Learn to look for the best privacy practices with our standard privacy reports.
Privacy policies are often long and difficult to read, but they are also a critical part of every product -- just like nutrition labels -- that inform parents and educators about what data each product collects and what promises a company makes about how they use that data. Just like nutrition labels, privacy policies are meant to be read before the product is used, not after. When companies create a privacy policy for a product, they need to consider hundreds of issues, such as the intended users, the types of data the product collects, third parties that data is shared with, and how the company or third parties can use the data.
We spoke with hundreds of parents and educators who told us that reading and understanding privacy policies is hard enough, but trying to compare the privacy practices of multiple products in a standard way is close to impossible. As a result, we designed our privacy ratings and a standard privacy report to simplify the process of reading privacy policies and displaying a product's expected privacy practices in a single format -- much like a nutrition label -- to help parents, educators, and companies understand the unique privacy practices of a product and easily compare privacy practices between products.
We have two types of standard privacy reports: a basic standard privacy report, which displays the most important 35 evaluation questions, and a more comprehensive full standard privacy report, which displays 155 evaluation questions. A basic standard privacy report addresses the most important privacy and security questions about a product, using our basic evaluation questions. It includes an overall score, strengths and weaknesses scored with category-based concerns, and the product's privacy rating.
We believe that displaying this information in a standard format that's easy to read enables parents, teachers, schools, and districts to make a more informed decision, based on their own needs, about whether to use a particular product. Our privacy ratings also break down a product's evaluation details to provide enough product detail and information for every user at the right decision point, given their awareness and understanding of privacy.
However, parents and educators need to be aware that basic evaluations do not answer all possible questions of a full 155-point product evaluation, but basic evaluations can still be easily compared to both basic or full evaluations because every product we rate displays a full standard privacy report indicating if we did not answer a question because it's a basic evaluation. In addition, all basic and full privacy evaluations share the same evaluation scores, evaluation concerns, and privacy ratings.
The example basic standard privacy report below illustrates the best privacy practices that parents and educators can expect from an application or service that collects personal information from children or students. You can also learn more about our ratings with several examples of a full privacy evaluation that have better or worse practices with either a Pass or Warning rating.
Overall score
Every privacy rating includes an overall evaluation score. A higher score (up to 100%) means the product provides more transparent privacy policies with better practices to protect user data. The score is best used as an indicator of how much additional work is necessary to make an informed decision about a product. The following example product earned one of our highest possible evaluation scores (99%), which is less than 100% for our evaluation process because collecting personal information and education records from children and students still increases risk.
Concerns
Our privacy evaluation process summarizes an application's or service's policies into different evaluation concern categories based on a subset of all our evaluation questions that can be used to quickly identify particular strengths and weaknesses of a company’s practices. These concerns are composed of evaluation questions that can be used to calculate scores relative to that particular concern.
Note: This example product disclosed that they collect personal information from children and education records from students, and that potential risk is the reason several concern categories below have scores less than 100%.
| Concern | Full Score |
|---|---|
| Data collection | 85% |
| Data sharing | 100% |
| Data security | 100% |
| Data rights | 100% |
| Data sold | 100% |
| Data safety | 100% |
| Ads & tracking | 100% |
| Parental consent | 100% |
| School purpose | 95% |
Every privacy evaluation also breaks down the strengths and weaknesses of each product's privacy practices into standard privacy concern labels. Each label displays a concern category name, concern score, related concern question, and all better or worse practices (with icons for that concern) so products can easily be compared in order to make a more informed decision.
Standard privacy report card
Each product's privacy evaluation has its own standard privacy report card (shown below). Similar to a nutrition label, each privacy report card displays the product's privacy score and rating up top and the most important privacy practices in a standard easy-to-read format with icons that can be used to compare against other products. The report card can also be customized to display a different list of the top three concerns (data safety, data rights, and ads & tracking) and the better or worse privacy practices of each concern that matter most to parents, educators, or consumers.
| DATA SOLD | DATA RIGHTS | ADS & TRACKING |
| Is the data sold? | What rights do I have to the data? | Are there advertisements or tracking? |
 Data are not sold or rented to third parties. |
Users can control their data through privacy settings. |
Data is not shared for third-party marketing. |
| Data are not shared for research and/or product improvement. |
Processes to download user data are available. |
Behavioral or targeted advertising is not displayed. |
| Users can opt out from the disclosure or sale of their data to a third party. |
Processes to delete user data are available. |
Data is not used to track and target advertisements on other third-party websites or services. |
Read the full privacy evaluation.
Basic standard privacy report
The following standard privacy report is displayed for educational purposes only to illustrate all the better basic evaluation privacy practices that a product's privacy policy should include that would earn our best privacy rating, highest overall score, and highest concern scores.
1.0 Transparency
1.1 Policy version
Privacy policies do indicate a version or effective date.
1.8 Intended use
Intended for children younger than 13.
Intended for students.
2.0 Focused collection
2.1 Data collection
Personally identifiable information (PII) is collected.
2.4 Data limitation
Collection or use of data is limited to product requirements.
3.0 Data sharing
3.1 Data shared with third parties
Collected information is shared with third parties.
The categories of information shared with third parties are indicated.
3.2 Data use by third parties
Data is not shared for third-party advertising and/or marketing.
3.4 Data sold to third parties
Data is not sold or rented to third parties.
3.14 Third-party authentication
Social or federated login is not supported.
3.16 Third-party contractual obligations
Contractual limits are placed on third-party data use.
4.0 Respect for context
4.1 Data use
Use of information is limited to the purpose for which it was collected.
5.0 Individual control
5.1 User content
Users cannot create or upload content.
6.0 Access and accuracy
6.1 Data access
Processes to access and review user data are available.
6.3 Data correction
Processes to modify inaccurate data are available.
6.5 Data deletion
Processes for the school, parent, or student to delete data are available.
7.0 Data transfer
7.1 Data handling
User information cannot be transferred to a third party.
8.0 Security
8.2 User account
Account creation is required.
Parental controls or managed accounts are available.
8.4 Data confidentiality
Industry best practices are used to protect data.
8.5 Data transmission
All data in transit is encrypted.
8.6 Data storage
All data at rest is encrypted.
8.7 Data breach
Notice is provided in the event of a data breach.
9.0 Responsible use
9.1 Social interactions
Users can interact with trusted users and/or students.
9.2 Data visibility
Personal information is not displayed publicly.
9.3 Monitor and review
User-created content is filtered for personal information before being made publicly visible.
Social interactions between users are moderated.
10.0 Advertising
10.2 Traditional advertising
Traditional or contextual advertisements are not displayed.
10.3 Behavioral advertising
Behavioral or targeted advertising is not displayed.
10.4 Ad tracking
Data is not collected by third-party advertising or tracking services.
Data is not used to track and target advertisements on other third-party websites or services.
Data profiles are not created and used for data enhancement, and/or targeted advertisements.
11.0 Compliance
11.2 Students in K–12
Product is primarily used by, designed for, and marketed to students in grades preK–12.
11.3 Parental consent
Parental consent is required.
Parental consent notice and method for submission are provided.
To learn more about our full standard privacy report, you can read an example of one from our example of better practices with "Pass" rating.
* Image copyright attribution: U.S. Food and Drug Administration, The New Nutrition Facts Label, https://www.fda.gov/food/nutrition-education-resources-materials/new-nu….
