The Privacy Pledge: Five Principles for Building an Internet Where Privacy is the Default
We, the undersigned, commit ourselves to rebuilding the internet so that it returns to the ideals set out by its founders: a democratic platform designed to facilitate the free exchange of information, open communication, and privacy for the individual. In doing so, we believe it can serve the needs of people, not just corporations. This internet should be private by default and give each user a choice over who has access to — as well as control over — their personal data. An internet like this would be open and accessible to everyone, support democratic values, protect the fundamental right to privacy, and ensure free access to information.
This internet would support the growth of ethical business models, but it would first require that companies hold themselves to a higher standard of conduct that puts users first. By giving people control over their personal information, we can stop companies and governments from the spying, commodification, and attempted manipulation of users that have come to typify the internet today.
To build an internet where privacy is the default, we believe all organizations operating online should adhere to the following five principles:
1) The internet, above all, should be built to serve people.
This means it honours fundamental human rights, is accessible to everyone, and enables the free flow of information. Businesses should operate in such a way that the needs of users are always the priority.
2) Organizations should only collect the data necessary for them to prevent abuse and ensure the basic functioning of their services.
They should receive people’s consent to collect such data. People should likewise be able to easily find a clear explanation of what data will be collected, what will be done with it, where it will be stored, how long it will be stored for, and what they can do to have it deleted. To the degree organizations must collect information, they should employ data management practices that put user privacy first.
3) People’s data should be securely encrypted in transit and at rest wherever possible to prevent mass surveillance and reduce the damage of hacks and data leaks.
4) Online organizations should be transparent about their identity and software.
They should clearly state who makes up their leadership team, where they are headquartered, and what legal jurisdiction they fall under. Their software should be open source wherever practical and open to audits by the security community.
5) Web services should be interoperable insofar as interoperability does not require unnecessary data collection or undermine secure encryption.
This prevents the creation of walled gardens and creates an open, competitive space that fosters innovation.
This is the internet that we deserve. This is the internet we are fighting for. It is within our reach, we simply need to be bold enough to seize it.