|
|
| (9 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| = Online Data Collection =
| | #REDIRECT [[Privacy/How_to/WebReg]] |
| At Mozilla, six core privacy principles guide our data practices and operations. This page is designed to help you apply the principles to collecting user data online through web registration pages, such as newsletter sign-ups.
| |
| | |
| ==Privacy Review Required==
| |
| | |
| If you are '''collecting user personal data through a website''', you will need to file a bug for a privacy review.
| |
| | |
| *Product: Legal
| |
| *Component: Privacy
| |
| | |
| The review will include:
| |
| *Is it clear to the user what you are asking them to do and how you'll use their info?
| |
| *If you're collecting email address, are you collecting permission to contact?
| |
| *Is permission appropriate to the context? (i.e. do you need one checkbox or two?)
| |
| *Are the boxes unchecked?
| |
| *Did you link to the appropriate privacy policy?
| |
| | |
| = Web Sites with User Registration =
| |
| | |
| Don't miss the opportunity to communicate with your site users! If you are requesting a user's email as part of a web registration, you will need to '''add a checkbox''' for email communications and a check box to acknowledge the privacy policy (See #3 below under Newsletter Sign Ups.)
| |
| | |
| ==Surveys==
| |
| If you don't '''add an opt-in for communications''' (see above), you will not be able to send an email survey to your users in the future (ex: about how they use the site, what about it works (and doesn't work) for them, and how it could be made more useful, as well as what they'd like to get out of working with the community.)
| |
| | |
| ==Page Text==
| |
| Your page text should contribute to the principle of no surprises. It should be clear from the text what you are asking the user to do.
| |
| | |
| = Newsletter Sign Ups =
| |
| | |
| '''Simply entering an email address is not an opt-in. Checkboxes are required.''' You will need permission to send an email newsletter, plus an acknowledgement of the Mozilla privacy policy. This can be accomplished in a couple different ways:
| |
| | |
| 1) If it is clear to the user that (a) the sole purpose of the activity is to receive a communication (ex: newsletter sign up), and (b) the user will receive only the types of communication(s) described on the page, you will need to add a single checkbox for the privacy policy acknowledgement.
| |
| | |
| *___ I’m okay with you handling this info as you explain in your privacy policy.
| |
| | |
| Note: If you are not able to send the user only the communications described on the page (i.e. they would become part of a broader list), see #2 below.
| |
| | |
| 2) If it may not be completely clear to the user that (a) the sole purpose of the activity is to receive communication and/or (b) they will become part of a broader email list, you may combine an email opt-in and the privacy policy acknowledgement into a single checkbox. (See also #4 below).
| |
| | |
| *___ I want to receive email updates about [insert name of project] and Mozilla's other projects and campaigns, and I’m okay with you handling this info as you explain in your privacy policy.
| |
| | |
| Note: If there is any other possible activity (ex: sign the Manifesto), email opt-in and privacy acknowledgement should be separate checkboxes, to enable real choices and user control. (See #3 below).
| |
| | |
| 3) If the user can participate in some form without opting-in to communication (ex: sign a manifesto, contribute money, or participate in a community site), you will need two checkboxes.
| |
| | |
| *___ I want to receive email updates about [insert your project here].
| |
| *___ I’m okay with you handling this info as you explain in your privacy policy.
| |
| | |
| Note: If you think there is a possibility you'll want to send broader Mozilla communications in the future, add the words "and Mozilla's other projects and campaigns" to the first checkbox above.
| |
| | |
| 4) If you would like to obtain permission for two distinct types of communications, but do not have the ability to offer separate unsubcribes/opt-outs, you may combine them into a single checkbox. However, an unsubscribe/opt-out must cancel both. You may also combine them with the privacy policy acknowledgement if as described in #2 above.
| |
| | |
| *___ I want to receive email updates about Ignite and Mozilla's other projects and campaigns, and I'm okay with you handling this information as you explain in your privacy policy.
| |
| | |
| 5) You may combine acknowledgement of the privacy policy and terms of service.
| |
| | |
| *___ I agree to the Firefox Affiliates terms of service and Mozilla Privacy Policy.
| |
| | |
| == Recommended Checkbox Wording ==
| |
| | |
| The goal of the wording is to provide enough information so users know what they're opting in to, but make it broad enough so that it's practical. (For example, if you decide you want to send them a survey in the future, is your opt-in broad enough to cover that?). Below is some sample wording.
| |
| | |
| *___ I want to receive email updates about Mozilla's projects and campaigns.
| |
| *___ I wish to receive information about Firefox and Mozilla's other projects and campaigns via email.
| |
| | |
| ==Additional Wording==
| |
| If you have space on the page, or can include a "What's this?" or "More info" type link, it's nice to further clarify what users can expect by checking the box. Here are some examples:
| |
| | |
| ''Subscribe to our monthly updates and keep current with Mozilla news, including the latest tips and tricks for getting the most out of your Firefox browser.''
| |
| | |
| ''By signing up, you'll receive information about how to help with our world-changing projects and ways to help engage with the Mozilla project and build a better web.''
| |
| | |
| ''Community members may use your profile information to identify and contact you about events, projects and other Mozilla-related activities.''
| |
| | |
| ''We will only send you Mozilla-related information.''
| |
| | |
| ==Wording to Avoid==
| |
| * Don't include the word "notifications". Administrative messages do not require an opt-in.
| |
| * "Sign up for the mailing list" doesn't tell the user what medium (i.e. email) or give them a clear idea of what they'll be receiving.
| |
| | |
| == Mechanics ==
| |
| *Checkboxes must be unchecked.
| |
| *Failing to check the privacy policy acknowledgement, must create a fail. (i.e. * as a required field)
| |
| *The words "privacy policy" should hyperlink to the appropriate privacy policy, which is usually the Mozilla Privacy Policy (http://www.mozilla.org/about/policies/privacy-policy.html)
| |
| *Route any email communication to a mass audience through Mozilla's email vendor so that it includes an unsubscribe link and other relevant legal (ex: CAN-SPAM) and regulatory guidelines.
| |
| *It is often wise to request country, for flexibility to adapt to country specific laws.
| |
| *Including an option for HTML or plain text email allows the user to opt out of email tracking.
| |
| *A newsletter sign up can be added to a page with a box to enter email address and text above it that says "Get Monthly News", so long as a pop-up appears that includes the checkbox to acknowledge the privacy policy. (See Mozilla.org for an example.)
| |