MYDATACAN PLATFORM PRIVACY STATEMENT

What is MyDataCan?

The MyDataCan platform (“MyDataCan”) is an online platform offered by the Data Privacy Lab at Harvard University. The purpose of the Platform is to create a secure and privacy-principled ecosystem of data sharing where: 

  • Software developers write apps that provide a copy of a user’s information directly to the user; 
  • data providers can provide a copy of a person’s information directly to the person who is the subject of the data; and, 
  • an individual has direct control over the sharing and use of their personal data.

What is unique and important about MyDataCan is that Apps provide you, the user, a copy of your user personal data and you decide whether Apps can use your data. We explain how this works below.

What do I most need to know about MyDataCan’s Privacy Practices?

This Privacy Statement describes how MyDataCan and Apps work together to share information securely and in accordance with privacy principles. It is simple: you are in control of your data on MyDataCan. We still urge you to read through this entire Privacy Statement, so that you can understand exactly how MyDataCan stores, manages, and uses information about you, the important things to remember are these:

  • MyDataCan gives you a “DataCan” that holds all of the data that MyDataCan stores about you (“Your MDC Data”). MyDataCan also provides a “Dashboard” that describes the data in your DataCan and allows you to decide how it may be used. Through the Dashboard you can view, share, delete or “privatize” Your MDC Data.
  • The privatized option allows you to encrypt your information with a passphrase that you know but that is not stored on the MyDataCan platform. Privatized information is unreadable on the platform. You can reverse the process using your same privately held passphrase to make the information visible on the platform again.
  • An App may not access Your MDC Data unless you have subscribed to that App. Generally you must allow an App to access Your MDC Data if you subscribe to the App, but in some cases the App may allow you to opt out of allowing the App to use Your MDC Data, even if you have subscribed to and are using it.
  • An App may collect data from you directly and provide some or all of that data to MyDataCan, so that it becomes Your MDC Data. However, the App may retain its own copy of data it collects from you, and the App’s own Privacy Policy or Privacy Statement will govern how the App can use its copy of the data.

What information does MyDataCan collect about me, and how is it stored?

MyDataCan collects information about you in three ways:

  • You join MyDataCan through a community, school or other organization. Either you provide information when you setup your account, such as name or email, or your community, school, or organization pushes information about you into your DataCan which is visible on your Dashboard on MyDataCan. This includes your name and school email address.
  • Apps push information into your DataCan. The details of what kind of information an App pushes into your DataCan is available on the “My Data and Apps” tab of your Dashboard on MyDataCan.
  • You input information into your DataCan, through the Dashboard. For example, you may add an email address or phone number to receive notifications from the MyDataCan or from Apps.

Your DataCan

All of the information MyDataCan collects about you — that is, all of Your MDC Data — is stored in a DataCan assigned to you and you alone. You can use the Dashboard to see what kinds of information are in your DataCan. You can also use the Dashboard to see the actual data in your DataCan.

How can I see and control what MyDataCan and the Apps do with my MDC Data?

You may access the Dashboard after you authenticate yourself to the MyDataCan platform. When you have authenticated in, your Dashboard will show you the following information:

  • A list of the kinds of information about you that make up Your MDC Data;
  • Information about the Apps available to you on the platform, including:
    • Features and functionalities of each App,
    • The information about users that each App provides to MyDataCan, and
    • The information about users that each App queries within MyDataCan in order to operate;
  • A list of the Apps to which you are subscribed; and
  • A list of the Apps to which you have made Your MDC Data available.

The information in Your DataCan — that is, Your MDC Data — will change over time, as you use Apps. When you subscribe to an App, MyDataCan may receive into your DataCan a copy of information that the App collects about you. If so, that information is your copy of the information.

You may use your Dashboard to do the following:

  • To subscribe to Apps that allow direct subscribe options from within MyDataCan; and
  • To view Your MDC Data.

What do the Apps do with data they collect about me?

The Apps may collect data about you. For example, an App may collect GPS information that logs where you were and when you were there. An App may provide some or all of the information it collects about you to MyDataCan. Any information that an App collects about you and provides to MyDataCan goes into your DataCan and is identified for you in the Dashboard, where you will be able to view, share, delete or privatize it. We describe how you can do this above, in the section called “How can I see and control what MyDataCan and the Apps do with my MDC Data?” 

Although an App may not download or copy data stored in your DataCan beyond what is listed for the App on the Dashboard, the App may keep its own copy of data about you that it has collected and placed in your DataCan. The App’s own, separate Privacy Policy or Privacy Statement will describe the App’s security and privacy practices for data it collects from users and stores on its systems.

The Dashboard will tell you what information each App collects from its users, so that you can make an informed decision whether you want to use the App.

How does MyDataCan decide what Apps to include on the platform?

MyDataCan selects Apps to make available on the MyDataCan platform. These Apps may be developed and operated by Harvard, members of the Harvard community, or third-party developers. Before MyDataCan selects an App for inclusion on the platform, MyDataCan requests information about the App and reviews its features and functionalities, its data privacy and security practices, and its Privacy Policy or Privacy Statement. MyDataCan admits an App to the platform when it has determined that the App’s features, functionalities, and practices are consistent with MyDataCan’s COVID-19 objectives and MyDataCan’s information practices:

  • collect only what is necessary to accomplish the task
  • shared information is the minimal information needed to accomplish the task
  • keep personal data no longer than is needed to accomplish the task
  • the person who is the subject of the data should have a copy of their data
  • individuals should be able to make corrections to their own data
  • individual participation is optional
  • comply with stringent security practices.

Use of Certain Third-Party Applications and Websites

MyDataCan provides you with access to Apps that it approves to participate in MyDataCan. In addition, MyDataCan may provide links to other websites or resources. The Apps and these websites and resources are not under the control of MyDataCan, and we are not responsible for their collection of information about you, or for what they do with information about you that they independently store, outside of your DataCan. We encourage you to review the Privacy Policies or Privacy Statements and terms of use of each App, website, and resource you visit or use. 

Changing This Privacy Statement

MyDataCan may make changes to this Privacy Statement at any time. MyDataCan will post notice of changes to the Privacy Statement on this webpage, and by accessing the Dashboard or any App after the modifications to this Privacy Statement have been posted, you agree to be bound by the modified Privacy Statement. Accordingly, you should periodically revisit this page to review the then-current Privacy Statement.