Principles for the processing of user data by Kaspersky Lab security solutions

Respecting and protecting people’s privacy is a fundamental principle of Kaspersky Lab’s approach to processing user data. The data processed is crucial for identifying new and as yet unknown threats – such as WannaCry and ExPetr – and offering better protection products to users. Cloud-based analysis of big data from millions of devices to strengthen protection capabilities is an industry best practice that is applied by IT security vendors around the world. It is a must for securing users’ digital lives and corporate data from cyberthreats.

Details of the data processed can be found in the End-User License Agreement (EULA), the Kaspersky Security Network (KSN) Agreement and other agreements which differ depending on the product. The data users send to Kaspersky Lab is not attributed to a specific individual, is used in the form of aggregated statistics and is anonymized wherever possible.

Users of Kaspersky Lab products can always choose how much data they provide, based on the product or service used and the respective agreements accepted. All data processed and/or transferred is robustly secured through encryption, digital certificates, segregated storage, strict data access policies and by other methods.

The main data processing principles

  • All data processed by Kaspersky Lab is divided into the three key purposes for which it is used, in short these encompass: (a) supporting key product functionality, (b) increasing the effectiveness and performance of the protection components, and (c) offering improved and more suitable solutions to customers and providing them with the appropriate content.
  • All data sent to Kaspersky Lab by users is not attributed to a specific individual and is anonymized wherever possible. Actions to achieve this include deleting account details from transmitted URLs, obtaining hash sums of threats instead of the exact files, obscuring user IP addresses etc.
  • Customers voluntarily agree to send this data to Kaspersky Lab, by accepting different agreements, which vary depending on the product or service used.
  • The data provided is protected, even during transit, in accordance with stringent industry standards, including encryption, digital certificates, segregated storage and strict data access policies.
  • Kaspersky Lab constantly reviews the type of data processed by its solutions to protect our customers’ privacy and comply with the very latest legal requirements, such as the GDPR regulations in Europe.

What is Kaspersky Security Network?

Kaspersky Security Network (KSN) is one of Kaspersky Lab’s main cloud systems that was created to maximize the effectiveness of discovering new and unknown cyberthreats and thereby ensure the quickest and most effective protection for users. KSN automatically processes cyberthreat-related data received from millions of devices owned by Kaspersky Lab users, who have voluntarily opted to use this system. This cloud-based system approach is now the industry standard, applied by many global IT security vendors.

What is a ‘cloud’-based system’?

This is a system that runs on a company’s servers rather than on individual devices and which can be used over the internet from anywhere in the world. Examples of cloud systems include email, file sharing and file hosting. Kaspersky Lab’s cloud servers are distributed across the globe (e.g. in Germany, China, Canada, Russia etc.), enabling faster processing of information and guaranteeing server availability should one of them fail for any reason.

What is the purpose of cloud-based protection?

Most IT security vendors use the cloud to improve protection levels, and a hybrid protection model (antivirus databases + proactive defense + the cloud) is the most effective.

The high performance of the security cloud enables us to analyze cyberthreats faster and more accurately. While the traditional antivirus and anti-phishing database updating cycle usually takes several hours, the cloud can provide users with protection against a new threat within minutes.

Using the cloud can also make a security product ‘lighter’ by keeping it from taking up too much memory and resources on the user device.

Why should I accept the KSN agreement and share statistics with Kaspersky Lab’s cloud?

The more users there are contributing to the cloud intelligence, the better the protection will be for all users. Choosing to opt out of sharing information with the Kaspersky Security Network (KSN) impacts how quickly the product can react to new and emerging cyberthreats. Home users not sharing data with KSN will not lose cloud protection, but if many choose this option, the overall level of security will inevitably be affected in the long run. If a corporate user opts out of KSN, it means that they will not be able to receive cloud protection at all, unless they apply an additional layer of protection – Kaspersky Private Security Network - which provides them with the advantages of cloud protection without any data leaving the company’s facility.

Can data processing be limited?

Yes, customers can choose what data they send, and for what purposes, when they accept different agreements (which vary depending on the product or service used). For example, by rejecting the KSN Statement, corporate customers can reduce the amount of data they provide, to the absolute minimum required, for the product to function. This includes information about the license, product and the device(s) it is installed on.

Do you process personal data?

In accordance with some legal frameworks (like the GDPR), information processed by Kaspersky Lab may contain data that might be considered as personal or personally identifiable. Kaspersky Lab never processes “sensitive” personal data such as religion, political views, sexual preferences, health or other special categories of personal data. Kaspersky Lab users are always aware what data they send to Kaspersky Lab, as this is specified in the various agreements (KSN statements, EULAs, and consent forms) they accept. However, we do not attribute this data to a specific individual and anonymize it where possible.

How do you protect user data?

We are committed to protecting our customers’ data at all times. In order to do this, we use best-in-class technologies. The security measures and processes undertaken by Kaspersky Lab include:

  • Security Development Lifecycle – aimed at the secure development of solutions and patching of all potential vulnerabilities as soon as possible
  • Strong encryption to protect the data streams exchanged between user devices and the cloud
  • Encryption of user information in services such as Kaspersky Password Manager and Kaspersky Safe Kids. Users have a master key, which means no one except that specific user has access to their information
  • Digital certificates to ensure legitimate and secure server authentication and product updates
  • Segregated storage, which means different data is stored in different servers with restricted access rights and strict data access policies
  • Data is not attributed to a specific person and is anonymized by various methods such as deleting account details from transmitted URLs, obtaining hash sums of threats instead of the exact files, obscuring user IP addresses etc.

How do you anonymize the data you process?

Kaspersky Lab takes user privacy extremely seriously. The company implements the following measures to anonymize obtained data:

  • The information is analyzed in the form of aggregated statistics and is not attributed to specific persons;
  • Logins and passwords are filtered out from transmitted URLs, even if they are mentioned in the initial browser request from the user;
  • When we process possible threat data, by default we do not get access to the suspicious file. Instead we get a hash-sum, which is a one-way math function that provides a unique file identifier;
  • Where possible, we obscure IP addresses and device information from the data received;
  • The data is stored on separated servers with strict policies regarding access rights, and all the information transferred between the user and the cloud is securely encrypted.

How do users benefit from data processing in the cloud? What data is processed?

Depending on the product or service used and the agreements accepted, the data processed can include the following:

  • License/ subscription information

We are always on hand to support our customers in the case of the latest cyberthreats. License/ subscription data helps us to send product and antivirus database updates to legitimate users, ensuring they remain protected from the newly launched threats.

  • Product information

As well as staying protected, it’s also important that our users enjoy the best user experience possible. So, various data on the product’s operation and its interaction with the user is also analyzed. For example, how long does threat scanning take? Which features are used more often than others? Answers to these and other questions help us to tailor products to our users’ needs and provide them with solutions that are faster and easier to use.

  • Device data

An important part of the user experience is convenience, something we are always looking to improve at Kaspersky Lab. Data such as the device type, operating system, etc. is needed to distinguish devices. Matching a license to a specific device means the user doesn’t have to buy a new license for the security product after reinstalling the operating system, so they can pick up exactly where they left off.

  • Threats detected

For users’ safety, their cybersecurity solutions should be up-to-date with the latest threats and that is exactly what we provide. Modern cyberthreats are constantly evolving, meaning threat databases need to be regularly updated. If a threat (new or known) is found on a device, information about that threat is sent to Kaspersky Lab. This enables us to analyze threats, their sources, principles of infection, etc., resulting in a higher quality of protection for every user.

  • Information on installed applications

At Kaspersky Lab, we believe each individual user deserves a customized experience tailored to their needs. To achieve this, information on installed applications is processed to create lists of ‘white’ or harmless applications and prevent security products from hindering the user experience by mistakenly identifying such applications as malicious. In addition, this information helps us to offer users security solutions that best match their needs, giving users a greater level of customization.

  • URLs visited

We want to provide Kaspersky Lab customers with the highest level of protection when they are browsing the web, no matter which websites they visit. So, URLs can be sent to the cloud to check if they are malicious and prevent users from visiting them. This information also helps to create lists of ‘white’ or harmless websites and prevents security products from mistakenly identifying such websites as malicious and detracting from the user experience. We filter out information regarding logins and passwords from transmitted URLs, even if they are mentioned in the initial browser request from the user.

  • Operating System events

New malware regularly features sophisticated processes in order to stay hidden, and can often only be identified by its suspicious behavior. To protect our users by ensuring that we stay one step ahead of the latest cyberthreats, the product analyzes data on processes running on the device. This makes possible the early identification of processes that indicate malicious activity possible, along with the quick prevention of any potentially damaging consequences, such as the theft or destruction of user data.

  • Suspicious files

The analysis of suspicious files helps users to stay protected from the newest and most sophisticated malware. If an (as yet) unknown file exhibiting suspicious behavior is detected on a device, it can be automatically sent to the cloud for a more thorough analysis by machine learning-based technologies and, in rare cases, by a malware analyst. Suspicious files are only sent to Kaspersky Lab for analysis under very strict conditions – for instance, when files perform suspicious actions in the system, contain suspicious features, or if the files contain malicious code. Personal files (such as photos or documents) are rarely malicious and do not behave suspiciously. As a result, the ‘suspicious’ category includes mainly executable files (.exe).

  • Wi-Fi connection data

Wi-Fi networks are everywhere these days, but many are not secure. In order to help users feel confident that they are protected wherever they go, Wi-Fi information is analyzed in order to warn users of insecure (i.e., poorly protected) Wi-Fi access points, helping to prevent personal data from being inadvertently intercepted by cybercriminals.

  • User information

Customers need to know that their accounts are secure and can be accessed from anywhere, so email addresses are used for authorization on the My Kaspersky web portal, which lets users manage their protection remotely. Email addresses are also used to send tailored messages (e.g., containing important security alerts) to users. Users can also choose to specify the names (or nicknames) by which they would like to be addressed on the My Kaspersky portal and in emails. Contact information is provided by users at their own discretion.

  • Dump and trace files

We want Kaspersky Lab users to enjoy a quality user experience so, by checking the special box in the product settings, users can share error reports with Kaspersky Lab servers. This information helps to analyze any errors that might occur in the product and to modify it accordingly so that it will function more effectively moving forward. Users have to manually approve every report before it is sent to the cloud.

  • Emails

To enable the anti-spam functionality and to protect users from unwanted emails and fraud, we may receive and analyze information contained in emails that users report to be spam, or that are incorrectly identified as spam by the software.

  • Data about stolen devices

The anti-theft feature provides some remote access and control functions, designed to protect data on mobile phones in the case of theft, as well as allowing for the receipt of information about the location of a stolen device.

  • Data for the child protection feature

If a parent, or someone holding parental responsibilities, wants to use a child protection feature like Kaspersky Safe Kids, he or she can receive information about the child’s device and location. In addition, the parent or person holding parental responsibilities can configure parameters in order to block or permit specific websites and/or allow or prevent certain applications from running on that child’s device. Kaspersky Lab does not collect children’s data beyond the framework of the feature.

  • Purchases made

This data helps us to provide users with information, which is relevant for them.

Where is this data stored?

Kaspersky Security Network's servers are located in different countries around the world (Germany, Canada, China, Russia, etc.). Different types of aggregated stats are stored on different servers with strictly regulated access rights, or in the third party clouds such as Microsoft Azure.

Do you share personal data, processed by Kaspersky Lab solutions, with third parties?

We may only share data with vendors that provide services to us, such as Amazon cloud, Microsoft Azure etc. Kaspersky Lab works with its partners under data protection agreements. We never provide data, or access to it, to state organizations or third parties that are not our service providers.

Is Kaspersky Lab GDPR-ready?

Kaspersky Lab is ready for the GDPR from a legal, technical and organizational point of view.