Mozilla’s Draft Privacy & Data Operating Principles
01/12/2011 8 Comments
Next Steps in Mozilla’s Ongoing Efforts to Put People in Charge of Their Privacy
As Mozilla’s new privacy lead, there are a number of new and existing initiatives that I will be tackling. This month, in particular, will be extra busy with comments due to both the FTC and Commerce, Data Privacy Day, as well as a number of internal activities underway. I will be using this blog to post updates on our work and seek community input, as well as to share my experiences as a privacy officer in Silicon Valley.
Mozilla has a long history of taking privacy seriously. The topic is well grounded in Mozilla’s principle-over-profit mission to build an Internet where the individual is respected and has choices. We approach privacy from the perspective of putting people in control and advocating for their ability to shape the future of the web. This comes through our commitment to support a vibrant add-on ecosystem with powerful third party tools like Adblock Plus and Ghostery, our work on privacy icons and making privacy policies not suck, leadership on geolocation privacy, and, among other examples, convening open forums with the community to collaborate on privacy and security solutions. I’m fortunate to be working with a number of people here who have strong professional credentials and personal commitments to online privacy. Working together to engage with the broader Mozilla community on fostering greater user transparency and choice will be one of my primary roles.
As I begin my second week with Mozilla, one of my first tasks is to finalize and roll out Mozilla’s Privacy & Data Operating Principles to inform our data handling practices and product decisions. In the rapid pace of development that defines today’s Web, we believe grounding our work in a set of guiding principles will be vital to maintaining internal vigilance, as well as enhancing privacy-related considerations in the development process.
Following an internal privacy review last summer that looked at a broad range of privacy-related organizational risks and controls, Mozilla formed a working group comprised of representatives from across the organization to develop a set of guiding principles. Drafts underwent a number of iterations based on input generated through open meetings and presentations.
I am sharing them now, in draft form, to seek broader input from the community. The current draft is focused on these five objectives:
- No Surprises. Only use and share information about our users for their benefit and as disclosed in our notices.
- Real Choices. Give our users actionable and informed choices by informing and educating at the point of collection and providing a choice to opt-out whenever possible.
- Sensible Settings. Establish default settings in our products and services that balance safety and user experience as appropriate for the context of the transaction.
- Limited Data. Collect and retain the least amount of information necessary for the feature or task. Try to share anonymous aggregate data whenever possible, and then only when it benefits the web, users, or developers
- User Control. Do not disclose personal user information without the user’s consent. Advocate, develop and innovate for privacy enhancements that put people in control over their information and online experiences.
A potential sixth principle that we’ve been discussing would address third party service providers to Mozilla. In other words, we make privacy a factor in selecting and interacting with third parties. I believe this is of vital importance, but think it’s covered if we require the first five principles to be honored by third party service providers contracted by Mozilla.
Questions for your consideration and input: Are these the right principles? Do they cover the areas that you care about? Will they drive us to develop better products and features? Are we missing anything critical? How do we think about guidelines, policies or standards to best guide our decisions without hampering the course and speed of innovation?
Once finalized, we will translate these principles into various communications, training and implementing tools to support the work of our teams across Mozilla. I expect a number of new projects to follow in the areas of online notices, user choices, security and data governance, not to mention a variety of privacy enhancing features and tools implemented in our great software products and services.
I’m excited to be a part of Mozilla and look forward to hearing your comments on these principles, as well as working with you in this new year and beyond.
Alex Fowler
About firstpersoncookie
This is great work – one question:
Is principle 4 (somewhat) in violation of principle 1?
Principle 4: Try to share anonymous aggregate data whenever possible, and then only when it benefits the web, users, or developers
Principle 1: Only use and share information about our users for their benefit and as disclosed in our notices.
Sounds like we should not collect and/or share information about our users if it’s not purely benefiting them – i.e. you should not come to a position where we have user data which we want to share for the benefit of the Web or developers (as this is not necessarily for the benefit of the user).
Good catch! I think the distinction is that Principle 1 is focused on personal information, whereas Principle 4 focuses on anonymous aggregate data. We need to make that distinction clearer. Also, the additional significance behind Principle 4 is that Mozilla is intent on going beyond others in limiting the collection of even anonymous information without a clear purpose. Thanks for your comment.
I’m not sure if number 3 would really constitute a principle in my eyes. The “appropriate for the context” is kind-of making this a “whatever” rule.
Looking at the other points, I guess that 1 and 4 really make the difference to what’s appropriate for the context. Does 3 add value to the two?
Given how often privacy choice mechanisms are being articulated as very blunt instruments these days, e.g. “Do Not Track,” I would hope to see anyone in your position consider “Do No Harm” as one of their guiding privacy principles. Some of the ideas on the table these days would do great harm to a site’s ability to secure its customers’ information, e.g. perform adequate anti-fraud risk management.
It would be useful to see a principle on compatibility with other developers of privacy tools and services. For example, if a user sets this up in MSIE…
http://blogs.msdn.com/b/ie/archive/2010/12/07/ie9-and-privacy-introducing-tracking-protection-v8.aspx
then switches to Firefox, keep the protection settings.
One additional principle I thought of is regarding responsiveness to community/user base regarding privacy. The web will continue to evolve and no company is immune from change or mitigating all threats (especially the unknown). I wonder if a 6th principle around forward thinking / iteration / feedback / continuous improvement would be helpful/interesting? I wish more companies had similar stated principles as those listed here. Great work!
How about fixing the third party cookie tracking issues. For example in order to use most web sites to the best advantage , one must use third party cookies even if using the in-private browsing feature. How about a one button to wipeout of the tracking cookies so that I can really go from place to place in private instead of having to go into the options every time I dart off to another site. It’s so painful.
Thanks for your comment. I guess I would say our announcement to explore the HTTP header approach doesn’t signal a move away from other ways to improve online privacy via the browser. Firefox users already have a number of privacy-enhancing settings, features and add-ons available to them, many that try to fix cookie tracking issues or provide private browsing. For the foreseeable future, many of these configurable privacy points or capabilities will co-exist. This presents an important challenge for us, collectively, to educate users and help them to select those settings appropriate to their needs and that enhance their web experience.