Open secretrobotron opened 5 years ago
So lets see, how would this look in the Standard itself? "The company clearly discloses the categories of information is shares or receives from affiliates, parent company, or subsidiaries and whether any anonymization techniques are used."
In our "Data Use" section, we say "The company clearly discloses what user information it shares.", but the rest of the section implies this is about third-party sharing. But, when large companies purchase one another and combine data sets, or when a company has multiple potential sources of personal data (e.g. Facebook & Instagram; Microsoft & LinkedIn; Yahoo! & Tumblr), should the rules or expectations of data use be disclosed?
For example, Facebook's Data Policy has a section titled, "How do the Facebook Companies work together?"
It's possible that the "Data Collection" section covers this, since it seeks to ask where companies get all of their data, but for very large/broad data policies, that is perhaps not enough detail to do a reasonable evaluation.
@j-br0 @KatieMcInnis @TatevSarg thoughts?