The Principles



Principle 1. Introduce Yourself

Developers should clearly identify themselves and provide mechanisms for users to easily connect and interact on privacy issues. Developers should not seek to mislead users or to hide their identities.

Developer Best Practice

  • Identify yourself in a conspicuous way when a user first accesses an application or service.
  • Provide an in-app mechanism or pointer to access detailed privacy policy information.
  • Specifically provide a contact mechanism for privacy related questions.
  • Privacy policies should be short and concise, but complete, and in plain and simple language.
  • Privacy policies can include greater detail linked under high level topic summaries.

Principle 2. Inform Before Access

Developers should not access or allow access to any user content or private user data without informing the user in advance in clear and simple language. This includes clearly establishing the user’s identity before allowing them access to their previously shared personal data or content.

Developer Best Practice

  • At a minimum, this includes obtaining and later verifying a unique user name and password.
  • Developers should not allow third party access through their application without notice.
  • Notice should be particularly conspicuous where data access could be unanticipated by the user.

Principle 3. Obtain Explicit Consent

Developers should obtain consent before accessing user content or private user data. Developers should explain in clear and simple language what user content or private user data will be accessed and what it will be used for (including uses beyond the service involved), including what service limitations would result from denied permission, before asking for user consent.

Developer Best Practice

  • Best practice is a limited, general consent at install for base-level data access.
  • Best practice is to obtain further specific consent as features are enabled or configured.
  • Developers should get specific consent for data which users could find sensitive (e.g. location).
  • Developers should explicitly gain consent and identify any data accessed when the app is not in use.

Principle 4. Explain Data Retention Practices

Developers should indicate whether specific data use will be transient (queried, used, and immediately forgotten) or retained, and whether data will be stored locally on the user’s device or transmitted and stored remotely.

Developer Best Practice

  • Best Practice is to provide a UI cue when non-obvious data access is taking place.
  • Data retention time-limits should be part of your privacy statement.
  • Legal or regulatory compliance obligations that impact retention should be clearly stated.

Principle 5. Disclose Who Else Might Have Access to Data

If user content or private user data will be shared with third parties, developers should inform users of the obligations they will impose on those involved, the purpose for sharing, the names or attributes of the third parties involved, and seek consent in advance of access.

Developer Best Practice

  • Developers should clearly explain any legal obligations that might force third party disclosure.

Principle 6. Provide Notification of Changes & Significant Events

Developers should inform users in the event of breach, legal process, or a change in practice or business control that implicates user content or private user data, the developer/user relationship, or privacy policies.

Developer Best Practices

  • Developers should re-inform and seek additional consent for any material change in practices.
  • Notifications should be timely to reduce the potential damage to everyone involved.



Principle 7. Secure Your Systems

Cybersecurity and physical security measures should be taken to ensure systems integrity. Industry best practices should be in place throughout the development process.

Developer Best Practice

  • Reference & adherence to industry standards & certifications is recommended.
  • Acknowledge the risk of breach.

Principle 8. Design Systems to Mitigate Damage

Developers should explicitly acknowledge the risk of breach, and should take steps to minimize the damage to users and themselves, and limit the value to attackers, when designing systems.

Developer Best Practice

  • Encrypt data at rest.
  • Encrypt sensitive data in transit

Principle 9. Plan for Failures

Backup and remote storage procedures should be in place to ensure continuity and resilience in the event of system failures.

Developer Best Practice

  • Data retention time-limits should be implemented as defined.
  • Data destruction procedures should be in place throughout the data control chain.



Principle 10. Be a Good Custodian

Developers should act on the user’s behalf in protecting and defending user content or private user data under their control.

Developer Best Practice

  • Developers should use all legal means to defend data from unauthorized access.
  • Some data categories are explicitly regulated (e.g. health, finance, children, etc.): know the law.
  • Where appropriate, consider storing and using shared data in anonymized form.

Principle 11. Respect the Rights of Users to Control or Influence How Data Is Used

Developers should provide users with the ability to access, retrieve, or permanently delete their content and private user data, and should carefully consider user impacts when deciding how shared data is used.

Developer Best Practice

  • Developers should provide a simple means for users to rescind consent or delete their account.
  • Developers should provide a simple means to remove apps and service data from user devices.
  • Developers should avoid using shared data in ways they know a user would not approve.