The Facebook data privacy breach scandals are just beginning to pile up, with multiple ongoing investigations in the United States, England, EU, India and other countries who are just becoming aware of how lax the privacy features were on Facebook. It allowed Cambridge Analytica and its parent SCL Group to siphon data and make use of it for their own purposes, without notifying anyone about it.
They’re now making amends for it by modifying their privacy policy. Erin Egan, VP and Chief Privacy Officer, Policy, Facebook, writes in a Facebook press release that they’re making it easier for Facebook users to find data setting tools and change settings as per their preferences.
That’s in the spirit of the privacy agreement, directing people to access and make use of their own privacy settings. It should have been done before, but at least they’re doing it now. So are other large companies that all have your data.
This month, after the Facebook data breach was confirmed by Wylie Christoper, Cambridge Analytica and Facebook itself, a host of companies including Paypal, Microsoft, LinkedIn, Logitech and Slack have announced changes to their privacy policy too.
So in this article, we’re going to do two things. First, I’m going to share some sample privacy policy templates that you can download and modify, and some online privacy policy generators that will take your data and create a privacy policy for you, for free. Also listed are privacy best practices that you will likewise need to update on your website, web apps and mobile app privacy policy statements.
Secondly, you’ll find below a set of business app usage best practices that you should follow so that your own data (and that of your clients) is not tracked or compromised by the websites and apps you use.
Sample Privacy Policy Templates and Generators
First of all, I recommend you go and read Google’s privacy policy here (last updated Dec 17) and this privacy policy guidance, also from Google. Don’t lift it as is. Needs to be modified as per what information your business, website and your web and mobile apps collect, and how you use it. That’s the core of your privacy policy, along with a link to your privacy settings, so that users can go there and set it as per their preferences.
So all you have to do is find a sample privacy policy template (or you can hire a business law expert to do it for you) and modify it as per the best practices listed below.
1. Generic privacy policy template – Termsfeed (pdf- free download)
2. Sample privacy policy template – Better Business Bureau (copy-paste)
3. Website privacy policy – Indiafilings (pdf or MS-Word – free download)
4. Mobile app privacy policy generator – iubenda (online tool)
5. Privacy policy template generator – Privacypolicytemplate.net (online tool)
6. Privacy policy generator that factors in GDPR, CalOPPA and other privacy laws for many states, regions and countries – Termsfeed (online tool)
Post-Facebook Privacy Policy Best Practices
Take the privacy policy downloaded or generated above, and make sure they comply with the best practices below. It’s important in the “post-Facebook” era of complete transparency about how you collect and use data collected by your website and apps.
1. List all the information you collect. This includes personal information provided by users, information collected when people use your services, device information, server logs and other unique identifiers, and information collected by cookies placed on your system by browser / website /app usage.
2. Location information – Clearly state your intent to make use of GPS, IP address and other identifiers to help you locate your users.
3. Explain and explicitly state how you will use all the data collected – for contacting users, for showing them contextual and/or behavioral ads, for sending opt-in newsletters and other subscription options, etc.
4. Explain that you may be sharing the data collected with third-party providers who may have their own set of privacy policies which are different from your own.
This is where the web’s usual privacy policy disappears into a twilight zone, because everything you do and follow in terms of privacy is a complete waste if you’re going to handover the data to a third-party who doesn’t follow the same set of privacy rules. This is what happened to those 50 million people whose data slipped out through Facebook into a college professor’s app and then on to Cambridge Analytica, who then used it indiscriminately.
5. In the spirit of the agreement, state clearly that you will require any third-party provider who has access to your data will be subject to the same privacy policy that you are following. If you can’t enforce that, at least require the third-party to notify your user and get them to opt-in to the third-party privacy policy before the data gets used.
6. In your privacy policy and in your main menu, provide users a link to your privacy settings, if it’s that complex and has multiple choices that users can opt-in or opt-out of.
Business Website and Apps Usage Best Practices
Now put yourself at the other end, as the user. You’re reading this page on your laptop, mobile phone or tablet. You’ll be browsing a lot of sites and accessing all kinds of services, for both personal and business use, on all your devices. Do you know what data they’re accessing, and how they’re using it? How to stop sites like Facebook from collecting data and tracking you?
Listed below are a set of business website and apps usage best practices that you can follow to avoid being tracked and ending up being traded like so much other data on the web.
1. Proactively understand and modify the privacy policies of all the sites and apps you make use of. Here’s the links to the most common ones that you’re likely to be using – Google (Search, Gmail, Adwords, Adsense and Android), Youtube, Motorola, Samsung, Facebook, Snapdeal and Whatsapp, Twitter, Apple, Yahoo, Microsoft, Nokia, Slack, Paytm
2. Find and set the privacy policies of your device makers, ISP, telco, etc. For example, our corporate phone tie-up is with Vodafone, and our broadband Internet is provided by Airtel.
3. Install a strong anti-virus that blocks unwanted third-party cookies and other data collection schemes that you may not be aware of.
4. Make use of plugins and browser extensions that block contextual and behavorial ad networks from tracking you around. You can tweak it around to allow it for certain trusted websites that doesn’t bother you.
For example, Ghostery is a privacy browser extension for Chrome, Firefox, Opera and Edge. You can also use their Privacy App for iOS and Android. It will show you how many trackers each site is putting on you, and gives you the option to pause it or exempt the site you’re currently browsing from being blocked.
While looking up information for this article, I was on on an article from the Daily Mail, for which Ghostery shows there are 4 trackers. It’s a known site, and I don’t mind letting them track me, so I didn’t block it. But it at least gives you the information needed, and the option to restrict a site from placing trackers.
This is about all you need to do. Make use of the privacy settings provided to you, and maybe use an anti-virus and a browser plugin that keeps you safe and protects your privacy.
Note: You’re using all this information provided above at your own risk. You are advised to consult your lawyer or a corporate law expert first.
