For more information about this process, please see the blog post at https://funnymonkey.com/2018/privacy-postcards-or-poison-pill-privacy
Please use and modify this structure. The structure is released into the public domain under a CC0 license: https://creativecommons.org/publicdomain/zero/1.0/
0. General Information
- Name of Service:
- Android App
- Policy Effective Date:
1. App permissions
Screenshot of selected app permissions, pulled from the Google Play store. The iOS store from Apple does not support the transparency of the Google Play store.
The listing of app permissions is useful because it highlights some of the information that the service collects. The listing of app permissions is not a complete list of what the service collects, nor does it provide insight into how the information is used, shared, or sold. However, the breakdown of app permissions is a good tool to use to get a snapshot of how well or poorly the service limits data collection to just what is needed to deliver the service.
2. Access contacts
Keywords: contact, friend, list, access
3. Law enforcement
Keywords: legal, law enforcement, comply
4. Location information and Device IDs
Keywords: location, zip, postal, identifier, browser, device, ID, street, address
5. Data Combined from External Sources
Keywords: combine, enhance, augment, source
6. Third Party Collection
Keywords: third, third party, external, partner, affiliate
7. Social Sharing or Login
Keywords: login, external, social, share, sharing
8. Education-specific Language
Keywords: parent, teacher, student, school, , family, education, FERPA, child, COPPA
Because this list of concerns is incomplete, and there are other problematic areas, we need a place to highlight these concerns if and when they come up. When I use this structure, I will use this section to highlight interesting elements within the terms that don't fit into the other sections.
If, however, there are elements in the other sections that are especially problematic, I probably won't spend the time on this section.
10. Summary of Risk
This section is used to summarize the types of privacy risks associated with the service. As with this entire process, the goal here is not to be comprehensive. Rather, this section highlights potential risk, and whether those risks are in line with what a service does. IE, if a service collects location information, how is that information both protected from unwarranted use by third parties and used to benefit the user?