PARTNER WITH YOUR USERS

Put users in control and stand up for their rights.

Even if you plan to offer your product “for free” and generate revenue from advertising or other means, it is in your best interest to treat your users as partners: recognizing and respecting their expectations, giving them the tools to make their own decisions about their personal information, and standing up for them when they are unable to defend themselves. By doing so, you may not only avoid the consequences when users are unpleasantly surprised about how their data are used, you may find that users who trust you are more willing to pay for or engage with your service.

COMPLY ONLY WITH VALID DEMANDS FOR INFORMATION.
If you suspect that a demand for information is invalid or unenforceable, evaluate your options and consider formal and informal avenues of challenging it. Helping create stronger, clearer privacy laws will make compliance easier in the future, and your users will reward you for fighting for their interests.
Case Study

Apple Draws Attention to New Products by Fighting Centuries-Old Law

Apple drew attention to its privacy-friendly practices when it refused to comply with a warrant demanding that it access data on a customer’s cell phone.

Apple drew attention to its privacy-friendly practices when it refused to comply with a warrant demanding that it access data on a customer’s cell phone. In 2015, Apple received a court order to provide data from an iPhone based on the two-hundred-year-old “All Writs Act.” Rather than complying, Apple challenged the order in court. Apple’s action earned it—and its new encrypted-by-default iPhones—widespread media attention.

Case Study

Security Firm RSA Faces Backlash for NSA “Backdoor”

Prominent security firm RSA faced a massive backlash after reports that it has been paid by the NSA to adopt compromised encryption tools.

Prominent security firm RSA faced a massive backlash after reports that it has been paid by the NSA to adopt compromised encryption tools. The story stoked rumors that the spy agency had “backdoor” access to the encrypted communications of the company’s customers, severely damaging trust in the RSA brand. Security experts and the press boycotted the company’s prestigious annual conference and called for RSA to “come clean.

Case Study

Amazon Applauded for Suing to Protect Users

Amazon was praised for its commitment to protecting the privacy of users in 2010 after refusing a demand to turn over records detailing more than 50 million purchases of North Carolina residents to that state’s Department of Revenue.

Amazon was praised for its commitment to protecting the privacy of users in 2010 after refusing a demand to turn over records detailing more than 50 million purchases of North Carolina residents to that state’s Department of Revenue. To protect its customers and their ability to “purchase sensitive or unpopular material,” the company filed suit against the state agency with the support of the ACLU. After a judge ruled against North Carolina, the state ultimately agreed not to demand the titles or other identifying information about books, movies, and similar material. As a result, Amazon was applauded for defending “the free speech and privacy rights of Amazon.com customers.”

PROMPTLY NOTIFY USERS AND GIVE THEM AN OPPORTUNITY TO RESPOND.
One of the simplest ways to protect your users is by giving them the opportunity to protect themselves. If and when you do receive a demand for information, notify the affected users if possible and inform them that they should explore potential legal options to challenge the demand. And give the user as much time as possible before complying with the demand yourself. Doing so costs very little but still clearly positions you as your users’ ally.
Case Study

Tech Companies Praised for Notifying Users About Data Demands

Tech companies including Facebook, Apple, Google, and Microsoft won acclaim when they revised their policies to consistently notify users about government demands for their data.

Tech companies including Facebook, Apple, Google, and Microsoft won acclaim when they revised their policies to consistently notify users about government demands for their data. The changes were described as proudly “defiant” after the revelations of NSA, drawing praise from media and privacy advocates alike.

Case Study

Twitter’s Resistance to Gag Order Called a “Remarkable Display of Backbone”

In January 2011, Twitter was applauded for its “remarkable display of backbone” in standing up for its users’ privacy and free speech rights by challenging the secrecy of a demand from the Department of Justice (DOJ).

In January 2011, Twitter was applauded for its “remarkable display of backbone” in standing up for its users’ privacy and free speech rights by challenging the secrecy of a demand from the Department of Justice (DOJ). The DOJ obtained a court order requiring Twitter to turn over those records about users associated with WikiLeaks, including contact and credit card information and the identities of other individuals who communicated with those users. The court also issued a “gag order” prohibiting Twitter from telling these users about the demand. However, Twitter fought back against the gag order and won, allowing the company to uphold its promise to notify users of government demands where legally possible.

DISCLOSE ONLY REQUIRED INFORMATION.
If you are required to turn over user information, make sure you don’t turn over more than you must. Turning over months of records when only a single week’s worth of data is required or disclosing user transactions outside the scope of the demand can lead to legal liability as well as the loss of user trust. On the other hand, pushing back against overbroad demands can help you limit your own costs and build a reputation for standing up for your users.
Case Study

Facebook Hailed for Fighting Overbroad Search Warrants

Facebook was hailed by the media after it “vehemently” opposed a set of warrants from the New York District Attorney’s Office demanding information on 381 users, arguing that the warrants were overbroad.

Facebook was hailed by the media after it “vehemently” opposed a set of warrants from the New York District Attorney’s Office demanding information on 381 users, arguing that the warrants were overbroad. Although Facebook ultimately lost its legal battle to prevent disclosure, it was able to persuade the District Attorney to unseal the case, permitting Facebook to notify the affected users. As a result of its efforts, Facebook was applauded for taking a strong stance for user privacy as other companies “rall[ied] behind” the company’s stance on the issue.

Case Study

Google Wins “Kudos” for Fighting Demand for Millions of Search Records

Google was praised, and its competitors chastised, when in 2005 the company challenged a subpoena from the federal Department of Justice (DOJ) that demanded every single search query the company had received over a two-month period.

Google was praised, and its competitors chastised, when in 2005 the company challenged a subpoena from the federal Department of Justice (DOJ) that demanded every single search query the company had received over a two-month period. Google emerged the victor, with the court holding that the government was only entitled to a limited data set including no personal information. By standing up for privacy, Google reaped a bonanza of positive public and media attention including favorable comparisons with competitors who “meekly complied” with similar demands.

PUBLICLY RELEASE A TRANSPARENCY REPORT DETAILING DATA DEMANDS

Being transparent about how many demands for information you receive and when you comply with these demands, can benefit not only your users but your reputation as well, giving users as much information as possible about information demands from third parties and the steps you have taken in response. The easiest way to accomplish this is by producing a biannual or annual “transparency report” documenting and providing detail about these demands. The ACLU of California has created a set of tools (online at itsgoodfor.biz/resources) to help you track and respond to demands for user information and produce your own transparency reports.

Case Study

Companies Hailed for Issuing Transparency Reports

Numerous companies, including Apple, Dropbox, Facebook, and Reddit have been applauded for

Numerous companies, including Apple, Dropbox, Facebook, and Reddit have been applauded for issuing regular transparency reports in the wake of the disclosure of information about NSA spying by Edward Snowden. These reports detail how often the company received and responded to government requests for its users’ data. Press described the trend toward issuing such reports as so overwhelming as to become “commonplace for Internet companies,” while privacy advocates called the information “invaluable.”

PUSH FOR STRONGER LAWS TO PROTECT USER PRIVACY
Although privacy issues are increasingly on the radar of the public, press, lawmakers, and regulators, legal protections for online privacy are still badly outdated. This puts user privacy at risk and subjects companies to demands for information that may or may not be legitimate. Joining coalitions with advocates and other companies and supporting efforts to reform privacy law at the state and federal level may not only clarify your own legal obligations, it can also help to establish your reputation as a company invested in protecting your users’ privacy.
Case Study

Tech Giants Praised for Supporting Digital Privacy Protections for Californians

Technology companies including Facebook, Twitter, Dropbox, and Google were praised for supporting the California Electronic Communications Privacy Act.

Technology companies including Facebook, Twitter, Dropbox, and Google were praised for supporting the California Electronic Communications Privacy Act. The law, which was successfully enacted and went into effect in January 2016, requires California law enforcement to get a warrant to gain access to electronic information, including email and text messages, online documents, sensitive metadata, and location information. Press warmly applauded the companies for “taking note of customers’ privacy concerns” in uniting behind the effort.

Case Study

Tech Companies Win Privacy Credibility by Supporting NSA Reforms

Technology titans including Yahoo, Apple, and Microsoft won acclaim for consistently calling for reforms to U.S. surveillance after the Snowden revelations.

Technology titans including Yahoo, Apple, and Microsoft won acclaim for consistently calling for reforms to U.S. surveillance after the Snowden revelations. Through joint public campaigns, the companies demanded limits on domestic and foreign surveillance by the federal government. The USA Freedom Act, one of the reform bills supported by the companies, became law in mid-2015. Legislators seized on the tech companies move as a contribution to “the growing momentum” around reform, and privacy advocates called it a “game changer.”

Share This: