Principle 2: Privacy
People have control over their data and understand what is collected, how it is used, and with whom it is shared.
- Users know what user information this company is collecting and when.
- The company discloses the specific data elements they collect.
- The company discloses how data elements are collected.
- The company clearly discloses its purpose for collecting each type of user information.
- The only information the company collects about the user is what’s needed to make the product or service work correctly.
- The user information collected is only that which is directly relevant and necessary for the service.
- Product still works when all permissions not relevant to product’s functionality are declined.
- Manufacturer does not discriminate or otherwise provide a lower level of service if a consumer exercises privacy rights or does not consent to unnecessary secondary data collection or use.
- The default settings in this product prioritize user privacy; to give up privacy, users actually need to change the settings.
- Targeted advertising is off by default.
- The product or service contains settings that allow for different levels of privacy control.
- The privacy settings can be adjusted to limit what data is accessible to other users.
- Users can restrict the service from making any secondary use of data.
- The privacy settings do not use dark patterns to trick consumers into oversharing.
- The privacy settings are accessible to all users as measured by WCAG or a comparable accessibility standard.
- The privacy settings are available in multiple languages, and the translations make sense to native speakers.
- User interface settings which are optimal for privacy are set by default.
- Users can see everything the company knows about them.
- The definition of ‘user information’ includes information collected from third-parties.
- Legal documentation describes or links to information about how users can download a copy of data the company holds about them.
- Users can obtain all public-facing and private user information the company holds about them at no cost.
- Apps allow and support transfer of user data from their service to another service when requested by the user
- Privacy controls exist in the user interface.
- Users have a right to review and correct data this is incorrect or missing.
- Procedure for users to correct data is workable.
- Data sharing and use of third parties are reasonably scoped and transparent.
- The company clearly discloses what information it shares with whom.
- The company clearly discloses the purpose driving any sharing of information.
- The company clearly discloses the types of third parties with which it shares information.
- The company clearly discloses whether it shares information with government or legal authorities.
- Third party domains contacted by the product are named in the privacy policy.
- Data that is shared with third parties is minimized according to the intended use of the app.
- Third parties are rigorously/reasonably vetted to ensure that data is not transmitted to dangerous or high-risk endpoints.
- Company provides adequate recourse to users in the event that data is mishandled by third party.
- Data usage is consistent with the context of the relationship with the user and is transparent.
- The company discloses how it uses data collected from users in a legally binding document.
- The company only uses data to support the initial purpose for which the data was collected.
- The company does not retain data for an excessive amount of time.
- The company describes a secure data deletion procedure that deletes and destroys data no longer needed to support the service.
- If the company does not describe a data deletion process, they clearly describe the legal or regulatory requirements that require data be retained.
- The company on its own deletes outdated and unnecessary personal information.
- The company does not delete all data, but specifies that some data will be retained in deidentified form.
- The company provides specific retention periods for different types of information that are reasonably scoped to get rid of outdated and unnecessary information collected from or about users.
- I can delete the data the company has about me that is not needed to provide the service.
- The company offers easy-to-find and -use controls that allow users to delete data not necessary to render service.
- The legally binding documentation defines user’s rights to delete their information.
- My account and information are deleted when I leave the service.
- All user information is deleted when the user deletes their account from the service.
- All user information is deleted when the user’s service is terminated.
- All user information is deleted if the service ceases to operate or goes out of business.
- Use of Software Development Kits is appropriate.
- Use of Software Development Kits is appropriate.