QAZ     ENG     RUS


In an attempt to improve the transparency of the companies and to raise the high standards of compliance with digital rights of users, DRCQ experts have prepared the following general recommendations for web services based on the data and results obtained. By reviewing these recommendations, the companies will be able to check for themselves how compliant they are with the given recommendations and what aspects can be changed or improved:


Show the company's commitment to respecting human rights to privacy and freedom of information (in documents, on the website, in public speeches) Publish Transparency Reports on an ongoing basis

2.1 With the indication and breakdown of requests for user data, including:

by the number of requests
• by disputed requests
• by data category
• by source of request
• by demand
• by decision

2.2 On the number of requests to restrict access to information by public authorities and private persons, ncluding the number of received and satisfied requests, in accordance with the specifics of the service, namely:

by the number of accounts
• by the number of groups
• by the number of posts
• by the number of comments
• by the number of downloaded videos
• by the number of downloaded pictures
• by the number of downloaded audio files

2.3 Disclose the procedure for handling requests from public authorities and private individuals to users:

by responses to requests for information about users
• by the types of requests that cannot be publicly disclosed
• verification of requests for information restriction
• notification of the user who is the subject of the request

2.4 Develop and publish an easy-to-understand and clear policy for handling user grievances.

2.5 Disclose information about unlawful requests of state authorities that have been challenged by the company.


1. Provide users with the ability to control how their data are used in targeted advertising
2. Maintain a register of changes to the Privacy Policy and User Agreement
3. Disclose detailed information on the type of user data collected and method of collection
4. Disclose details of the retention period and the procedure for destroying user data
5. Ensure that users can request and receive a copy of their personal data
6. Provide for the possibility to use the service anonymously
7. Promptly notify users of the fact of leakage
8. Publish practical materials to educate users on how to protect themselves from cybersecurity risks associated with the company's products or services.

Freedom of information

1. Disclose how the company performs due diligence on requests to restrict access to information (groups, accounts, posts, comments, publications) from individuals and government authorities before enforcing them
2. When a user attempts to access information blocked on the basis of a legitimate request from individuals or government agencies, indicate for what reason (category of unlawful information) and by the decision of which authority or person (including the date of the request and the number of the decision) access to the information was restricted.