Categories: privacy Trust

Mozilla’s Data Privacy Principles Revisited

Mozilla’s commitment to transparency about our data practices is a core part of our identity. We recognized the value in giving a clear voice to this commitment through a set of Privacy Principles that we developed in 2010. These Principles, which we initially released in 2011 as an extension of the Mozilla Manifesto, have reflected and guided our handling of data.

Earlier this year, we revisited these Principles, engaging a wide cross-section of Mozilla and inviting public input. Today, we are introducing Mozilla’s updated Data Privacy Principles.

The update is a response to change, both within Mozilla and beyond. In four years, Mozilla has grown and expanded with new products and services that didn’t exist in 2010. And in 2014, a renewed public emphasis on transparency and user control, particularly in the aftermath of the Snowden revelations, has created new opportunities to address these through our products and policy initiatives.

Mozilla’s Data Privacy Principles continue to inform how we build our products and services, manage user data, and select and interact with partners – while shaping our public policy and advocacy work.

Mozilla’s five Data Privacy Principles are:

NO SURPRISES
Use and share information in a way that is transparent and benefits the user.

USER CONTROL
Develop products and advocate for best practices that put users in control of their data and online experiences.

LIMITED DATA
Collect what we need, de-identify where we can and delete when no longer necessary.

SENSIBLE SETTINGS
Design for a thoughtful balance of safety and user experience.

DEFENSE IN DEPTH
Maintain multi-layered security controls and practices, many of which are publicly verifiable.

Together with the Manifesto, these principles will continue to guide the work of teams across Mozilla as we stand up for users and the Web.  To keep the Web free and open, we put users at the center, through transparency and user control, while helping to minimize risk to the user through limited data, sensible settings, and strong security practices.