PARTNER WITH YOUR USERS

Put users in control and stand up for their rights.

Even if you plan to offer your product “for free” and generate revenue from advertising or other means, it is in your best interest to treat your users as partners: recognizing and respecting their expectations, giving them the tools to make their own decisions about their personal information, and standing up for them when they are unable to defend themselves. By doing so, you may not only avoid the consequences when users are unpleasantly surprised about how their data are used, you may find that users who trust you are more willing to pay for or engage with your service.

COMPLY ONLY WITH VALID DEMANDS FOR INFORMATION.
If you suspect that a demand for information is invalid or unenforceable, evaluate your options and consider formal and informal avenues of challenging it. Helping create stronger, clearer privacy laws will make compliance easier in the future, and your users will reward you for fighting for their interests.
Case Study

Apple Draws Attention to New Products by Fighting Centuries-Old Law

Apple drew attention to its privacy-friendly practices when it refused to comply with a warrant demanding that it access data on a customer’s cell phone.

Apple drew attention to its privacy-friendly practices when it refused to comply with a warrant demanding that it access data on a customer’s cell phone. In 2015, Apple received a court order to provide data from an iPhone based on the two-hundred-year-old “All Writs Act.” Rather than complying, Apple challenged the order in court. Apple’s action earned it—and its new encrypted-by-default iPhones—widespread media attention.

Case Study

Security Firm RSA Faces Backlash for NSA “Backdoor”

Prominent security firm RSA faced a massive backlash after reports that it has been paid by the NSA to adopt compromised encryption tools.

Prominent security firm RSA faced a massive backlash after reports that it has been paid by the NSA to adopt compromised encryption tools. The story stoked rumors that the spy agency had “backdoor” access to the encrypted communications of the company’s customers, severely damaging trust in the RSA brand. Security experts and the press boycotted the company’s prestigious annual conference and called for RSA to “come clean.

Case Study

Apple Pushes Back Against Push Notification Demands

Apple revised its law enforcement guidelines to require a search warrant before handing over information about its customers’

Apple revised its law enforcement guidelines to require a search warrant before handing over information about its customers’ push notifications to law enforcement. This change followed a letter from Senator Ron Wyden to the Department of Justice expressing concern that law enforcement were asking Google and Apple to provide information about their customer’s app notifications—which could include sensitive information about health, finances, and personal messages—and then prohibiting the companies from publicly mentioning these requests. Following this revelation, competitor Google stated that it had always required judicial approval to hand over this kind of information. Apple soon followed course, leading Senator Wyden and others to cheer Apple for “doing the right thing” to increase privacy protections for its user’s information. 

PROMPTLY NOTIFY USERS AND GIVE THEM AN OPPORTUNITY TO RESPOND.
One of the simplest ways to protect your users is by giving them the opportunity to protect themselves. If and when you do receive a demand for information, notify the affected users if possible and inform them that they should explore potential legal options to challenge the demand. And give the user as much time as possible before complying with the demand yourself. Doing so costs very little but still clearly positions you as your users’ ally.
Case Study

Tech Companies Praised for Notifying Users About Data Demands

Tech companies including Facebook, Apple, Google, and Microsoft won acclaim when they revised their policies to consistently notify users about government demands for their data.

Tech companies including Facebook, Apple, Google, and Microsoft won acclaim when they revised their policies to consistently notify users about government demands for their data. The changes were described as proudly “defiant” after the revelations of NSA, drawing praise from media and privacy advocates alike.

Case Study

Google Defends Users’ Rights to Remain Anonymous Online

Google stood up for the anonymous speech rights of its users when a wealthy pharmaceutical tycoon tried to use a foreign relations law to unmask an anonymous, American Gmail user who had sent critical emails. Google filed a

Google stood up for the anonymous speech rights of its users when a wealthy pharmaceutical tycoon tried to use a foreign relations law to unmask an anonymous, American Gmail user who had sent critical emails. Google filed a motion to quash arguing that American speakers, like Doe, are protected by the First Amendment, which protects the right to speak anonymously and to criticize others. The tycoon retreated and withdrew his subpoena. 

DISCLOSE ONLY REQUIRED INFORMATION.
If you are required to turn over user information, make sure you don’t turn over more than you must. Turning over months of records when only a single week’s worth of data is required or disclosing user transactions outside the scope of the demand can lead to legal liability as well as the loss of user trust. On the other hand, pushing back against overbroad demands can help you limit your own costs and build a reputation for standing up for your users.
Case Study

Google Closes the Door on Geofence Warrants

Google announced that it would change the way it stored users’ location history generated by Google Maps, placing the information on the device rather than central servers and shortening the retention period, making it so that the company could

Google announced that it would change the way it stored users’ location history generated by Google Maps, placing the information on the device rather than central servers and shortening the retention period, making it so that the company could no longer respond to “geofence warrants” from law enforcement. Geofence warrants are a form of digital surveillance where law enforcement compels technology companies—like Google—to produce information about devices that were active in a particular geographic region. These dragnet surveillance warrants raise serious Fourth Amendment concerns and risk sweeping up sensitive information from innocent people. Facing a torrent of law enforcement demands, litigation challenges, and criticism from civil rights organizations, Google changed its default policies in a decision that led to cheers from privacy advocates and defense attorneys

Case Study

Tech Companies Mask Facial Recognition Technology from Law Enforcement

Facing multi-year, high profile campaigns about the dangers of facial recognition from the ACLU and other civil rights groups and additio

Facing multi-year, high profile campaigns about the dangers of facial recognition from the ACLU and other civil rights groups and additional pressure in the wake of protests sparked by the murder of George Floyd, IBM, Amazon, and Microsoft in 2021 announced they would no longer sell facial recognition technology to law enforcement agencies. The ACLU noted that it was glad that the companies were “finally recognizing the dangers face recognition poses to Black and Brown communities and civil rights more broadly” and called for even more action to stop use of this dangerous surveillance technology.  

PUBLICLY RELEASE A TRANSPARENCY REPORT DETAILING DATA DEMANDS

Being transparent about how many demands for information you receive and when you comply with these demands, can benefit not only your users but your reputation as well, giving users as much information as possible about information demands from third parties and the steps you have taken in response. The easiest way to accomplish this is by producing a biannual or annual “transparency report” documenting and providing detail about these demands. The ACLU of California has created a set of tools (online at itsgoodfor.biz/resources) to help you track and respond to demands for user information and produce your own transparency reports.

Case Study

Companies Hailed for Issuing Transparency Reports

Numerous companies, including Apple, Dropbox, Facebook, and Reddit have been applauded for

Numerous companies, including Apple, Dropbox, Facebook, and Reddit have been applauded for issuing regular transparency reports in the wake of the disclosure of information about NSA spying by Edward Snowden. These reports detail how often the company received and responded to government requests for its users’ data. Press described the trend toward issuing such reports as so overwhelming as to become “commonplace for Internet companies,” while privacy advocates called the information “invaluable.”

PUSH FOR STRONGER LAWS TO PROTECT USER PRIVACY
Although privacy issues are increasingly on the radar of the public, press, lawmakers, and regulators, legal protections for online privacy are still badly outdated. This puts user privacy at risk and subjects companies to demands for information that may or may not be legitimate. Joining coalitions with advocates and other companies and supporting efforts to reform privacy law at the state and federal level may not only clarify your own legal obligations, it can also help to establish your reputation as a company invested in protecting your users’ privacy.
Case Study

Tech Giants Praised for Supporting Digital Privacy Protections for Californians

Technology companies including Facebook, Twitter, Dropbox, and Google were praised for supporting the California Electronic Communications Privacy Act.

Technology companies including Facebook, Twitter, Dropbox, and Google were praised for supporting the California Electronic Communications Privacy Act. The law, which was successfully enacted and went into effect in January 2016, requires California law enforcement to get a warrant to gain access to electronic information, including email and text messages, online documents, sensitive metadata, and location information. Press warmly applauded the companies for “taking note of customers’ privacy concerns” in uniting behind the effort.

Case Study

Tech Companies Win Privacy Credibility by Supporting NSA Reforms

Technology titans including Yahoo, Apple, and Microsoft won acclaim for consistently calling for reforms to U.S. surveillance after the Snowden revelations.

Technology titans including Yahoo, Apple, and Microsoft won acclaim for consistently calling for reforms to U.S. surveillance after the Snowden revelations. Through joint public campaigns, the companies demanded limits on domestic and foreign surveillance by the federal government. The USA Freedom Act, one of the reform bills supported by the companies, became law in mid-2015. Legislators seized on the tech companies move as a contribution to “the growing momentum” around reform, and privacy advocates called it a “game changer.”

84% of people surveyed say the government should do more to regulate the way companies collect and use consumer information. (2024).

 

Share This: