Many Internet companies have extraordinary access to individuals’ personal data – their actions, their friends, their preferences, their interests – and their most intimate secrets. These companies should handle this access responsibly.
许多互联网公司对个人的个人数据-他们的行为、朋友、偏好、兴趣-以及他们最私密的秘密拥有非常寻常的访问权限。这些公司必须负责任地处理这种访问。
① Become Data Stewards
Act as custodians of users’ personal data – protect the data, not just out of business necessity, but on behalf of the people who have trusted you with it.
① 成为数据管家
充当用户个人数据的保管人-保护数据,不仅仅是出于商业需要,而代表那些信任你的人。
② Be accountable
Companies should be transparent about their privacy practices, adhere to their privacy policies, and demonstrate that they are doing what they say. This means establishing safeguards for handling personal data and showing they are being enforced, committing to periodic independent audits, and ensuring partners abide by the same standards. When something goes wrong, they should be transparent about what happened, do their best to contain the harm and provide those affected with remedies.
② 要负责任
公司应该对其隐私惯例保持透明,遵守其隐私政策,并证明它们正在按照它们所说的行事。这意味着要建立处理个人数据的保护措施并显示其可被执行,承诺定期进行独立审计,并确保合作伙伴遵守相同的标准。当出现问题时,它们应该对发生的事情保持透明,尽最大努力控制危害并为受影响的人提供补救措施。
③ Stop using user consent to excuse bad practices
People should not be asked to agree to data sharing practices that are unreasonable, unfair, or hard to understand. Companies should not rely on user consent to justify their data handling practices.
③ 停止使用用户同意来辩解不良做法
不应要求人们同意不合理、不公平或者难以理解的数据共享行为。公司不应依赖用户同意来证明其数据处理行为的合理性。
④ Provide user-friendly privacy information
Companies should give people relevant, straightforward, concise, and easy to understand “in time” information about how their personal data is being collected, used, and shared.
④ 提供用户友好的隐私信息
公司应当及时给人们提供相关、直接、简洁、易于理解的有关其个人数据收集、使用及共享的信息。
⑤ Give people control of their privacy
People should be able to see when and how their data is being used. Companies should provide easy-to-use privacy controls and make privacy the default, not an optional extra.
⑤ 给予人们隐私控制
人们应该能够看到他们的数据在何时以及如何被使用。公司应当提供易于使用的隐私控制,并将隐私作为默认设置,而非可选的附加功能。
⑥ Respect the context in which personal data is shared
Companies should confine the use of personal data to the context in which it was collected. They shouldn’t allow unauthorized or unwarranted secondary uses of personal data.
⑥ 尊重个人数据共享范围
公司应当将个人数据的使用限制在收集个人数据的范围内。它们不应允许未经授权或毫无根据的二次使用个人数据。
⑦ Protect “anonymized” data as if it were personal data
Companies should apply basic privacy protections to “anonymized” data. This could mitigate potential harm if the data is later re-identified or used to single out particular individuals.
⑦ 像保护是个人数据一样保护匿名数据
公司应该对匿名数据实施基本的隐私保护。如果这些数据在后来被重新识别,或者被用于找出特定的个体,这可能会减轻潜在的危害。
⑧ Encourage privacy researchers to highlight privacy weaknesses, risks, or violations
Companies should invite independent privacy experts to audit new services and features as they are being developed, and those audits should be made publicly available when possible. Companies should also encourage researchers to report privacy vulnerabilities or violations and provide an open, transparent process for responsible disclosure.
⑧ 鼓励隐私研究人员强调隐私的弱点、风险或违规行为
公司应该邀请独立的隐私专家审核正在开发的新服务和新功能,并在尽可能的情况下公开审核。公司还应鼓励研究人员报告隐私漏洞或违规行为,并对负责任地披露提供一个公开的、透明的流程。
⑨ Set privacy standards above and beyond what the law requires
Companies should set the next generation of privacy standards.
⑨ 制定超出法律要求的隐私标准
公司应该制定下一代的隐私标准!
文章来源:Internet Socitey / http://internetsocitey.org
翻译:吴锦熤
在线客服
微信
