P1(a). Access to privacy policies

The company should offer privacy policies that are easy to find and easy to understand.

Elements:

  1. Are the company’s privacy policies easy to find?
  2. Are the privacy policies available in the primary language(s) spoken by users in the company’s jurisdiction?
  3. Are the policies presented in an understandable manner?
  4. (For mobile ecosystems): Does the company disclose that it requires apps made available through its app store to provide users with a privacy policy?
  5. (For personal digital assistant ecosystems): Does the company disclose that it requires skills made available through its skill store to provide users with a privacy policy?

Definitions:

App — A self-contained program or piece of software designed to fulfill a particular purpose; a software application, especially as downloaded by a user to a mobile device.

App store — The platform through which a company makes its own apps as well as those created by third-party developers available for download. An app store (or app marketplace) is a type of digital distribution platform for computer software, often in a mobile context.

Easy to find – The terms of service or privacy policy is located one or two clicks away from on the homepage of the company or service, or is located in a logical place where users are likely to find it.

Easy to understand/Understandable manner – The company has taken steps to help users actually understand its terms of service and privacy policy. This includes, but is not limited to, providing summaries, tips, or guidance that explain what the terms mean, using section headers, readable font size, or other graphic features to help users understand the document, or writing the terms using readable syntax.

Mobile ecosystem — The indivisible set of goods and services offered by a mobile device company, comprising the device hardware, operating system, app store, and user account.

Personal digital assistant ecosystem — A personal digital assistant (PDA) ecosystem consists of an artificial intelligence-powered interface installed on digital devices that can interact with users through text or voice to access information on the Internet and perform certain tasks with personal data shared by the users. Users can interact with PDA ecosystems through skills, which are either made available by third-party developers/providers or the PDA itself.

Privacy policies – Documents that outline a company’s practices involving the collection and use of information, especially information about users.

Skills  — Skills are voice-driven personal digital assistant capabilities allowing users to perform certain tasks or engage with online content using devices equipped with a personal digital assistant. Personal digital assistant ecosystem skills are similar to mobile ecosystem apps: users can enable or disable built-in skills or install skills developed by third-parties through stores similar to app stores.

Skill store — The platform through which a company makes its own skills as well as those created by third-party developers available for download. A skill store (or skill marketplace) is a type of digital distribution platform for computer software.

Users — Individuals who use a product or service. This includes people who post or transmit the content online as well as those who try to access or receive the content. For indicators in the freedom of expression category, this includes third-party developers who create apps that are housed or distributed through a company’s product or service.

Indicator guidance: Privacy policies address how companies collect, manage, use, and secure information about users as well as information provided by users. Given this, companies should ensure that users can easily locate this policy and to make an effort to help users understand what they mean. This indicator expects companies to publish privacy policies that are easy to find, are available in the primary languages spoken in the company’s home jurisdiction, and to ensure that the policies are easy to understand. If the company offers multiple products and services, it should be clear to what products and services the policies apply.

A document that is “easy to find” should be easily accessible from the company’s homepage or service website. A policy that is easy to find is located a few clicks away from the homepage, or otherwise accessible in a logical place where users are likely to find it. The terms should also be available in the major language(s) of the home market. In addition, we expect a company to take steps to help users understand the information presented in their documents. This may include, but is not limited to, providing summaries, tips, or guidance that explain what the terms mean, using section headers, readable font size, or other graphic features to help users understand the document, or writing the terms using readable syntax.

Potential sources:

  • Company privacy policy
  • Company data use policy
No Comments

Post A Comment

Sign up for the RADAR

Subscribe to our newsletter to stay in touch!