Future of Privacy Forum’s Best Practices page is a central repository for privacy-related guidance documents, reports, codes of conduct, and other resources that can help you navigate complex issues and implement initiatives in privacy-protective ways.
Future of Privacy Forum
Future of Privacy Forum | Jan 2018
This guide provides companies a landscape view of potential algorithmic harms that should be considered when creating Data Protection Impact Assessments, as an obligation under the GDPR.
App Trust Project
Association for Competitive Technology | Jan 2012
A resource for developers when working to design transparency and notification systems in mobile apps.
Privacy Recommendations on the Go
California Attorney General | Jan 2013
A set of privacy practice recommendations to improve practices in the mobile marketplace and encourage app developers to consider privacy early in their development process.
Mobile User Privacy Bill of Rights
Electronic Frontier Foundation | Jan 2012
A list of rights and technical practices that developers can implement in order to respect user privacy.
Best Practices For Mobile App Developers
Future of Privacy Forum / Center for Democracy & Technology | Jan 2012
Guidelines for mobile app developers to build privacy into their apps, better inform and empower end-users, and foster trust and confidence in the mobile app ecosystem.
Mobile App Advertising Guidelines
Lookout Mobile Security | Jan 2012
A set of guidelines to help those building and integrating in-app mobile advertising technologies in order to understand what is acceptable and what is not in the mobile ecosystem.
Mobile Marketing Association | Jan 2012
Code of Conduct for Mobile App Transparency
National Telecommunications & Information Administration | Jan 2012
As chartered by the White House’s “Consumer Privacy Bill of Rights,” the NTIA-convened privacy multistakeholder process to develop a code of conduct in order to provide transparency in how companies providing applications and interactive services for mobile devices that handle personal data.
Seizing Opportunity: Good Privacy Practices for Mobile Apps
Office of the Privacy Commissioner of Canada | Jan 2012
The Office of the Privacy Commissioner of Canada and the Offices of the Information and Privacy Commissioner of Alberta and British Columbia released joint best practices guidance for designing and developing mobile apps.
Automotive Privacy Principles
Alliance of Automobile Manufacturers | Jan
Automakers believe that strong consumer data privacy protections are essential to maintaining the trust of our customers. Our Privacy Principles reflect a major step in protecting personal information collected in the vehicle.
Consumer Wearables and Wellness Apps and Devices
Corporate-Academic Data Sharing for Research
University of California Irvine – Lumos Labs Task Switching Project FPF Award for Research Data Stewardship
University of California Irvine – Lumos Labs Task Switching Project FPF Award for Research Data Stewardship | Jan 2020
Independent research on consumer data collected by private companies holds the keys to addressing many of the challenges facing our society today, but it must be done in a way that protects individual privacy. This document highlights the data protection procedures and processes present in a research collaboration between Lumos Labs and the University of California Irvine, which was recently awarded the FPF Award for Research Data Stewardship, as well as a number of lessons from the award-winning project that companies and academic researchers may apply to future data sharing collaborations.
FPF Best Practices and Contract Guidelines Help Companies Share Data with Academic Researchers
FPF Best Practices and Contract Guidelines Help Companies Share Data with Academic Researchers | Jan
To that end, FPF has published a list of best practices for companies that are considering sharing personal data with academic researchers. The Best Practices for Sharing Data with Academic Researchers were developed by FPF Corporate Academic Data Stewardship Research Alliance, a group of more than two dozen companies and organizations.
The best practices favor academic independence and freedom over tightly controlled research, and encourage broad publication and dissemination of research results, while protecting the privacy of individual research subjects. Specific best practices include having a written data sharing agreement, practicing data minimization, and developing a common understanding of relevant de-identification techniques, among many others.
In addition, FPF published Contract Guidelines for Data Sharing Agreements Between Companies and Academic Researchers. The guidelines cover best practices and sample language that can be used in contracts between a company that supplies data to one or more researchers for academic or scientific research purposes.
Digital Signage Federation | Jan 2011
Voluntary privacy guidelines recommended by DSF for digital signage and consumer-friendly interactive marketing.
Best Practices for Drone Use
Drones | Jan
A wide range of privacy groups and industry stakeholders participating in the National Telecommunications & Information Administration (NTIA) Multi-Stakeholder process concerning privacy, transparency, and accountability issues regarding commercial and private use of unmanned aircraft systems (drones) agreed on this set of best practices. The Future of Privacy Forum created an easy to read summary of the best practices to help educate drone operators.
Voluntary Best Practices for UAS Privacy, Transparency, and Accountability
Drones | Jan
A wide range of privacy groups and industry stakeholders participating in the National Telecommunications & Information Administration (NTIA) Multi-Stakeholder process concerning privacy, transparency, and accountability issues regarding commercial and private use of unmanned aircraft systems (drones) agreed on this set of best practices.
Student Privacy Pledge
Future of Privacy Forum and Software & Information Industry Association | Jan
The Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA) introduced a Student Privacy Pledge to safeguard student privacy regarding the collection, maintenance, and use of student personal information. The commitments are intended to concisely detail existing federal law and regulatory guidance regarding the collection and handling of student data, and to encourage service providers to more clearly articulate these practices.
Privacy Best Practices for Consumer Genetic Testing Services
23andMe, Ancestry, Helix, MyHeritage, and Habit | Jan 2018
Consumer genetic tests, tests that are marketed to consumers by private companies, have empowered consumers to learn more about their biology and take a proactive role in their health, wellness, ancestry, and lifestyle. When consumers expressly grant permission and provide an informed consent, they can choose to share their genetic data with responsible researchers to help them discover important breakthroughs in biomedical research, healthcare, and personalized medicine.
The Best Practices establish standards for genetic data generated in the consumer context by making recommendations for companies’ privacy practices that require:
- Detailed transparency about how Genetic Data is collected, used, shared, and retained including a high-level summary of key privacy protections posted publicly and made easily accessible to consumers;
- Separate express consent for transfer of Genetic Data to third parties and for incompatible secondary uses;
- Educational resources about the basics, risks, benefits, and limitations of genetic and personal genomic testing;
- Access, correction, and deletion rights;
- Valid legal process for the disclosure of Genetic Data to law enforcement and transparency reporting on at least an annual basis;
- Ban on sharing Genetic Data with third parties (such as employers, insurance companies, educational institutions, and government agencies) without consent or as required by law;
- Restrictions on marketing based on Genetic Data; and
- Strong data security protections and privacy by design, among others.
COPPA Program & Verifiable Parental Consent
Aristotle | Jan
A Federal Trade Commission (FTC) approved safe harbor provider for websites that control all of the technical services necessary to meet the updated Children’s Online Privacy Protection Act (COPPA) Rule’s standards.
Self-Regulatory Program for Children’s Advertising
Children’s Advertising Review Unit | Jan
The Children’s Advertising Review Unit’s (CARU) standards for advertising directed to children that ensure such ads are not deceptive, unfair or inappropriate.
Kids Privacy Online Seal
Entertainment Software Rating Board | Jan
The Entertainment Software Rating Board’s (ESRB) seal program establishes requirements if any part of a member company’s website is directed to children, or the company has actual knowledge that it collects personal information from children under 13 years of age.
kidSAFE | Jan
A “seal of approval” program that independently reviews and certifies the safety practices of child-friendly websites and technologies, including kid-targeted sites, social networks, apps, and other interactive and online products.
Best Practices for Kids Apps
MOMS with Apps | Jan
Guidelines created by the Association of Competitive Technology (ACT) for using a logo, which will signal to parents that the mobile app developers designed their app with privacy in mind.
Digital Signage Privacy Standards
Digital Signage Federation | Jan 2011
Guidelines related to data collection and use through digital signage for digital signature companies, partners, and host venues.
Mobile Location Analytics Code of Conduct
Future of Privacy Forum | Jan 2013
FPF has worked with a group of leading technology companies to develop best practices for mobile location analytics. These companies provide solutions to retailers by developing aggregate reports used to reduce waiting times at check-out, to optimize store layouts and to understand consumer shopping patterns. The reports are generated by recognizing the Wi-Fi or Bluetooth MAC addresses of cellphones as they interact with store Wi-Fi networks. The FPF worked with the technology companies to develop a Code to ensure that appropriate privacy controls are in place as retailers seek to improve the consumer shopping experience.
Guidelines for Conducting Mobile Market Research
ESOMAR | Jan 2012
Guidelines that cover the collection of information by mobile devices (i.e. mobile phones, tablets and other similar mobile computing devices) for market, opinion or social research purposes.
Best Practices for Protecting Individual Privacy in Conducting Survey Research
Information & Privacy Commissioner of Ontario | Jan 1999
The Information & Privacy Commissioner’ (IPC) collaborated with the Ministry of Labour and the Corporate Freedom of Information and Privacy Office of Management to develop best practices for survey research that involves the collection, retention, use, disclosure, and disposal of personal information.
RFID Best Practices
Center for Democracy & Technology | Jan 2006
Best practices designed to promote respect for consumer privacy in the growing use of Radio Frequency Identification (RFID) technology in commercial applications.
Guidelines for Mobile Ad Data
Digital Advertising Alliance | Jan 2013
Guidance for member companies on how the existing Digital Advertising Alliance’s Self-Regulatory principles apply to certain types of data in the mobile device environment.
Mobile Marketing Best Practices
Mobile Marketing Association | Jan 2013
A comprehensive list of Mobile Marketing Association’s mobile guidelines for marketing on the mobile platform.
Mobile Application Code
Network Advertising Initiative | Jan 2013
Guidance for member companies on how the Network Advertising Initiative’s Code applies to data practices in the mobile marketplace.
Mobile Web Best Practices Working Group
W3C | Jan 2010
As part of the “Mobile Web Initiative,” W3C members chartered a working group to develop a set of technical best practices and associated materials in support of the development of web sites that provide an appropriate user experience on mobile devices.
IMMA Privacy Reference Architecture
Ministry of Infrastructure and the Environment | Jan
This IMMA Privacy reference architecture unambiguously specifies and clearly explains the numerous statutory requirements related to privacy. It includes examples that can be used to translate the requirements to your specific situation. This guide was created in close co-operation with Considerati (legal advisors).
Email Delivery Best Practices
Direct Marketing Association | Jan 2005
Best practices for marketers that are seeking to maximize the delivery of communications with customers who have given their consent/permission to be contacted via e-mail.
Guidelines for Ethical Business Practice
Direct Marketing Association | Jan 2014
Guidelines that provide individuals and organizations involved in direct marketing with generally accepted principles of appropriate conduct.
Best Practices for Opt Outs
PrivacyChoice | Jan 2009
Self-regulatory rules of the road for advertising networks developed by PrivacyChoice.
Understanding Session Replay Scripts – a Guide for Privacy Professionals
Future of Privacy Forum | Jan 2018
Privacy researchers at Princeton University’s Center for Information Technology Policy (CITP) published the results of ongoing research demonstrating that many website operators are using third-party tools called “session replay scripts” to track visitors’ individual browsing sessions, including their keystrokes and mouse movements. These “session replay scripts,” typically used as analytics tools for publishers to better understand how visitors are navigating their websites, were found on 482 of the 50,000 most trafficked websites, including government (.gov) and educational (.edu)
Seal For The Web
Better Business Bureau | Jan
The Better Business Bureau’s (BBB) compliance program for member companies that must adhere to their Code of Business Practices, including its online standard.
Privacy Online Seal
Entertainment Software Rating Board | Jan
The Entertainment Software Rating Board (ESRB) requires its member companies obtain their Privacy Seal when collecting, using and disclosing personal information in the online context.
PrivacyChoice | Jan
PrivacyChoice’s analytic tool that scores websites based on their information disclosures and data tracking capabilities.
TRUSTe | Jan
The seal enables companies to safely collect and use customer data in order to power their digital business via TRUSTe’s certification that ensures compliance.
Privacy Smart Seal
Future of Privacy Forum & TRUSTe | Jan
Privacy guidelines to govern the collection, storage and disclosure of consumer energy data.
Social Media Disclosures
Cmp.ly | Jan
A start-up that provides several solutions to automate compliance and fulfill regulatory obligations in the social media space.
Bill of Privacy Rights for Social Network Users
Electronic Frontier Foundation | Jan 2010
Three basic privacy-protective principles that the Electronic Frontier Foundation (EFF) believes social network users should demand when using these services.
Social Privacy Seal
Gigya | Jan
A certification seal of data management practices for online sites or services that use social login to authenticate users.
Social Media Guidelines & Best Practices
Department of Health & Human Services | Jan 2010
How to use text messaging to disseminate health messages according to the Centers for Disease Control and Prevention (CDC).