Welcome to Consumer Reports Advocacy

For 85 years CR has worked for laws and policies that put consumers first. Learn more about CR’s work with policymakers, companies, and consumers to help build a fair and just marketplace at TrustCR.org

Fair Digital Finance Evaluation Framework Fair Digital Finance Evaluation Framework
Fair Digital Finance Evaluation Framework

Principle 3: Transparency

Digital finance companies communicate with users in a complete and meaningful way.

 

Subprinciple: Meaningful Privacy Information

  • Company clearly discloses legally binding documentation.
    • All legally binding documentation can be accessed from a single location accessible to users before creating an account or purchasing access to the service.
  • Data collection, usage, sharing, and rights are transparently shared with consumers in a meaningful way.
    • Information about data collection, usage, sharing, and rights are integrated into the onboarding/account set-up process in a meaningful way.
    • App supports users in reviewing or engaging with privacy settings throughout product usage through features such as in-app notifications, privacy check-ups, etc.
    • Privacy policies are written at no higher than an 8th grade reading level.
    • Company shares information about data collection, usage, sharing, and rights in a short form that is accessible before a person creates an account on the service.
  • Users understand their data rights.
    • Users understand their data rights.

 

Subprinciple: Transparent Safety Practices

  • The company meets, and shares which, recognized information security standards.
    • The company transparently states which information security standards it meets.
  • The company notifies appropriate authorities and those affected when a cybersecurity incident occurs.
    • The company commits in legally binding documentation to notify the relevant authorities within 36 hours, or as required by statute, when a cybersecurity incident occurs.
    • The company clearly discloses its process and timeline for notifying, and the steps it will take to address the impact to users who might experience a disruption in service, monetary loss, or identity theft due to a cybersecurity incident.
    • The company maintains a service status dashboard so people can see if and when the service is impacted by outages in real time.

 

Subprinciple: Business Model Transparency

  • Company transparently and voluntarily shares how it earns revenue.
    • Company transparently and voluntarily shares how it earns revenue.

 

Subprinciple: Explanation of Service

  • Fees are transparently shared with consumers in a meaningful way.
    • Fees are shared before a person creates an account with the service.
    • Users receive in-app notifications of fees at appropriate times when interacting with the service.
  • Company explains the service to users in a meaningful way.
    • Company appropriately categorizes and explains services on app stores.
    • Services are explained in a legal document.
    • Services are clearly explained in a meaningful way throughout the user experience.
    • The company commits to notify users about changes to the service.
  • Us of ML/AI is transparently disclosed.
    • Company clearly discloses how and when ML/AI is used.
    • The right for users to challenge automated decisions is defined in a legally binding document.
    • The company has in place a documented governance framework regarding use of AI/ML.
    • The company has appropriate procedures, controls, and safeguards in place during the development, testing, and deployment of algorithms to ensure fairness and accuracy.
    • The company regularly undertakes validation and reviews to ensure the reliability, fairness, accuracy, and relevance of big data analytics and AI models.

 

Subprinciple: Legal Rights

  • People do not need to give up legal rights in order to use the service.
    • The legally binding documentation does not require an end user to commit to resolve disputes via binding arbitration.
    • The legally binding documentation does not require an end user to commit to give up their right to be part of a class action against the company.