In order to increase transparency of companies' activities and strengthen high standards of digital rights compliance, DRCQ experts, based on the obtained data and analysis results, have developed a set of universal recommendations for companies and services operating in the digital economy sector. The recommendations will allow digital platforms to independently assess compliance with the proposed standards and identify areas for improvement.

FREEDOM OF EXPRESSION AND INFORMATION

1. The company's obligations to respect human rights and protect users' rights to freedom of expression and access to information should be clearly and understandably stated in its public policies. We recommend paying attention to international standards and be guided in this matter by the following international documents: Universal Declaration of Human Rights; International Covenant on Civil and Political Rights; UN Guiding Principles on Business and Human Rights.
2. Companies should publicly inform users when they receive requests from government authorities to remove content, user accounts or restrict access to information. It is important to explain how such requests are assessed by companies (including senior management) for legality, proportionality and reasonableness, and what the company's policy is regarding responding to such requests.
3. There should be clear rules for customer complaints and mechanisms in place to allow users to file complaints and challenge decisions regarding content restriction or account blocking. These mechanisms should be understandable, accessible, and focused on ensuring fair and timely treatment of issues that arise.
4. Regular risk assessments on digital and consumer human rights should be conducted with the involvement of independent auditors.

CORPORATE GOVERNANCE

1. Mechanisms should be put in place to monitor compliance with international human rights standards. For example, conduct regular audits, keep reports and be sure to involve the company's senior management in this process.
2. Companies should organize regular training for their employees, especially those who work directly with customers or with their personal data. This will help raise awareness and strengthen internal processes to respect human rights. Employees themselves should also be made aware of who they can complain to and the procedure to follow if their rights have been violated.

PRIVACY

1. It is recommended to develop detailed privacy policies that specifically explain what user data is collected, how it is used, where and how much it is stored, and whether it is shared with third parties. Policies should be written in clear language. Separately, it is recommended to disclose the names of third-party organizations to whom users' personal data may be shared.
2. Ensure that users can control how their data is used in targeted advertising. In addition, users should be able to easily disable targeted advertising or limit data collection for these purposes. It is recommended to provide access to clear privacy settings where users can choose the level of ad personalization, including opting out of data collection for such purposes.
3. Publish Transparency Reports on their sites on a regular basis. Such reports allows companies to describe how they deal with requests from the government, law enforcement, or other parties

Such report typically shows:

• How many times government agencies requested user data
• What data were requested (e.g., contact information, messages, IP addresses)
• How many requests the company has approved or denied and why
• How often the company, for example, removes content or restricts access to content, at the request of government authorities.

4. Companies should clearly indicate whether they collect user data for machine learning and its further use in algorithmic systems, including AI assistants, chatbots, etc.
5. Disclose in detail the procedures for revoking and destroying user data upon request or when the purposes of collecting that data have been achieved.
6. Promptly notify users of the facts of their data leakage, as well as promptly notify the authorized state agency.
7. Publish practical materials to educate users on how to protect themselves from cybersecurity risks associated with the company's products or services.
8. Minimize the collection of user data, limiting it to the information that is necessary for the provision of services.