March 2, 2022

Designing a privacy policy for a privacy app

Ginny Fahs

Ginny Fahs is Associate Director of Product R&D at CR Digital Lab, where she leads a team pioneering new ways for consumers to take control of their data and digital lives.

Image courtesy of Afsal and OpenIDEO’s Cybersecurity Visuals Challenge

Consumers have privacy rights under the law, but it can be pretty hard to use them. CR research has shown just how many obstacles consumers face when they try to use state privacy laws to their advantage. The process needs to be easier.

Permission Slip is our answer. It’s the app to manage your data, and will be available on iOS later this year. Since Permission Slip is helping to define a new category of service for exercising data rights and managing third parties’ uses of data, the policy underlying it matters.

Below you’ll find the guiding principles for Permission Slip’s privacy policy and user agreement. These principles are the compass for Permission Slip’s full privacy policy, which will be published when the app launches to the public.

Privacy policies are living documents, and no policy is perfect. Our goal is to be thoughtful about trade-offs and transparent about our practices so that anyone choosing to use the Permission Slip app is well-informed. 

Have feedback or reactions to share? Drop us a line at permissionslip@cr.consumer.org. And if you want to stay in the loop on Permission Slip and our launch plans, you can sign up here.

Permission Slip Privacy Principles

Permission Slip is a mobile app by Consumer Reports to help consumers manage the data companies may have about them. Consumers can use Permission Slip to find out what companies may know about them, tell companies to stop selling their data and direct companies to delete their data.

When Permission Slip launches to the public, it will have its own Privacy Policy that tells users what we’re collecting, how we’re using it, and what we’re doing to help keep it safe. That Privacy Policy will be based on the following principles:

Consistent purpose. The core functionality of Permission Slip is to help you learn about companies’ data practices and exercise your data rights and options. We anticipate that Permission Slip will grow and add features over time to give you more options for managing and protecting your personal data. Giving you more control over your data and digital life will always be at our core.

Data minimization. Signing up for Permission Slip currently requires a valid email, password, home address, and mobile phone number for two-factor authentication. If we need more information to enable a feature or process a request, we’ll ask for it when we need it.

Separate, safe storage. All information held by Permission Slip will be stored in a separate database from other Consumer Reports data. If a user closes their account, we’ll retain a record of their authorization for Consumer Reports’ legal records, and request history in the Permission Slip database for legal purposes. The Permission Slip account will be configured to be inaccessible via the mobile app; the account will be marked as inactive in the database, and will remain searchable by staff.

Reasonable marketing. Permission Slip won’t share users’ personal information for targeted advertising purposes without your permission. App analytics will be used in aggregate to improve the product and help us develop a marketing strategy. 

Specific prohibited use. However Permission Slip evolves, we won’t sell our users’ personal information.

Consumer protection research and advocacy. We may use the data we create when operating Permission Slip in aggregate, for research and advocacy purposes consistent with Consumer Reports’ mission of fighting for fairness in the marketplace. On occasion, we may want to conduct research that uses individual records. If we do this, we will always ask permission first and communicate about research questions and results.

Clarity. Our goal is to make the language of Permission Slip’s privacy policy and user agreement as clear as possible. Users shouldn’t need a legal degree to read and understand these documents. 

Notice of changes. Any major changes to the Privacy Policy that apply to data we plan to collect in the future will be communicated to users ahead of time, so they can make an informed decision about continuing to use the service. 

The author thanks Mason Kortz and Harvard Cyberlaw Clinic for their collaboration on these principles, as well as CR teammates Justin Brookman, Nicky Besuden, Erika Mikkelsen, Heath Grayson, and Dazza Greenwood.

More From Digital Lab

Edit This
Bitnami