These are the steps to take to become a trusted developer
We’ve all heard of the Good Housekeeping seal. What if there was a seal for trusted developers; a mark to help consumers spot those apps and websites that follow sound data management and privacy practices? That’s the thinking behind a new project from the Developers Alliance.
With Cambridge Analytica and others making headlines daily, developers are getting a bad rap because of a few highly visible bad actors. Our community wants to do better. In fact a recent Alliance survey found that almost 60% of developers think that our community should be doing more on privacy. Improving data governance and privacy practices is good for business, good for consumers, and simply the right thing to do. And of course if developers don’t raise the bar, regulators in the US and EU will do it for us (without our input).
In the coming weeks, we’ll be launching a program designed to guide developers toward better data practices, along with a “trust mark” for those that adopt the Developer Trust Alliance principles and incorporate them into their workflow. Here’s a sneak peek at the draft principles - and a sign up form for those that want to learn more and get involved early.
Openness & Transparency
PRINCIPLE 1. INTRODUCE YOURSELF
Developers should clearly identify themselves and provide mechanisms for users to easily connect and interact on privacy issues. Developers should not seek to mislead users or to hide their identities.
PRINCIPLE 2. INFORM BEFORE ACCESS
Developers should not access or allow access to any user content or private user data without informing the user in advance in clear and simple language. This includes clearly establishing the user’s identity before allowing them access to their previously shared personal data or content.
PRINCIPLE 3. OBTAIN EXPLICIT CONSENT
Developers should obtain consent before accessing user content or private user data. Developers should explain in clear and simple language what user content or private user data will be accessed and what it will be used for (including uses beyond the service involved), including what service limitations would result from denied permission, before asking for user consent.
PRINCIPLE 4. EXPLAIN DATA RETENTION PRACTICES
Developers should indicate whether specific data use will be transient (queried, used, and immediately forgotten) or retained, and whether data will be stored locally on the user’s device or transmitted and stored remotely.
PRINCIPLE 5. DISCLOSE WHO ELSE MIGHT HAVE ACCESS TO DATA
If user content or private user data will be shared with third parties, developers should inform users of the obligations they will impose on those involved, the purpose for sharing, the names or attributes of the third parties involved, and seek consent in advance of access.
PRINCIPLE 6. PROVIDE NOTIFICATION OF CHANGES & SIGNIFICANT EVENTS
Developers should inform users in the event of breach, legal process, or a change in practice or business control that implicates user content or private user data, the developer/user relationship, or privacy policies.
Security & Data Integrity
PRINCIPLE 7. SECURE YOUR SYSTEMS
Cybersecurity and physical security measures should be taken to ensure systems integrity. Industry best practices should be in place throughout the development process.
PRINCIPLE 8. DESIGN SYSTEMS TO MITIGATE DAMAGE
Developers should explicitly acknowledge the risk of breach, and should take steps to minimize the damage to users and themselves, and limit the value to attackers, when designing systems.
PRINCIPLE 9. PLAN FOR FAILURES
Backup and remote storage procedures should be in place to ensure continuity and resilience in the event of system failures.
Responsible Data Stewardship
PRINCIPLE 10. BE A GOOD CUSTODIAN
Developers should act on the user’s behalf in protecting and defending user content or private user data under their control.
PRINCIPLE 11. RESPECT THE RIGHTS OF USERS TO CONTROL OR INFLUENCE HOW DATA IS USED
Developers should provide users with the ability to access, retrieve, or permanently delete their content and private user data, and should carefully consider user impacts when deciding how shared data is used.
Learn More about the Developers Trust Alliance
Do you want to learn more about the Developers Trust Alliance when it launches? Let us know by filling out the form below. Also, please let us know if you have any questions about the Principles.