  • Companies disclose with specificity what user information they collect, when they collect, from what sources they collect, and for what purposes they collect.
    • The company discloses the specific data elements they collect.
    • The company discloses how data elements are collected.
    • The company clearly discloses its purpose for collecting each type of user information.
    • The company appropriately discloses privacy information on app stores.
  • The only information the company collects about the user is what’s needed to make the product or service work correctly.
    • The user information collected is only that which is directly relevant and necessary for the service.
    • Product still works when all permissions not relevant to product’s functionality are declined.
    • Company does not engage in network growth hacking (sharing contacts to the app) unless doing so is a feature of the app (e.g., for P2P payment services)
  • Data usage is consistent with the context of the relationship with the user and is transparent.
    • Data usage is consistent with the context of the relationship with the user.
    • The company only uses data to support the initial purpose for which the data was collected.
  • Data sharing and use of third parties are clearly disclosed.
    • The company clearly discloses what information it shares with whom.
    • The company clearly discloses the purpose driving any sharing of information.
    • Third party domains contacted by the product are named in the privacy policy.
    • The company clearly discloses whether it shares information with government or legal authorities and in what situations.
  • Data sharing and use of third parties are reasonably scoped.
    • The company only shares information with third parties as is reasonably necessary to deliver the service to users.
    • Company provides adequate recourse to users in the event that data is mishandled by third party.
  • Company does not sell user data
    • Company commits in legally binding documentation to not sell user data
    • If company does not commit to not sell users’ data, data sales are opt-in by default, with clearly defined process in legally binding documentation to give and withdraw consent
  • The company does not retain data for an excessive amount of time.
    • The company provides specific retention periods for different types of information that are reasonably scoped to get rid of outdated and unnecessary information collected from or about users.
    • The company describes a secure data deletion procedure that deletes and destroys data no longer needed to support the service.
    • If the company does not describe a data deletion process, they clearly describe the legal or regulatory requirements that require data be retained.
    • The company does not delete all data, but specifies that some data will be retained in deidentified form.
  • User account and information are deleted when they leave the service.
    • All user information is deleted when the user deletes their account from the service.
    • All user information is deleted when the user’s service is terminated for reasons other than fraud or suspicious activity.
    • All user information is deleted if the service ceases to operate or goes out of business.
  • Use of Software Development Kits is appropriate.
    • The embedded SDKs are appropriate for the purpose of the app.

 

Subprinciple: Right to Access, Control, and Delete

  • User data rights are clearly disclosed before a person creates an account on the service.
    • User data rights are clearly disclosed before a person creates an account on the service.
    • Company clearly discloses rights that are specific to users in particular states.
  • Users can delete the data the company has about them that is not needed to provide the service.
    • The legally binding documentation defines users’ rights to delete their information.
    • The company offers easy-to-find and -use controls that allow users to delete data not necessary to render the service.
  • Users can see everything the company knows about them.
    • The definition of ‘user information’ includes information collected from third-parties.
    • Users can obtain all public-facing and private user information the company holds about them.
    • Users can obtain all public-facing and private user information the company holds about them at no cost.
    • Users can obtain all public-facing and private user information the company holds about them in a usable, machine-readable format
  • Users can review and correct data that is incorrect or missing.
    • Users have an actionable right to review and correct data that is incorrect or missing.

 

Subprinciple: User Privacy Control

  • Users can control privacy settings.
    • The product or service contains settings that allow for different levels of privacy control.
    • The privacy settings can be adjusted to limit what data is accessible to other users.
  • The default settings in this product prioritize user privacy; to give up privacy, users actually need to change the settings.
    • User interface settings which are optimal for privacy are set by default.
    • Targeted advertising is off by default.
    • The privacy settings do not use deceptive design to trick consumers into oversharing.