A. The company discloses that it collects no user information.
B. If not, does the company satisfy any of the following elements?
1. Data minimization: The company commits to limit collection of user information to what is directly relevant and necessary to accomplish the purpose of its service.
2. The company clearly discloses what user information it collects.
3. The company clearly discloses how it collects user information.
4. The company clearly discloses why it collects user information.
Guidance: We expect companies to clearly disclose whether they collect user information (as we define it, see Appendix 1), and if so, to provide enough detail that users can understand what information the company collects, how it does so, and its reason for doing so.
The term “user information” appears in many indicators throughout this section. RDR takes an expansive interpretation of what constitutes user information:
“User information is any data which is connected to an identifiable person, or may be connected to such a person by combining datasets or utilizing data-mining techniques.”
s further explanation, user Information is any data which documents a user’s characteristics and/or activities. This information may or may not be tied to a specific user account. This information includes, but is not limited to, personal correspondence, user-generated content, account preferences and settings, log and access data, data about a user’s activities or preferences collected from third parties either through behavioral tracking or purchasing of data, and all forms of metadata. User Information is never considered anonymous except when included solely as a basis to generate global measures (e.g. number of active monthly users). For example, the statement, ‘Our service has 1 million monthly active users,’ contains anonymous data, since it does not give enough information to know who those 1 million users are. Our definition is:
“Anonymous data is data that is in no way connected to another piece of information that could enable a user to be identified.”
The expansive nature of this view is necessary to reflect several facts. First, skilled analysts can de-anonymize large data sets. This renders nearly all promises of anonymization unattainable. In essence, any data tied to an ‘anonymous identifier’ is not anonymous; rather, this is often pseudonymous data which may be tied back to the user’s offline identity. Second, metadata may be as or more revealing of a user’s associations and interests than content data, thus this data is of vital interest. Third, entities that have access to many sources of data, such as data brokers and governments, may be able to pair two or more data sources to reveal information about users. Thus, sophisticated actors can use data that seems anonymous to construct a larger picture of a user.
Evaluation: If a company’s disclosure states that it does not collect any user information, fulfilling element A, the company receives full credit for the indicator. If a company does not fulfill element A, the researcher will look for company disclosure to meet the checklist elements of B. A company can receive partial credit if its disclosure meets all elements in the B checklist.
In some cases, laws or regulations might require companies to collect certain information or might prohibit or discourage the company from disclosing what user information they collect. Researchers will document situations where this is the case, but a company will still lose points if it fails to meet all elements. This represents a situation where the law causes companies to be uncompetitive, and we encourage companies to advocate for laws that enable them to fully respect users’ rights to freedom of expression and privacy.
Potential sources:
For more information, click here for a glossary of terms.