| Data collection | Only collect data for the intended purpose. | Art. 5 (1), 6; recitals 32- 50, 58, 60 et seq. |
| Children protection | Treat children related info with utmost caution. | Art. 6 (1) lit. f, 8, 12 (1); recitals 38, 58, 65 |
| 3rd-party sharing | Inform users when their personal data is shared. | Art. 13 (1) lit. e, 14 (1) lit. e; recitals 61 |
| Data security | Implement state of the art data security mechanisms. | Art. 32, recital 78 |
| Data retention | Determine storage periods for personal data depending on its purposes. | Art. 17, 13 (2), 14 (2) |
| Data aggregation | Inform users when aggregated personal data is collected or shared. | (from PrivacyCheck) |
| Data control | Give users full control on personal data (delete, modify or transfer it). | Art. 13 (2) lit. b, 14 (2) lit. b, 15, 16, 17, 18; recitals 63 et seq. |
| Privacy settings | Use best privacy settings. At least, allow users to modify them. | Art. 25, recital 78 |
| Account deletion | Allow users to delete personal data at their convenience. | Art. 17 |
| Breach notification | Inform about incident, the implications, and actions users to take. | Art. 12, 34, 40 |
| Policy changes | Inform about policy changes in a transparent, and understandable. | Art. 12 |