Online Data Collection

At Mozilla, six core privacy principles guide our data practices and operations. This page is designed to help you apply the principles to collecting user data online through web registration pages, such as newsletter sign-ups.

Privacy Review Required

You will need to file a bug for a privacy review of your data collection page.

• Product: Legal
• Component: Privacy or EULA

Web Sites with User Log In

Don't miss the opportunity to communicate with your site users! If you are requesting a user name and password, you will need to add a checkbox for email communications and a check box to acknowledge the privacy policy (See #2 below under Newsletter Sign Ups.) If you don't, you will not be able to send an email survey to your users in the future (ex: about how they use the site, what about it works (and doesn't work) for them, and how it could be made more useful, as well as what they'd like to get out of working with the community.)

Newsletter Sign Ups

Simply entering an email address is not an opt-in. Checkboxes are required. You will need permission to send an email newsletter, plus an acknowledgement of the Mozilla privacy policy. This can be accomplished in a couple different ways:

1) If the sole purpose of the activity is to receive communication, you may combine the opt-in and the privacy policy acknowledgement into a single checkbox.

• ___ I want to receive email updates from Mozilla about projects and campaigns like this, and I’m okay with you handling this info as you explain in your privacy page.

2) If the user can participate without opting in to the newsletter, you will need two checkboxes.

• ___ I want to receive email updates from Mozilla about projects and campaigns like this.
• ___ I’m okay with you handling this info as you explain in your privacy page.

3) You may combine an opt-in to two different publications, where you do not have the ability to offer separate unsubcribes/opt-outs. However, an unsubscribe/opt-out must cancel both. (You can also combine it as described in #1 above.)

• ___ I want to receive email updates about Ignite and Mozilla, and I'm okay with you handling this information as you explain in your privacy policy.

4) You may combine acknowledgement of the privacy policy and terms of service.

• ___ I agree to the Firefox Affiliates terms of service and Mozilla Privacy Policy.

Recommended Checkbox Wording

The goal of the wording is to provide enough information so users know what they're opting in to, but make it broad enough so that it's practical. (For example, if you decide you want to send them a survey in the future, is your opt-in broad enough to cover that?). Below is some sample wording.

• ___ I want to receive email updates from Mozilla about projects and campaigns like this.
• ___ I wish to receive information about Firefox and Mozilla via email.

Additional Wording

If you have space on the page, or can include a "What's this?" or "More info" type link, it's nice to further clarify what users can expect by checking the box. Here are some examples:

By signing up, you'll receive information about how to help with our world-changing projects and ways to help engage with the Mozilla project and build a better web.

Community members may use your profile information to identify and contact you about events, projects and other Mozilla-related activities.

Words to Avoid

• Don't include the word "notifications". Administrative messages do not require an opt-in.

Mechanics

• Checkboxes must be unchecked.
• Failing to check the privacy policy acknowledgement, must create a fail. (i.e. * as a required field)
• The words "privacy page" or "privacy policy" should hyperlink to the appropriate privacy policy, which is usually the Mozilla Privacy Policy (http://www.mozilla.org/about/policies/privacy-policy.html)
• It is often wise to request country, for flexibility to adapt to country specific laws.
• Route any email communication to a mass audience through Mozilla's email vendor so that it includes an unsubscribe link and other relevant legal (ex: CAN-SPAM) and regulatory guidelines.