P8. Users’ access to their own user information
Companies should allow users to obtain all of their user information the company holds.
Elements
- Does the company clearly disclose that users can obtain a copy of their user information?
- Does the company clearly disclose what user information users can obtain?
- Does the company clearly disclose that users can obtain their user information in a structured data format?
- Does the company clearly disclose that users can obtain all public-facing and private user information a company holds about them?
- (For mobile ecosystems): Does the company clearly disclose that it evaluates whether the privacy policies of third-party apps made available through its app store disclose that users can obtain all of the user information about them the app holds?
Research guidance
Users should be able to obtain all information that companies hold about them. We expect companies to clearly disclose what options users have to obtain this information, what data this record contains, and what formats users can obtain it in. For mobile ecosystems, we expect the company to disclose to users whether the apps that are available in its app store specify that users can obtain all of the user information that app holds about them.
Potential sources:
- Company privacy policy
- Company account settings
- Company help center
- Company blog posts