Welcome to Consumer Reports Advocacy

For 85 years CR has worked for laws and policies that put consumers first. Learn more about CR’s work with policymakers, companies, and consumers to help build a fair and just marketplace at TrustCR.org

Fair Digital Finance Evaluation Framework Fair Digital Finance Evaluation Framework
Fair Digital Finance Evaluation Framework

Principle 2: Privacy

People have control over their data and understand what is collected, how it is used, and with whom it is shared.

 

Subprinciple: Data Minimization

  • Companies disclose with specificity what user information they collect, when they collect, from what sources they collect, and for what purposes they collect.
    • The company discloses the specific data elements they collect.
    • The company discloses how data elements are collected.
    • The company clearly discloses its purpose for collecting each type of user information.
    • The company appropriately discloses privacy information on app stores.
  • The only information the company collects about the user is what’s needed to make the product or service work correctly.
    • The user information collected is only that which is directly relevant and necessary for the service.
    • Product still works when all permissions not relevant to product’s functionality are declined.
    • Company does not engage in network growth hacking (sharing contacts to the app) unless doing so is a feature of the app (e.g., for P2P payment services)
  • Data usage is consistent with the context of the relationship with the user and is transparent.
    • Data usage is consistent with the context of the relationship with the user.
    • The company only uses data to support the initial purpose for which the data was collected.
  • Data sharing and use of third parties are clearly disclosed.
    • The company clearly discloses what information it shares with whom.
    • The company clearly discloses the purpose driving any sharing of information.
    • Third party domains contacted by the product are named in the privacy policy.
    • The company clearly discloses whether it shares information with government or legal authorities and in what situations.
  • Data sharing and use of third parties are reasonably scoped.
    • The company only shares information with third parties as is reasonably necessary to deliver the service to users.
    • Company provides adequate recourse to users in the event that data is mishandled by third party.
  • Company does not sell user data
    • Company commits in legally binding documentation to not sell user data
    • If company does not commit to not sell users’ data, data sales are opt-in by default, with clearly defined process in legally binding documentation to give and withdraw consent
  • The company does not retain data for an excessive amount of time.
    • The company provides specific retention periods for different types of information that are reasonably scoped to get rid of outdated and unnecessary information collected from or about users.
    • The company describes a secure data deletion procedure that deletes and destroys data no longer needed to support the service.
    • If the company does not describe a data deletion process, they clearly describe the legal or regulatory requirements that require data be retained.
    • The company does not delete all data, but specifies that some data will be retained in deidentified form.
  • User account and information are deleted when they leave the service.
    • All user information is deleted when the user deletes their account from the service.
    • All user information is deleted when the user’s service is terminated for reasons other than fraud or suspicious activity.
    • All user information is deleted if the service ceases to operate or goes out of business.
  • Use of Software Development Kits is appropriate.
    • The embedded SDKs are appropriate for the purpose of the app.

 

Subprinciple: Right to Access, Control, and Delete

  • User data rights are clearly disclosed before a person creates an account on the service.
    • User data rights are clearly disclosed before a person creates an account on the service.
    • Company clearly discloses rights that are specific to users in particular states.
  • Users can delete the data the company has about them that is not needed to provide the service.
    • The legally binding documentation defines users’ rights to delete their information.
    • The company offers easy-to-find and -use controls that allow users to delete data not necessary to render the service.
  • Users can see everything the company knows about them.
    • The definition of ‘user information’ includes information collected from third-parties.
    • Users can obtain all public-facing and private user information the company holds about them.
    • Users can obtain all public-facing and private user information the company holds about them at no cost.
    • Users can obtain all public-facing and private user information the company holds about them in a usable, machine-readable format
  • Users can review and correct data that is incorrect or missing.
    • Users have an actionable right to review and correct data that is incorrect or missing.

 

Subprinciple: User Privacy Control

  • Users can control privacy settings.
    • The product or service contains settings that allow for different levels of privacy control.
    • The privacy settings can be adjusted to limit what data is accessible to other users.
  • The default settings in this product prioritize user privacy; to give up privacy, users actually need to change the settings.
    • User interface settings which are optimal for privacy are set by default.
    • Targeted advertising is off by default.
    • The privacy settings do not use deceptive design to trick consumers into oversharing.