P7. Users’ control over their own user information

The company should clearly disclose to users what options they have to control the company’s collection, inference, retention and use of their user information.

Elements:

1. For each type of user information the company collects, does the company clearly disclose whether users can control the company’s collection of this user information?
2. For each type of user information the company collects, does the company clearly disclose whether users can delete this user information?
3. For each type of user information the company infers on the basis of collected information, does the company clearly disclose whether users can control if the company can attempt to infer this user information?
4. For each type of user information the company infers on the basis of collected information, does the company clearly disclose whether users can delete this user information?
5. Does the company clearly disclose that it provides users with options to control how their user information is used for targeted advertising?
6. Does the company clearly disclose that targeted advertising is off by default?
7. Does the company clearly disclose that it provides users with options to control how their user information is used for the development of algorithmic systems?
8. Does the company clearly disclose whether it uses user information to develop algorithmic systems by default, or not?
9. (For mobile ecosystems and personal digital assistant ecosystems): Does the company clearly disclose that it provides users with options to control the device’s geolocation functions?
   

 Algorithmic system — A system that uses algorithms, machine learning and/or related technologies to automate, optimize and/or personalize decision-making processes.

Clearly disclose(s) — The company presents or explains its policies or practices in its public-facing materials in a way that is easy for users to find and understand.

Collected user information — User information that a company either observes directly or acquires from a third party.

Data inference — Companies are able to draw inferences and predictions about the behaviors, preferences, and private lives of its users by applying “big data” analytics and algorithmic decision making technologies. These methods might be used to make inferences about user preferences or attributes (e.g., race, gender, sexual orientation), and opinions (e.g., political stances), or to predict behaviors (e.g., to serve advertisements). Without sufficient transparency and user control over data inference, privacy-invasive and non-verifiable inferences cannot be predicted, understood, or refuted by users. For more see: Wachter, Sandra and Mittelstadt, Brent, A Right to Reasonable Inferences: Re-Thinking Data Protection Law in the Age of Big Data and AI (October 5, 2018). Columbia Business Law Review, 2019(2), https://ssrn.com/abstract=3248829

Geolocation — Identification of the real-world geographic location of an object, such as a radar source, mobile phone or internet-connected computer terminal. Geolocation may refer to the practice of assessing the location, or to the actual assessed location.

Mobile ecosystem — The indivisible set of goods and services offered by a mobile device company, comprising the device hardware, operating system, app store, and user account.

Options to control — The company provides the user with a direct and easy-to-understand mechanism to opt-in or opt-out of data collection, use, or sharing. “Opt-in” means the company does not collect, use, or share data for a given purpose until users explicitly signal that they want this to happen. “Opt-out” means the company uses the data for a specified purpose by default, but will cease doing so once the user tells the company to stop. Note that this definition is potentially controversial as many privacy advocates believe only “opt-in” constitutes acceptable control. However, for the purposes of RDR, we have elected to count “opt-out” as a form of control.

Personal digital assistant ecosystem — A personal digital assistant (PDA) ecosystem consists of an artificial intelligence-powered interface installed on digital devices that can interact with users through text or voice to access information on the Internet and perform certain tasks with personal data shared by the users. Users can interact with PDA ecosystems through skills, which are either made available by third-party developers/providers or the PDA itself.

Targeted advertising — Targeted advertising, also known as “interest-based advertising,” “personalized advertising,” or “programmatic advertising,” refers to the practice of delivering tailored ads to users based on their browsing history, location information, social media profiles and activities, as well as demographic characteristics and other features. Targeted advertising relies on vast data collection practices, which can involve tracking users’ activities across the internet using cookies, widgets, and other tracking tools, in order to create detailed user profiles.

User information — Any data that is connected to an identifiable person, or may be connected to such a person by combining datasets or utilizing data-mining techniques. User information may be either collected or inferred. As further explanation, user information is any data that documents a user’s characteristics and/or activities. This information may or may not be tied to a specific user account. This information includes, but is not limited to, personal correspondence, user-generated content, account preferences and settings, log and access data, data about a user’s activities or preferences collected from third parties either through behavioral tracking or purchasing of data, and all forms of metadata. User information is never considered anonymous except when included solely as a basis to generate global measures (e.g. number of active monthly users). For example, the statement, ‘Our service has 1 million monthly active users,’ contains anonymous data, since it does not give enough information to know who those 1 million users are.

Users — Individuals who use a product or service. This includes people who post or transmit the content online as well as those who try to access or receive the content. For indicators in the freedom of expression category, this includes third-party developers who create apps that are housed or distributed through a company’s product or service.

This indicator applies to all services with the exception of element 10 which applies to mobile ecosystem and personal digital assistant ecosystem companies only.

We expect companies to clearly disclose what options users have to control the information that companies collect, retain, and infer about them. Enabling users to control what information about them that a company collects, infers, and retains would mean giving users the ability to delete specific types of user information without requiring them to delete their entire account. We therefore expect companies to clearly disclose whether users have the option to delete specific types of user information. In addition, we expect companies to enable users to control the use of their information for the purpose of targeted advertising and algorithmic system development. Targeted advertising requires extensive collection, retention, and inference of user information, and companies should therefore clearly disclose whether users have options to control how their information is being used for these purposes.

For mobile ecosystems and personal digital assistant (PDA) ecosystems, we expect companies to clearly disclose what options users have to control the collection of their location information. A user’s location changes frequently and many users carry their mobile devices nearly everywhere, making the collection of this type of information particularly sensitive. In addition, the location settings on mobile ecosystems and personal digital assistant ecosystems can influence how other products and services access their location information. For instance, mobile apps or PDA ecosystem skills may enable users to control location information. However, if the device on which those mobile apps or PDA skills run collects geolocation data by default and does not give users a way to turn this off, users may not be able to limit that mobile apps’ or PDA skills’ collection of their location information.

• Company privacy policy
• Company account settings page, privacy dashboards
• Company help center