Browse all articles

Building a Better Nutrition Label for Privacy

Learn to look for the best privacy practices with our standard privacy reports.

Girard Kelly | August 10, 2020

Privacy policies are often long and difficult to read, but they are also a critical part of every product -- just like nutrition labels -- that inform parents and educators about what data each product collects and what promises a company makes about how they use that data. Just like nutrition labels, privacy policies are meant to be read before the product is used, not after. When companies create a privacy policy for a product, they need to consider hundreds of issues, such as the intended users, the types of data the product collects, third parties that data is shared with, and how the company or third parties can use the data.

We spoke with hundreds of parents and educators who told us that reading and understanding privacy policies is hard enough, but trying to compare the privacy practices of multiple products in a standard way is close to impossible. As a result, we designed our privacy ratings and a standard privacy report to simplify the process of reading privacy policies and displaying a product's expected privacy practices in a single format -- much like a nutrition label -- to help parents, educators, and companies understand the unique privacy practices of a product and easily compare privacy practices between products.

We have two types of standard privacy reports: a basic standard privacy report, which displays the most important 35 evaluation questions, and a more comprehensive full standard privacy report, which displays 155 evaluation questions. A basic standard privacy report addresses the most important privacy and security questions about a product, using our basic evaluation questions. It includes an overall score, strengths and weaknesses scored with category-based concerns, and the product's privacy rating.

We believe that displaying this information in a standard format that's easy to read enables parents, teachers, schools, and districts to make a more informed decision, based on their own needs, about whether to use a particular product. Our privacy ratings also break down a product's evaluation details to provide enough product detail and information for every user at the right decision point, given their awareness and understanding of privacy. 

However, parents and educators need to be aware that basic evaluations do not answer all possible questions of a full 155-point product evaluation, but basic evaluations can still be easily compared to both basic or full evaluations because every product we rate displays a full standard privacy report indicating if we did not answer a question because it's a basic evaluation. In addition, all basic and full privacy evaluations share the same evaluation scores, evaluation concerns, and privacy ratings.

The example basic standard privacy report below illustrates the best privacy practices that parents and educators can expect from an application or service that collects personal information from children or students. You can also learn more about our ratings with several examples of a full privacy evaluation that have better or worse practices with either a Pass or Warning rating.

Overall score

Every privacy rating includes an overall evaluation score. A higher score (up to 100%) means the product provides more transparent privacy policies with better practices to protect user data. The score is best used as an indicator of how much additional work is necessary to make an informed decision about a product. The following example product earned one of our highest possible evaluation scores (99%), which is less than 100% for our evaluation process because collecting personal information and education records from children and students still increases risk.

Concerns

Our privacy evaluation process summarizes an application's or service's policies into different evaluation concern categories based on a subset of all our evaluation questions that can be used to quickly identify particular strengths and weaknesses of a company’s practices. These concerns are composed of evaluation questions that can be used to calculate scores relative to that particular concern.

Note: This example product disclosed that they collect personal information from children and education records from students, and that potential risk is the reason several concern categories below have scores less than 100%.

Every privacy evaluation also breaks down the strengths and weaknesses of each product's privacy practices into standard privacy concern labels. Each label displays a concern category name, concern score, related concern question, and all better or worse practices (with icons for that concern) so products can easily be compared in order to make a more informed decision.

Standard privacy report card

Each product's privacy evaluation has its own standard privacy report card (shown below). Similar to a nutrition label, each privacy report card displays the product's privacy score and rating up top and the most important privacy practices in a standard easy-to-read format with icons that can be used to compare against other products. The report card can also be customized to display a different list of the top three concerns (data safety, data rights, and ads & tracking) and the better or worse privacy practices of each concern that matter most to parents, educators, or consumers.

Rating icon for Pass 99% Rating label for Pass

DATA SAFETY DATA RIGHTS ADS & TRACKING
How safe is this product? What rights do I have to the data? Are there advertisements or tracking?
Better Users cannot interact with trusted users and/or students. Better Opt-in consent is requested from users at the time personal information is collected. Better Data is not shared for third-party advertising and/or marketing.
Better Users cannot interact with untrusted users, including strangers and/or adults. Better Users can control their information through privacy settings. Better Traditional or contextual advertisements are not displayed.
Better Profile information is not shared for social interactions. Better Users cannot create or upload content. Better Behavioral or targeted advertising is not displayed.

Basic standard privacy report

The following standard privacy report is displayed for educational purposes only to illustrate all the better basic evaluation privacy practices that a product's privacy policy should include that would earn our best privacy rating, highest overall score, and highest concern scores.

1.0 Transparency

1.1 Policy version

BetterPrivacy policies do indicate a version or effective date.

1.8 Intended use

BetterIntended for children younger than 13.

BetterIntended for students.

2.0 Focused collection

2.1 Data collection

Worse Personally identifiable information (PII) is collected.

2.4 Data limitation

BetterCollection or use of data is limited to product requirements.

3.0 Data sharing

3.1 Data shared with third parties

BetterCollected information is shared with third parties.

BetterThe categories of information shared with third parties are indicated.

3.2 Data use by third parties

BetterData is not shared for third-party advertising and/or marketing.

3.4 Data sold to third parties

BetterData is not sold or rented to third parties.

3.14 Third-party authentication

BetterSocial or federated login is not supported.

3.16 Third-party contractual obligations

BetterContractual limits are placed on third-party data use.

4.0 Respect for context

4.1 Data use

BetterUse of information is limited to the purpose for which it was collected.

5.0 Individual control

5.1 User content

BetterUsers cannot create or upload content.

6.0 Access and accuracy

6.1 Data access

BetterProcesses to access and review user data are available.

6.3 Data correction

BetterProcesses to modify inaccurate data are available.

6.5 Data deletion

BetterProcesses for the school, parent, or student to delete data are available.

7.0 Data transfer

7.1 Data handling

BetterUser information cannot be transferred to a third party.

8.0 Security

8.2 User account

BetterAccount creation is required.

BetterParental controls or managed accounts are available.

8.4 Data confidentiality

BetterIndustry best practices are used to protect data.

8.5 Data transmission

BetterAll data in transit is encrypted.

8.6 Data storage

BetterAll data at rest is encrypted.

8.7 Data breach

BetterNotice is provided in the event of a data breach.

9.0 Responsible use

9.1 Social interactions

BetterUsers can interact with trusted users and/or students.

9.2 Data visibility

BetterPersonal information is not displayed publicly.

9.3 Monitor and review

BetterUser-created content is filtered for personal information before being made publicly visible.

BetterSocial interactions between users are moderated.

10.0 Advertising

10.2 Traditional advertising

BetterTraditional or contextual advertisements are not displayed.

10.3 Behavioral advertising

BetterBehavioral or targeted advertising is not displayed.

10.4 Ad tracking

BetterData is not collected by third-party advertising or tracking services.

BetterData is not used to track and target advertisements on other third-party websites or services.

BetterData profiles are not created and used for data enhancement, and/or targeted advertisements.

11.0 Compliance

11.2 Students in K–12

BetterProduct is primarily used by, designed for, and marketed to students in grades preK–12.

11.3 Parental consent

BetterParental consent is required.

BetterParental consent notice and method for submission are provided.

To learn more about our full standard privacy report, you can read an example of one from our example of better practices with "Pass" rating.

* Image copyright attribution: U.S. Food and Drug Administration, The New Nutrition Facts Label, https://www.fda.gov/food/nutrition-education-resources-materials/new-nut....