what it is and how to set one up! – WAU
Basically, it concerns how user data will be treated, what the company intends to do with that information and what are the security limits for its sharing.
We have the answers to these and other questions!
Basically, it informs the user of all rights, guarantees, forms of use, data collected, processing and disposal of this personal information.
Typically, these sites and application providers ask the user, when filling out their registration, or start using the platform, demonstrate your express consent and agreement to these terms.
It is a way of not only informing the user what will be done with their data, but also exempting the provider from any responsibility arising from the lack of consent.
See some of its main aspects:
Personal identification information
Nowadays, with increasingly multiple and connected platforms, this goes far beyond a name and about a name.
Identification data can also be your identity document number, social security number, email, username, personal image, IP number (internet protocol) from your computer or internet access device (tablet, smatphone, etc.).
All of this information serves to identify users of websites and applications, so must be treated with care and confidentiality by companies.
After all, leaks of this data can have serious consequences not only for the user, but also for the service providers.
E-commerce sites are the ones that most need their users’ addresses to register.
These data are used not only for the delivery of products and for the provision of services, but also for the issuance of tax documents, especially in transactions involving the collection of taxes.
It is necessary to know if the user is an individual or a legal entity, and where their headquarters or residence is located.
In addition to the address, e-commerce sites also often require the sharing of bank data from their users, either for the establishment of automatic debit in the provision of continuous services, or for the conduct of bank transactions, such as payments and transfers through credit card, for example.
Remember that bank details are not provided only by those who have to make a payment over the internet.
Often, sharing websites and apps (Airbnb, Uber, etc.), buying and selling products among consumers and even digital finance companies (fintechs) also collect their users’ personal data to make deposits.
Navigation patterns and cookies
Have you noticed that, as you browse Facebook, Google and other such platforms, there is a constant refinement of advertising suggested to the user?
If you travel a lot, buy tickets online, are always comparing hotel prices, etc., similar products and services will probably be offered to you through these platforms.
This means that most application providers study and uses its navigation patterns to then optimize the relevance of its advertisements.
This is done through cookies, a kind of browsing history that is accessed every time you enter these platforms to better identify users’ profiles.
Yes, we need to talk about privacy policies referring to the exchange of messages between users.
When you are using a social network, it is important to keep in mind who can access this conversation, in what way and for what purpose.
After all, many of these conversations are private and the user has an expectation of confidentiality.
If you are using e-commerce, this may not be such a problem, as consumers of these sites and platforms communicate little with each other.
Nowadays, in London, the content of these messages exchanged between users can only be passed on to other people (government, civil society, judiciary, etc.) through a court order.
If a judge does not endorse, providers are not required to share private conversations.
There are websites and platforms that decide to impose restrictions on users on the content to be posted online. For example, nudity may not be allowed, as is the case with Facebook.
Besides that, there are sites that do not allow hate speech and racist content, so users who do not respect these policies are also subject to being expelled from these platforms.
Academia.edu, for example, is a site specifically designed for researchers to share their own articles, books and other publications for free with colleagues in their fields of study.
However, if any user decides to share, without authorization, books and materials from third parties that are protected by copyright, that content may be removed.
Why is it important?
Compliance with the Civil Framework for the Internet and the Consumer Protection Code
In London, since the 1990s, the Consumer Protection Code already provided for a special treatment given by companies to information about their customers.
E-commerce was not as expressive in relative terms as it is now, but it was already pointed out, at that time, the need not to pass this data between one company and another, as well as to maintain the organizational confidentiality of this type of information in the company.
In addition, in 2014, London legislation gained a specific regulation for the virtual world, the Marco Civil da Internet.
This law established rights and guarantees for users, in addition to establishing clear rules of responsibility for the public and private sectors.
Specifically regarding the privacy of users, the law specifically determines the protection of privacy, personal data and the security of networks.
In addition, there is a specific provision for civil liability of agents according to their activities and obligations. In practice, what does this mean?
Application providers (content sites, social networks, applications, etc.) must maintain the confidentiality of communications exchanged between users and their personal data.
They must also keep this information for a minimum of 6 months, if they are legally required to provide this information to the authorities, by court order Without a court order, personal data, communications and navigation patterns of users cannot be made public.
It is also worth mentioning the content of article 7 of the Marco Civil, which guarantees users the right to have access to “clear and complete information about the collection, use, storage, treatment and protection of their personal data”.
In addition, this information can only be used for purposes that “justify its collection, that are not prohibited by law and that are specified in service provision contracts or in terms of using internet applications”.
Support in the market and among its users
It makes sense for a company that wants to guarantee support in the market and among its users to keep the confidentiality of the data it uses in its day to day.
Just remember cases like Yahoo’s recent security breaches, which made thousands of user passwords public and exposed these people to various risks, such as fraud, breach of communications confidentiality and crimes against the financial order.
As a user, it is difficult to trust websites, platforms and apps that do not have an adequate policy to protect privacy and personal data.
In increasingly competitive markets, as is the case with online businesses today, it is essential to maintain this support and perception of security by the market.
Prevent information leakage
As unlikely as this relationship may seem, as companies are required to make these terms and conditions available when contracting with a user, they are also creating a “law” that regulates this private relationship.
Whether this policy regulates what can or cannot be done, the rights and duties of each party, it is also necessary to take the necessary and reasonable measures to put it into practice, such as the security of protocols, confidentiality in employment contracts and respect for users’ rights.
This is one of the main values sought by internet companies today.
The online market is very dynamic, demanding from its entrepreneurs quick adaptability and the need to adapt to the new demands of consumers.
The more transparent the relationship between company and user, the better the results of these ventures, especially due to the fact that much of the users’ personal lives are now exposed, traded and stored online, such as cloud computing, for example.
In this context, transparency, security, reliability and protection of personal data are essential measures to be taken by companies.
Understand your business model
It must be relevant to your area of expertise and the type of information that is exchanged. After all, this information changes a lot from one sector to another.
The data obtained in an e-commerce are completely different from those of a social network.
Respect the legislation of your sector
Observe what the Marco Civil da Internet, the Consumer Protection Code and any other pertinent legislation say for your sector.
If you operate in the financial sector, it is important to check, for example, whether the Securities and Exchange Commission and the Central Bank have any specific regulations that you must observe.
Know your users’ concerns
Do you know your users well? Do you know what they are concerned with?
Avoid legal and other difficult to understand terms
It is essential that your message is clear.
Get and keep only what you need
As the Marco Civil da Internet notes, any collection of data that exceeds the need for your business model can be considered inappropriate.
This also avoids accountability in the event of a data leak. If you have a social network where there are no financial transactions, what is the purpose of obtaining your users’ credit card data?
It would be something more to protect and to be responsible for in case of leaks.
Watch what your competitors do
This does not mean that you should copy them, but it is certainly a good way to give more direction to your own policies.