Many people ignore reading privacy policies, so we’re here to inform you of key points of the privacy policies of frequently used apps, services, and platforms. Similar to the excitement at the World Cup, we’re bringing you a Sweet Sixteen, but this time, it’s privacy policies.
We’ve explored the first eight here, and you can look forward to future insights on the final eight in our next post! Check out the second part of our series here!
1. Google — May 25, 2018
The scoop: Google collects the following, among other forms of data:
- Voice and audio information when you use audio features
- People with whom you communicate or share content
- Activity on third-party sites and apps that use their services
- IP address
Google states this information is used to build better services, measure performance, and communicate with users. Google also offers a way for users to update, review, and manage their information.
2. AppDynamics — May 25, 2018
The company states that it collects the following information:
- Device information
- Location information
- Information from visits to our websites
- Information from your use of products
- Information received from other sources
What stands out about AppDynamics their unique page for EU residents directly affected by the GDPR. This page highlights the steps that the company has taken to comply and the key features that affect data subjects. AppDynamics also lists subprocessors of their system — a required addition for GDPR compliance.
3. Snap Inc. — May 15, 2018
4. Cloudera — May 25, 2018
5. Lyft — February 8, 2017
Although Lyft does not operate in the EU, they have done nothing to advise their users on how their data is handled since the release of the GDPR. As shown by their last policy update being in February of 2017, Lyft is not taking steps towards providing transparency for its users and their personal data. However, Lyft does well to include information about the data they collect and how it’s shared between drivers and riders. In order to be compliant and gain customers trust, Lyft must take many steps towards transparency. Currently, Lyft’s policy states that users can only review and edit certain account information — not personal data.
Unfortunately, there’s no option to delete the personal data the company has stored on you. Users are allowed to delete their Lyft account through the help center, but this is no guarantee that their personal data is actually erased.
6. jetBlue — July 1, 2018
- Information collected by tracking technologies
- Web beacons (“Tracking Pixels”)
- Location-identifying technologies
- Voice-processing technologies
- Device fingerprinting
7. Pinterest — June 29, 2018
“Whenever you use any website, mobile application or other internet service, certain information gets created and logged automatically. The same is true when you use Pinterest. Here are some of the types of information we collect: user given data, logs, cookies, devices, and information from partners and advertisers”
The company states that it uses this data to recommend content, suggest other people to connect with, conduct analysis, and improve the application. Additionally, Pinterest claims to have a legitimate interest in the customer when using data to deliver relevant ads and inform ad partners of how they’re performing with certain user bases. The company also informs partners as to what you may be interested in — based on your behavior in the application.
In terms of access and deletion requests, Pinterest states:
If you’re an EEA user, you can:
- Access the information we hold about you. We’ll usually share this with you within 30 days of you asking us for it
- Have your information corrected or deleted. You can update your information in your settings. If you have problems updating the information or if you would like us to delete it, contact us
- Object to us processing your information
- Complain to a regulator
8. Dollar Shave Club — May 25, 2018
Dollar Shave club shares an interesting relationship with their customers. As a company that offers shaving products, you might think that they don’t have a controller relationship with customer data. However, as a company that uses digital marketing and operates under the GDPR, they have many obligations to their customers.
Dollar Shave Club has 2 unique privacy policies, one for the US, and one for the EU. Their European policy includes information regarding rights specific to European residents including the right to be informed, the right to erasure, the right to restrict processing, and more.
Post-GDPR, almost all companies are supplying users with information about their methods of obtaining data as well as how the information is used and stored. Companies looking to comply with the GDPR must offer information and access to exporting and deleting personal data from their systems. Companies with high user satisfaction also provide easy access for opting out of marketing and other communication.
The most forward-thinking policies include information about the company’s compliance with the GDPR — including appointing Data Protection Officer — and future data regulation, such as the CCPA.
Many privacy policies still fail to include necessary information about subproccessors and access or deletion of personal data. However, users are beginning to expect higher standards for transparency when trusting companies with their data. The Age of Privacy requires transparency. This starts with the governing framework defining how data will be acquired, used, and sold.
Check out the second part of our series here!