P1. Access to privacy policies

The company should offer privacy policies that are easy to find and easy to understand.

Elements
  1. Are the company’s privacy policies easy to find?
  2. Are the privacy policies available in the language(s) most commonly spoken by the company’s users?
  3. Are the policies presented in an understandable manner?
  4. (For mobile ecosystems): Does the company disclose that it requires apps made available through its app store to provide users with a privacy policy?
Research guidance

Privacy policies address how companies collect, manage, use, and secure information about users as well as information provided by users. Given this, companies should ensure that users can easily locate the policy and to make an effort to help users understand what they mean.

This indicator expects companies to provide privacy policies that are easy to find, are available in the languages of the primary markets in which the company operates, and to ensure that the policies are easy to understand. If the company offers multiple products and services, it should be clear to what products and services the policies apply.

A document that is “easy to find” should be located on the homepage of the company or service, or one or two clicks away from the homepage, or in a logical place where users are likely to find it. The terms should also be available in the major language(s) of the primary operating market. In addition, we expect a company to take steps to help users understand the information presented in their documents. This may include, but is not limited to, providing summaries, tips, or guidance that explain what the terms mean, using section headers, readable font size, or other graphic features to help users understand the document, or writing the terms using readable syntax. Terms of Service are not included in this indicator since they are covered in separate indicators in the “Freedom of Expression” category.

Potential sources:

  • Company privacy policy
  • Company data use policy