Mozilla's Privacy & Data Operating Principles

Next Steps in Mozilla’s Ongoing Efforts to Put People in Charge of Their Privacy

As Mozilla’s new privacy lead, there are a number of new and existing initiatives that I will be tackling. This month, in particular, will be extra busy with comments due to both the FTC and Commerce, Data Privacy Day, as well as a number of internal activities underway. I will be using this blog to post updates on our work and seek community input, as well as to share my experiences as a privacy officer in Silicon Valley.

Mozilla has a long history of taking privacy seriously. The topic is well grounded in Mozilla’s principle-over-profit mission to build an Internet where the individual is respected and has choices. We approach privacy from the perspective of putting people in control and advocating for their ability to shape the future of the web. This comes through our commitment to support a vibrant add-on ecosystem with powerful third party tools like Adblock Plus and Ghostery, our work on privacy icons and making privacy policies not suck, leadership on geolocation privacy, and, among other examples, convening open forums with the community to collaborate on privacy and security solutions. I’m fortunate to be working with a number of people here who have strong professional credentials and personal commitments to online privacy. Working together to engage with the broader Mozilla community on fostering greater user transparency and choice will be one of my primary roles.

As I begin my second week with Mozilla, one of my first tasks is to finalize and roll out Mozilla’s Privacy & Data Operating Principles to inform our data handling practices and product decisions. In the rapid pace of development that defines today’s Web, we believe grounding our work in a set of guiding principles will be vital to maintaining internal vigilance, as well as enhancing privacy-related considerations in the development process.

Following an internal privacy review last summer that looked at a broad range of privacy-related organizational risks and controls, Mozilla formed a working group comprised of representatives from across the organization to develop a set of guiding principles. Drafts underwent a number of iterations based on input generated through open meetings and presentations.

I am sharing them now, in draft form, to seek broader input from the community. The current draft is focused on these five objectives:

No Surprises. Only use and share information about our users for their benefit and as disclosed in our notices.
Real Choices. Give our users actionable and informed choices by informing and educating at the point of collection and providing a choice to opt-out whenever possible.
Sensible Settings. Establish default settings in our products and services that balance safety and user experience as appropriate for the context of the transaction.
Limited Data. Collect and retain the least amount of information necessary for the feature or task. Try to share anonymous aggregate data whenever possible, and then only when it benefits the web, users, or developers
User Control. Do not disclose personal user information without the user’s consent. Advocate, develop and innovate for privacy enhancements that put people in control over their information and online experiences.
Trusted Third Parties. Make privacy a key factor in selecting and interacting with partners. (Updated)

Questions for your consideration and input: Are these the right principles? Do they cover the areas that you care about? Will they drive us to develop better products and features? Are we missing anything critical? How do we think about guidelines, policies or standards to best guide our decisions without hampering the course and speed of innovation?

Once finalized, we will translate these principles into various communications, training and implementing tools to support the work of our teams across Mozilla. I expect a number of new projects to follow in the areas of online notices, user choices, security and data governance, not to mention a variety of privacy enhancing features and tools implemented in our great software products and services.

I’m excited to be a part of Mozilla and look forward to hearing your comments on these principles, as well as working with you in this new year and beyond.

Alex Fowler
[Reprinted]

2 comments on “Mozilla’s Privacy & Data Operating Principles”

Daphne wrote on February 11, 2012 at 10:08 am:

Hold on your principles. No “data-ping”!
Ping from Some attitudes on Facebook privacy | Mozilla UX on April 13, 2012 at 10:31 am:

[…] part of our commitment to privacy on the web, the Mozilla Identity team is hard at work on Mozilla Persona, an identity system for […]

Open Policy & Advocacy

Mozilla’s Privacy & Data Operating Principles

2 comments on “Mozilla’s Privacy & Data Operating Principles”

Daphne wrote on February 11, 2012 at 10:08 am:

Ping from Some attitudes on Facebook privacy | Mozilla UX on April 13, 2012 at 10:31 am:

Mozilla Weighs in on State Comprehensive Privacy Proposals

Mozilla’s Comments to FCC: Net Neutrality Essential for Competition, Innovation, Privacy

Global Privacy Control Empowers Individuals to Limit Privacy-Invasive Tracking

Mozilla applauds CFPB for taking on the Data Broker Ecosystem

Mozilla Supports Updates to the Health Breach Notification Rule

Mozilla Mornings: Choice or Illusion? Tackling Harmful Design Practices

Mozilla Asks US Supreme Court to Support Responsible Content Moderation

The Revival We Need: The FCC Takes On Net Neutrality

Mozilla Meetups – Code to Conduct in AI: Open Source, Privacy, and More

Mozilla Meetups with CDT: Talking Tech Transparency

Continuing to Protect our Users in Kazakhstan

Continuing to Protect our Users in Kazakhstan

It’s time for the G20’s first digital agenda

Mozilla provides feedback to ACM’s DSA Guidelines

Global Network Fee Proposals are Troubling. Here are Three Paths Forward.

Mozilla Mornings on addressing online harms through advertising transparency

The EU’s Current Approach to QWACs (Qualified Website Authentication Certificates) will Undermine Security on the Open Web

Mozilla files comments with the European Commission on safeguarding democracy in the digital age

Mozilla applauds CFPB for taking on the Data Broker Ecosystem

Mozilla Weighs in on Accountability Legislation: Public policies like PATA can help to keep the Internet in the public’s best interest.

Open Fibre Data Standard: Understanding the True Extent of the Internet

Mozilla Meetups: The Building Blocks of a Trusted Internet

The FTC and DOJ merger guidelines review is an opportunity to reset competition enforcement in digital markets

Mozilla submits comments to the California Privacy Protection Agency

European Parliament’s version of the CRA threatens cybersecurity and open source development

Mozilla weighs in on the EU Cyber Resilience Act

Enhancing trust and security on the internet – browsers are the first line of defence

Working in the open: Enhancing privacy and security in the DNS

The Van Buren decision is a strong step forward for public interest research online