A coalition of civil liberties and human rights groups have launched a campaign to pressure tech companies to commit to stronger privacy and security practices via a Security Pledge, that they contend “would ensure the Internet is used to expand democracy, not undermine it” if adopted. The pledge borrows several elements from the European Union’s GDPR which goes into effect on May 25.
The Coalition warns that tech companies and government can use data to “twist the Internet into something it was never meant to be: a weapon against the public.” This can be stopped “by demanding companies protect our privacy and by building a surveillance-resistant web.”
The Coalition is launching a drive to get internet users to endorse the pledge and to get large tech companies to adopt it. You can sign the pledge here. The campaign has just been announced, so no companies have signed on to the pledge just yet.
In 2018, we will be working with Internet users and employees across the tech industry to urge your companies to take this pledge. Over the course of 2018, we will celebrate those companies that have taken these steps and draw public awareness to those that have left us vulnerable.
The Coalition consists of the following organizations:
|18 Million Rising||American Civil
|Color of Change||Coworker.org|
|Demand Progress||Free Press|
|Fight for the Future||Government
Civil Liberties Groups’ Pledge:
As technology companies, you recognize that you have a key role to play. You decide how the services you build collect, capture, and share our data. In 2018, companies that sign this pledge are committing to protecting their users’ data from exploitation and securing their users’ human rights, ensuring their products and services do not put human rights at risk by agreeing to:
The full details of the pledge are below:
Ensure Users Have Access to and Control Over Their Data
We need to know that we are in control of our personal information.
- Commit to meaningful transparency, including providing users full access to all data you have collected and a list of all third parties given access to that data.
- In addition, provide users full control, which includes requiring explicit opt-in consent, over the retention, sharing, or use of their information, including all data sharing with third parties.
- Adopt auditing procedures to ensure that shared data is used consistently with the users’ preferences.
- Guarantee that users have an easy and free way to download all the data you have about them in a usable format.
- Allow users to delete their entire account and permanently eliminate their data from your servers if they choose to.
Protect Our Data
We use the Internet to communicate about nearly everything, from banking to politics.
- Commit to following best practices to secure this information, including offering end-to-end encryption by default.
- Permit public and independent auditing of systems.
- Prohibit the use of your products and services, including your APIs, to collect information about your customers and users for commercial tracking or governmental surveillance purposes.
- If you are the victim of a data breach or contract violation, notify your users promptly if their information has been compromised or shared without their consent.
- Commit to providing updates to your products when necessary, and notifying customers in the case of breach or identified vulnerabilities. When other companies you work with fail to keep products updated, proactively warn users and potential buyers about them.
Limit the Data You Collect
Data can last forever and harm people in unpredictable ways. The best way to guard against that harm is to not collect or store it. Review your data collection practices, and stop collecting and storing information that isn’t necessary for your product or business.
Ensure All Communities Receive Equal Protections
- Algorithms are not neutral by default, and can easily reflect or exacerbate historical biases. Commit to policies that do not further or exploit discrimination and unequal treatment. From the development stage onward, test and evaluate the impact of products on various communities, including those that have historically been discriminated against.
- Do not collect information that is vulnerable to misuse, including information about your customers’ and employees’ immigration status, political views, national origin, nationality, or religion, unless required by law or strictly necessary for the service your provide.
Resist Improper Government Access and Support Pro-Privacy Laws
- Supporting strong legal privacy protections can both protect your users and earn their respect. Pledge to refuse voluntary requests for data in non-emergency situations, and fight overly broad, questionable, and illegal efforts to surveil your users, in the courts and in the public sphere.
- Contribute to the broader conversation about government access to private data by publishing transparency reports detailing requests from governments to the greatest extent allowed by law and by providing notice to individual customers or users whose records are sought or obtained by the government unless barred from doing so.
- Support laws that enhance user privacy, including laws that require a warrant before the government can demand information about your users.
- Support reforms that curtail mass surveillance.
- Support immigration policies that ensure immigrants (including your own employees) are treated humanely, receive due process, and are not discriminated against.