RESPECT YOUR DATA

Limit and protect the data you collect, retain, and use.
Protecting your users’ privacy requires you to be thoughtful about the data you collect and hold, and how you use it. By carefully considering the costs and benefits of collecting data and by properly safeguarding the information that you do collect, you prevent privacy harms and increase consumer trust in your company. 
IDENTIFY AND COLLECT THE DATA YOU ACTUALLY NEED.

Your product has a purpose, and that purpose should help you identify the information you actually need. Blindly or willfully grabbing information beyond that can subject your product to bad press, excessive government demands, or even financial penalties. Build trust with your users instead by only collecting information as needed.

Case Study

Jay-Z App Data Collection “Verges on Parody”

Jay-Z and Samsung were publicly skewered when their Jay-Z Magna Carta App required so much unnecessary data from users’ smartphones that it “

Jay-Z and Samsung were publicly skewered when their Jay-Z Magna Carta App required so much unnecessary data from users’ smartphones that it “verge[d] on parody.” The app demanded access to a user’s dialed phone numbers, precise GPS location, and details about the user’s other apps. This resulted in a complaint with the Federal Trade Commission (FTC) and forced Samsung to publicly defend the app, all of which left press asking: “If Jay-Z wants to know about my phone calls and email accounts, why doesn’t he join the National Security Agency?

 

 

+ read more
Case Study

FTC Cracks Down on Sale of Data Brokers Selling Geolocation Information

Within a week, the FTC separately accused data brokers X-Mode and InMarket of violating the Federal Trade Commission Act by unfairly and deceptively collecting and sell

Within a week, the FTC separately accused data brokers X-Mode and InMarket of violating the Federal Trade Commission Act by unfairly and deceptively collecting and selling consumers geolocation information, which could be used to “track consumers to sensitive locations, including medical facilities, places of religious worship, places that may be used to infer an LGBTQ+ identification, domestic abuse shelters, and welfare and homeless shelters.” To settle the FTC’s claims of “significant privacy violation[s],” both X-Mode and InMarket agreed not to share or sell sensitive location information. The FTC, media, and politicians have applauded these settlements as successes and a “big deal.” Both orders are part of a broader push by the Biden administration to expand privacy protections in the wake of the Dobbs decision overturning Roe v. Wade.  

+ read more
Case Study

Alexa – Don’t Store Children’s Voices

Amazon had to pay $25 million dollars for improperly collecting children’s voice recordings and  geolocation information through its Alexa devices, misleading parents about privacy protections, and failing to honor deletion requests.

Amazon had to pay $25 million dollars for improperly collecting children’s voice recordings and  geolocation information through its Alexa devices, misleading parents about privacy protections, and failing to honor deletion requests. The DOJ and FTC took action against Amazon for violating the Children’s Online Privacy Protection Act. In addition to the monetary settlement, Amazon must also delete inactive child accounts, stop using certain sensitive information to train its algorithms, stop misrepresenting its privacy policies, and notify its users about the FTC-DOJ action.

 

+ read more

94% of likely voters support new laws requiring tech companies to get permission before they share personal information, and laws that give Californians the right to know what personal information companies collect about them and who it has been shared with. California Statewide Survey, 2019.

RETAIN DATA ONLY AS LONG AS YOU NEED IT.

Just because you need location information to make your service work doesn’t mean you actually need to keep that information. Determine how long you need to keep the data you do collect and delete it once it is no longer necessary to accomplish the purpose for which it was collected. This helps ensure that you’re not retaining information that users don’t expect you to keep and reduces the potential harm of data breach and other privacy hazards.

Case Study

Uh oh, Edmodo! Ed-Tech Provider to Pay $6M for COPPA Violation

Education tech tech provider Edmodo had to pay $6 million in fines in 2023 for collecting information from students without parental consent, using that information for advertising purposes, and

Education tech tech provider Edmodo had to pay $6 million in fines in 2023 for collecting information from students without parental consent, using that information for advertising purposes, and retaining personal information longer than reasonably necessary to fulfill the purpose for which it was collected. The FTC has made it clear that it will enforce children’s online privacy laws and “that ed tech providers cannot outsource compliance responsibilities to schools, or force students to choose between their privacy and education.”

+ read more
Case Study

Microsoft Pays $20M for Improperly Collecting and Retaining Children’s Information

Microsoft was slapped with $20 million in fines in 2023 to settle FTC charges that it violated the Children’s Online Privacy Protection Act (COPPA).

Microsoft was slapped with $20 million in fines in 2023 to settle FTC charges that it violated the Children’s Online Privacy Protection Act (COPPA). The FTC charged Microsoft with violating COPPA and the FTC Act by collecting personal information from children using the company’s Xbox Live online service and related products, collecting this personal information without parent consent, and storing the information longer than reasonably necessary. In addition to paying the large fine, Microsoft needs to bolster protections for children’s information, including requiring parental consent prior to collection and implementing a system to delete all collected information within two weeks of collection.

+ read more

 Half of Americans have decided not to use a product or service because of privacy concerns Pew Research Center, April 14, 2020

Share This:

Related Content

From the Primer

Do You Provide Effective Notice of Data Collection?

If your company’s product includes sensors or otherwise captures data about your users’...+ Read more