Welcome to Consumer Reports Advocacy

For 85 years CR has worked for laws and policies that put consumers first. Learn more about CR’s work with policymakers, companies, and consumers to help build a fair and just marketplace at TrustCR.org

Fair Digital Finance Evaluation Framework Fair Digital Finance Evaluation Framework
Fair Digital Finance Evaluation Framework

Principle 3: Transparency

Digital finance companies communicate with users in a complete and meaningful way.
 

  • Subprinciple: Meaningful Privacy Information
    • Company clearly discloses legally binding documentation.
    • All legally binding documentation can be accessed from a single location accessible to users before creating an account or purchasing access to the service.
    • Data collection, usage, sharing, and rights are transparently shared with consumers in a meaningful way.
    • Information about data collection, usage, sharing, and rights are integrated into the onboarding/account set-up process in a meaningful way.
    • App includes regular privacy check-up notifications to encourage and support users to review their privacy settings.
    • Users receive in-app notifications of data collection, usage, sharing, and rights at appropriate times when interacting with the service.
    • Privacy policies are written at no higher than an 8th grade reading level.
    • Company shares information about data collection, usage, sharing, and rights in a short form that is accessible before a person creates an account on the service.
    • Users understand their data rights.
    • Users understand their data rights.
  • Subprinciple: Transparent Safety Practices
    • The company meets, and shares which, recognized information security standards.
    • The company transparently states which information security standards it meets.
    • The company notifies appropriate authorities and those affected when a cybersecurity incident occurs.
    • The company commits in legally binding documentation to notify the relevant authorities within 36 hours, or as required by statute, when a cybersecurity incident occurs.
    • The company clearly discloses its process and timeline for notifying, and the steps it will take to address the impact to users who might experience a disruption in service, monetary loss, or identity theft due to a cybersecurity incident.
    • The company maintains a service status dashboard so people can see if and when the service is impacted by outages in real time.
  • Subprinciple: Explanation of Service
    • Fees are transparently shared with consumers in a meaningful way.
    • Fees are shared before a person creates an account with the service.
    • Users receive in-app notifications of fees at appropriate times when interacting with the service.
    • Company explains the service to users in a meaningful way.
    • Services are explained in a legal document.
    • Services are clearly explained in a meaningful way throughout the user experience.
    • The company commits to notify users about changes to the service.
    • The company discloses how and when users will be directly notified of changes to the service(s).
  • Subprinciple: Legal Rights
    • People do not need to give up legal rights in order to use the service.
    • The legally binding documentation does not require an end user to commit to resolve disputes via binding arbitration.
    • The legally binding documentation does not require an end user to commit to give up their right to be part of a class action against the company.