Welcome to Consumer Reports Advocacy

For 85 years CR has worked for laws and policies that put consumers first. Learn more about CR’s work with policymakers, companies, and consumers to help build a fair and just marketplace at TrustCR.org

Fair Digital Finance Evaluation Framework

Principle 2: Privacy

People have control over their data and understand what is collected, how it is used, and with whom it is shared.

 

  • Subprinciple: Disclosure
    • Companies disclose what user information they collect, when they collect, from what sources they collect, and for what purposes they collect.
    • The company discloses the specific data elements they collect.
    • The company discloses how data elements are collected.
    • The company clearly discloses its purpose for collecting each type of user information.
    • Company discloses the use of data collection/data use, and what data, that can be incorporated into a profile that supports secondary uses such as targeted advertising.
    • Data sharing and use of third parties are clearly disclosed.
    • The company clearly discloses what information it shares with whom.
    • The company clearly discloses the purpose driving any sharing of information.
    • Third party domains contacted by the product are named in the privacy policy.
    • The company clearly discloses whether it shares information with government or legal authorities.
    • User data rights are clearly disclosed before a person creates an account on the service.
    • User data rights are clearly disclosed before a person creates an account on the service.
    • The company provides a clear explanation of how users can control whether their information is incorporated into a data profile.
  • Subprinciple: Data Minimization
    • The only information the company collects about the user is what’s needed to make the product or service work correctly.
    • The user information collected is only that which is directly relevant and necessary for the service.
    • Product still works when all permissions not relevant to product’s functionality are declined.
    • Company does not engage in network growth hacking (sharing contacts to the app) unless doing so is a feature of the app (e.g., for P2P payment services).
    • If company does request access to user contacts, there is a clear opt-out.
    • Data usage is consistent with the context of the relationship with the user and is transparent.
    • Data usage is consistent with the context of the relationship with the user.
    • The company only uses data to support the initial purpose for which the data was collected.
    • Use of Software Development Kits is appropriate.
    • The embedded SDKs are appropriate for the purpose of the app.
  • Subprinciple: Data Sharing
    • Data sharing and use of third parties are reasonably scoped.
    • The company only shares information with third parties as is reasonably necessary to deliver the service to users.
    • Data that is shared with third parties is minimized according to the intended use of the app.
    • Third parties are rigorously/reasonably vetted to ensure that data is not transmitted to dangerous or high-risk endpoints.
    • Company provides adequate recourse to users in the event that data is mishandled by third party.
    • Data sales or transfers are opt-in by default.
    • Data sales or transfers are opt in by default, with clearly defined processes in legally binding documentation to give and withdraw consent.
  • Subprinciple: Data Deletion
    • The company does not retain data for an excessive amount of time.
    • The company provides specific retention periods for different types of information that are reasonably scoped to get rid of outdated and unnecessary information collected from or about users.
    • The company describes a secure data deletion procedure that deletes and destroys data no longer needed to support the service.
    • If the company does not describe a data deletion process, they clearly describe the legal or regulatory requirements that require data be retained.
    • The company does not delete all data, but specifies that some data will be retained in deidentified form.
    • I can delete the data the company has about me that is not needed to provide the service.
    • The legally binding documentation defines user’s rights to delete their information.
    • The company offers easy-to-find and -use controls that allow users to delete data not necessary to render service.
    • My account and information are deleted when I leave the service.
    • All user information is deleted when the user deletes their account from the service.
    • All user information is deleted when the user’s service is terminated for reasons other than fraud or suspicious activity.
    • All user information is deleted if the service ceases to operate or goes out of business.
  • Subprinciple: Right to Access and Control
    • Users can see everything the company knows about them.
    • The definition of ‘user information’ includes information collected from third-parties.
    • Legal documentation describes or links to information about how users can download a copy of data the company holds about them.
    • Users can obtain all public-facing and private user information the company holds about them.
    • Users can obtain all public-facing and private user information the company holds about them at no cost.
    • Apps allow and support transfer of user data from their service to another service when requested by the user.
    • Users can review and correct data that is incorrect or missing.
    • Users have a right to review and correct data that is incorrect or missing.
    • Procedure for users to correct data is workable.
  • Subprinciple: User Privacy Control
    • Users can control privacy settings.
    • The product or service contains settings that allow for different levels of privacy control.
    • The privacy settings can be adjusted to limit what data is accessible to other users.
    • The default settings in this product prioritize user privacy; to give up privacy, users actually need to change the settings.
    • User interface settings which are optimal for privacy are set by default.
    • Users can restrict the service from making any secondary use of data.