Ease of accessing policies

consumer-reports-innovation-lab / TheDigitalStandard

The Digital Standard is an ambitious, community-led effort to build a framework to test and rate products and services on the basis of privacy, security, and data practices.

Creative Commons Attribution 4.0 International

128 stars 46 forks source link

Ease of accessing policies #101

Closed secretrobotron closed 4 years ago

secretrobotron commented 6 years ago

We have indicators for ToS and Privacy Policy documents that say The privacy policies are easy to find and The Terms of service (ToS) are easy to find. I think we could expand on these a little bit to encourage straight-ahead practice:

Policies should be available online
Policies should be accessible through manufacturer's websites or a Google search and not only through the app/device interface
Policies for specific devices should match policies available online
Policies should be available without having to sign up or log in first
If it's not obvious, there should be some mapping that explains which policies apply to a specific product

cc @j-br0 @TatevSarg @KatieMcInnis

TatevSarg commented 6 years ago

Agree that policies and terms of service should be available online and not just on the device or app, which is basically what we look for when evaluating products on: "The privacy policies are easy to find." & "The Terms of service (ToS) are easy to find." Hence, to avoid overlap, we could add these to the procedure overview rather than create new indicators.

In terms of your fourth bullet point: I think policies being available online (that is publicly) covers that, at least partly.

Your last bullet point is covered in #92 I pulled a request to add the following indicators: "The company clearly discloses which Terms of Service (ToS) apply to the product/service in question," and " The company clearly discloses which privacy policies apply to the product/service in question."

secretrobotron commented 6 years ago

👍 good point on making them procedures. However, the "easy to find" part is already redundant with the criteria, so perhaps we could define it a little further. Instead of "policies are easy to find" we could say something like, "policies are accessible online via unique url" which would makes them easy to track and process. Maybe that's too strong though.

Your last bullet point is covered in #92

Ahhh, right! Thank you.

digitalstandard-bot commented 6 years ago

Thank you for helping shape the Digital Standard. Addressing privacy, security, and data issues in the marketplace requires a community-driven response.

The partners meet once every 3 months to review pull requests.

Thanks again!

TatevSarg commented 6 years ago

We want the policies to be online but also easy to find (e.g., two clicks from the product's/company's homepage). A policy may be accessible via a unique URL but if a user cannot easily find it, then it is still not a good practice.

KatieMcInnis commented 5 years ago

So how about we add the following two as procedures? Policies should be accessible through manufacturer's websites or a internet search (like DuckDuckGo) and not only through the app/device interface Policies for specific devices should match policies available online

@TatevSarg's pull request gets at the other issues, correct?

secretrobotron commented 5 years ago

@TatevSarg @KatieMcInnis how does this feel? https://github.com/TheDigitalStandard/TheDigitalStandard/pull/117