Openly Operated is a set of guidelines for auditing how apps and web services deal with user data, like a combination of a report card and a seal of approval. But it’s also a bid to change the terms of the privacy debate.
An OO-certified app or site must meet three criteria. First, it needs to demonstrate “a basic level of transparency” by making its code and infrastructure — among other things — public and fully documented. Second, it needs to lay out its policy in the form of “claims with proof,” establishing what user data is collected, who can access it, and how it’s being protected. Third, those claims must be evaluated by an OO-certified auditor who then makes the audit results public.