Read on Twitter
No privacy policy for @joinClubhouse! Was wondering if they recorded you, no way of knowing what data they collect about you at/before collection of data.
CCPA, GDPR, FTC, and CalOPPA violations for such a fast-growing popular app. If they can't do the basics-you have to wonder https://twitter.com/Riana_Crypto/status/1359938826043465728
CCPA, GDPR, FTC, and CalOPPA violations for such a fast-growing popular app. If they can't do the basics-you have to wonder https://twitter.com/Riana_Crypto/status/1359938826043465728
If you want to build a social media app in 2021, a privacy or product legal hire should be an early hire. Maybe contractor or really involved outside counsel. But there are a lot of DON'Ts that will be much easier to manage if you just investigate & build w/ these things in mind.
I want companies to succeed and to not have to go back & re-do everything bc they engineered their systems in a way that cannot facilitate CCPA/GDPR compliance OR just simply delete data.
Privacy will open doors—you don't have to be perfect, but you have to do the fundamentals.
Privacy will open doors—you don't have to be perfect, but you have to do the fundamentals.
Here are my top 5 privacy fundamentals for new & fast growing companies (not legal advice):
1. Build for the whole user journey
Understand what data you'll collect, how you'll process it, and what you'll do with it when they want to leave (yes, that means deleting their data).
1. Build for the whole user journey
Understand what data you'll collect, how you'll process it, and what you'll do with it when they want to leave (yes, that means deleting their data).
2. Facilitate privacy rights
Build systems in a way that has a common core identity system that allows you to be able to pull, delete, and manage data on a per-user basis.
Build systems in a way that has a common core identity system that allows you to be able to pull, delete, and manage data on a per-user basis.
3. Have a privacy policy, follow it, and make it available everywhere
This should be your data practices bible. It's not in the privacy policy - don't do it. You want to do it? Put in in the privacy policy. Your team should understand the fundamentals of it & update it regularly
This should be your data practices bible. It's not in the privacy policy - don't do it. You want to do it? Put in in the privacy policy. Your team should understand the fundamentals of it & update it regularly
4. Decide culturally what type of privacy company you want to be
Do you want to be privacy-first? Want to sell data? Figure that out now. Want to not sell data? Fine but also keep in mind that you may want to in the future. No matter what train about privacy & security EARLY.
Do you want to be privacy-first? Want to sell data? Figure that out now. Want to not sell data? Fine but also keep in mind that you may want to in the future. No matter what train about privacy & security EARLY.
5. Think globally and sectorially
Who are your anticipated users? Financial institutions (GLBA), healthcare (HIPAA), want to have users in EMEA or APEC - think about how they culturally view privacy and begin to bake that in.
Who are your anticipated users? Financial institutions (GLBA), healthcare (HIPAA), want to have users in EMEA or APEC - think about how they culturally view privacy and begin to bake that in.
I'm sure there are others - and this is more on the broad strokes side of it all.
Biggest one is build it in to the culture so that privacy, consumer protection, and security are not after thoughts - it will slow you slightly now but speed you up when it matters.
Biggest one is build it in to the culture so that privacy, consumer protection, and security are not after thoughts - it will slow you slightly now but speed you up when it matters.
