Table of Contents
- Definitions
- Introduction
- Terms of Service and Privacy Policy Documents
- Terms of Service and Privacy Policy Change Notification
- Process for Terms of Service Enforcement
- Transparency About Terms of Service Enforcement
- Identity Policy
- Security Oversight
- Third-Party Requests for User Data
- Data Control
- Data Collection
- Minimal Data Collection
- Data Use
- Data Retention and Deletion
- Threat Notification
- User Notification About Third-Party Requests for User Information
- Transparency Reporting
- Governance
- Open Source
- Interoperability
- Ownership
- Resale
- Functionality Over Time
- Privacy by Default
- Best Build Practices
- Authentication
- Encryption
- Known Exploit Resistance
- Vulnerability Disclosure Program
- Security Over Time
- Product Stability
- Personal Safety
- Open Innovation
- Business Model
- Repair Accessibility
- Repair Penalty
- Data Benefits
Transparency About Terms of Service Enforcement
Criteria: I know how often the company or organization unilaterally closes user accounts.
See this test in action:
Indicators
- The company or organization publishes data about the number of accounts it restricts or closes on its own initiative.
- The company or organization publishes data about the number of accounts it restricts or closes as a result of a government request.
- The company or organization publishes data about the number of accounts it restricts or closes as a result of a request from private third-parties.
- The company or organization clearly discloses that it notifies users when it restricts or closes user accounts.
Methodology for Assessing Each Indicator
1) The company or organization publishes data about the number of accounts it restricts or closes on its own initiative.
- Obtain and review a copy of the product’s terms of service.
- Review the terms of service to locate any information describing data reporting requirements and processes regarding the number of accounts the company restricts or closes.
- Look for a transparency report published in relation to the product. This should be listed on the website, likely under a “Legal” tab.
- If the company does publish a transparency report, check if it contains information about account restrictions or closures. Note: indicators 1, 2, and 3 under this test discuss information that may be available in a transparency report. The difference between each indicator is based on what actor makes the request to restrict or close an account: the company, a government actor, or a private third-party organization.
- The Digital Standard contains tests specific to criteria for transparency reporting. Refer to those tests for more information on the role these reports play in evaluating privacy and security.
- If the company publishes information about the number of accounts it restricts or closes on its own initiative, mark PASS.
- If the company does not publish information about account restrictions or closures on its own initiative, mark FAIL.
2) The company or organization publishes data about the number of accounts it restricts or closes as a result of a government request.
- Review the terms of service for information on data reporting requirements and processes.
- Look for a transparency report published in relation to the product. This should be listed on the website, likely under a “Legal” tab.
- If the company does publish a transparency report, check if it contains information about account restrictions or closures as a result of a government request.
- The Digital Standard contains tests specific to criteria for transparency reporting. Refer to those tests for more information on the role these reports play in evaluating privacy and security.
- If the company publishes information about the number of accounts it restricts or closes as a result of a government request, mark PASS.
- If the company does not publish information about account restrictions or closures as a result of a government request, mark FAIL.
3) The company or organization publishes data about the number of accounts it restricts or closes as a result of a request from private third-parties.
- Review the terms of service for information on data reporting requirements and processes.
- Look for a transparency report published in relation to the product. This should be listed on the website, likely under a “Legal” tab.
- If the company does publish a transparency report, check if it contains information about account restrictions or closures as a result of a request from private third-parties.
- The Digital Standard contains tests specific to criteria for transparency reporting. Refer to those tests for more information on the role these reports play in evaluating privacy and security.
- If the company publishes information about the number of accounts it restricts or closes as a result of a request from private third-parties, mark PASS.
- If the company does not publish information about account restrictions or closures as a result of a request from private third-parties, mark FAIL.
4) The company or organization clearly discloses that it notifies users when it restricts or closes user accounts.
- Review the terms of service for information on requirements and processes for notifying users regarding account restrictions or closures.
- Look for a transparency report published in relation to the product. This should be listed on the website, likely under a “Legal” tab.
- If the company does publish a transparency report, check if it contains information about user notification requirements or processes for account restrictions or closures.
- The Digital Standard contains tests specific to criteria for transparency reporting. Refer to those tests for more information on the role these reports play in evaluating privacy and security.
- If the company clearly discloses that it notifies users when it restricts or closes user accounts, mark PASS.
- If the company does not clearly disclose that it notifies users when it restricts or closes user accounts, mark FAIL.