

Our New Privacy Policy - You Own Your Data, and We Don't Sell It - olivercameron
https://everyme.com/blog/our_new_privacy_policy

======
jnorthrop
That is really a fantastic example of proper execution of full transparency.
Privacy concerns are increasing and the best way to combat that is for the
company to be fully transparent. But executing full transparency in a way that
is meaningful to users is really difficult when it is hidden in a policy dense
with legalese.

These guys are doing an excellent job of explaining what can be pretty
confusing to an average user in plain and simple language.

------
heliodor
While this is all nice and fluffy, the company can switch its privacy policy
whenever it wants and it's not going to tell you about it if it moves in a
negative direction. They only tell you about it when it's a good PR move, like
here. This applies to any site; I'm not trying to pick on this company in
particular. I'm just pointing out that this is meaningless PR brownie points,
so let's not get carried away.

~~~
tommi
That's a very good point. I was looking for some kind of notice period for
changes but this was all I found from the privacy policy: "If we ever make
changes to our policy, you can easily see exactly what's changed on our Github
page."

Tomorrow the policy might look very different.

------
kyt
I don't think the average consumer cares about their data being sold. There is
a vocal minority of users that cares about online privacy, but I don't this
isn't going to cause a mass exodus from Facebook. Seems more like a publicity
stunt to me.

~~~
amirmc
I doubt the average consumer knows how much data is even collected about them,
let alone what happens to it. Viewed this way, one shouldn't assume that they
don't care.

Also, it may well be a 'minority of users' who care about privacy _at the
moment_ but this may change over the coming years.

------
tuxidomasx
Are privacy policies any more binding than terms of service? I rarely look at
either as a consumer, and for most of my projects, i'm reluctant to even
include them. My last ToS was "dont do anything you know you shouldnt do". I
imagine popular sites/services might be under more scrutiny, but I still
struggle with justifying even having policies or terms at all if they arent
enforcable. Maybe its just a PR thing. Or plausible deniability for civil
lawsuits and stuff.

~~~
vnorby
Before we wrote our new policy, I looked into this myself because I wondered
if we could do without. In the US/Canada and some other places, it's not
necessary to have a Privacy Policy (in the EU, it is) depending on what your
site does. However, if a user is providing you with data, it is required by
privacy laws to let the user know what you will do with it, what you are
soliciting from them, and other basic things. For example, EU laws require
that we alert the user that we use cookies to keep sessions for users, and how
they may turn them off. I would love to have left out things that are obvious
but we are required to include certain sections.

------
nkwiatek
Man, could these guys be riding Facebook any harder? Haters are most assuredly
going to hate.

------
simonbrown
The avatar image is triggering a mixed content error. It also seems strange to
display a 556x720 image at 25x25.

------
roopeshv
exactly like google's terms, minus the legalese

~~~
jopt
Surely google can't be credited with not selling data to advertisers?

~~~
roopeshv
<http://www.google.com/intl/en/policies/privacy/> please read "information we
share" section

~~~
vnorby
I am one of the authors of our new policy. Please read that part of their
policy carefully:

"We do not share personal information with companies, organizations and
individuals outside of Google unless one of the following circumstances
apply:"

"We will share personal information with companies, organizations or
individuals outside of Google when we have your consent to do so. We require
opt-in consent for the sharing of any sensitive personal information."

Sensitive personal information: "This is a particular category of personal
information relating to confidential medical facts, racial or ethnic origins,
political or religious beliefs or sexuality."

All other personal data can be shared on an opt-out basis if they would like -
it doesn't say anything to the contrary about this.

You could read Facebook's policy and make the same comment: "We do not share
any of your information with advertisers (unless, of course, you give us
permission)."

And, of course, one of the ways you can give them permission may be by using
the site. It doesn't explicitly say how you give them permission anywhere on
the policy.

On our new Policy, we state the facts simply. We don't sell your data in any
case, and the only time we ever give it up is when we are being forced to by
law. Big companies use legalese to hide and otherwise obscure facts from you
and to grant themselves rights to your data that they shouldn't have.

Anyway, I'm not a lawyer and if you don't like our policy, don't use our site
(as with any site). Whether or not I'm right or not about Google or Facebook's
policy and what they intend, I still don't really understand how mentioning
whether Google has a similar policy is relevant to the discussion at hand. We
decided to write our own policy because we thought it was doing right by our
users, and we encourage others to do the same. Our policy was not written to
attack Google or any other company specifically and there's nothing in there
that should lead you to interpret it that way.

~~~
roopeshv
No. it's not opt out. it's "how do you want to share it?". Tell me where
exactly this "opt-out" is, i would like to know.

No, I don't give permission by using the site. That's blatanly dishonest to
say that. They already mention that already.

I understand you wrote the new TOS, but I'm not sure how you are understanding
Goog's TOS. It's always opt-in. probably the only opt out i know of is from
their search crawler for websites.

~~~
koeselitz
Sorry for saying so, but this seems like a weird axe to grind. I think your
initial comment got downvoted because it seemed sort of like a backhanded
criticism; but now it seems sort of like you just wanted to show that you'd
read Google's TOS. I am still not sure what Google's TOS has to do with
EveryMe's TOS.

Either way, "opt-in" or "opt-out" is in this case a technical distinction.
EveryMe's sharing of data isn't opt-anything. They don't do it. Period.
Doesn't that constitute a difference?

~~~
roopeshv
i would say it's a difference, but opt-in is always a good way to go. I always
(atleast, i think so) I make most optins consciously).

I would say everyme has a good TOS/Priv Stmt, compared to google, if it says
"this privacy policy stands forever, and will not be changed". I know you
can't promise that, and I will not ask you to, but that's only case where I
would have more trust for keeping the data with you compared to google's. Or I
would trust goog's policies better it addresses the legal aspect of it, while
being humanly readable and understandable.

The only thing that differentiates you (as in everyme, most references are
same)and goog is they have to cover base for billions of people they are
handling.

Even if it's snarky (though I didn't make it so), why would someone downvote
it rather than disagree with a comment (HN guidelines please). Please downvote
if it doesn't add to discussion. What we had above is discussion.

