A. The company discloses that it does not share user information.
B. If not, does the company satisfy any of the following elements?
1. The company clearly discloses what user information it shares.
2. The company clearly discloses why it shares user information.
3. The company provides a detailed description of the types of third parties with which it shares user information.
4. The company discloses the names of all third parties with which it shares user information and explains what information it shares with each third party.
5. If the company offers multiple services, it clearly discloses whether and how it will share user information between different services.
Guidance: We expect companies to clearly disclose whether they share user information, as we define it, and if so, to provide enough detail that users can understand the scope of this sharing. We expect company disclosure to address company sharing of user information with governments and with commercial entities.
The term “user information” appears in many indicators throughout this section. RDR takes an expansive interpretation of what constitutes user information:
“User information is any data which is connected to an identifiable person, or may be connected to such a person by combining datasets or utilizing data-mining techniques.”
As further explanation, user Information is any data which documents a user’s characteristics and/or activities. This information may or may not be tied to a specific user account. This information includes, but is not limited to, personal correspondence, user-generated content, account preferences and settings, log and access data, data about a user’s activities or preferences collected from third parties either through behavioral tracking or purchasing of data, and all forms of metadata. User Information is never considered anonymous except when included solely as a basis to generate global measures (e.g. number of active monthly users). For example, the statement, ‘Our service has 1 million monthly active users,’ contains anonymous data, since it does not give enough information to know who those 1 million users are. Our definition is:
“Anonymous data is data that is in no way connected to another piece of information that could enable a user to be identified.”
The expansive nature of this view is necessary to reflect several facts. First, skilled analysts can de-anonymize large data sets. This renders nearly all promises of anonymization unattainable. In essence, any data tied to an ‘anonymous identifier’ is not anonymous; rather, this is often pseudonymous data which may be tied back to the user’s offline identity. Second, metadata may be as or more revealing of a user’s associations and interests than content data, thus this data is of vital interest. Third, entities that have access to many sources of data, such as data brokers and governments, may be able to pair two or more data sources to reveal information about users. Thus, sophisticated actors can use data that seems anonymous to construct a larger picture of a user.
Evaluation: If a company’s disclosure states that it does not share any user information, fulfilling element A, the company receives full credit for the indicator. If a company does not fulfill element A, the researcher will look for company disclosure to meet the checklist elements of B. A company can only receive partial credit if its disclosure meets all elements in the B checklist.
Potential sources:
For more information, click here for a glossary of terms.