Nextdoor

Date signed: 10/1/2024

TPWA PIA info for Nextdoor
TPWA PIA Questions	TPWA PIA Answers
OPDIV:	CMS
TPWA Unique Identifier (UID):	T-8965441-458546
Is this a new TPWA?	Yes
Please provide the reason for revision
Will the use of a third-party Website or application create a new or modify an existing HHS/OPDIV System of Records Notice (SORN) under the Privacy Act?	No
Indicate the SORN number (or identify plans to put one in place.)	SORN Number: If not published:
Will the use of a third-party Website or application create an information collection subject to OMB clearance under the Paperwork Reduction Act (PRA)?	No
Indicate the OMB approval number and approval number expiration date (or describe the plans to obtain OMB clearance.)	OMB Approval Number: Expiration Date: Explanation:
Does the third-party Website or application contain Federal Records?	No
Describe the specific purpose for the OPDIV use of the third-party Website or application:	CMS will use Nextdoor to deliver targeted display advertising to raise awareness of campaign messaging. Nextdoor does not collect PII in the course of these advertising activities and therefore, does not share PII with CMS. Nextdoor provides CMS with conversion tracking reports to allow CMS to determine the effectiveness of advertising campaigns. Conversion tracking provides information about users’ activities regarding ads, including whether an ad is clicked on or a desired action is completed
Have the third-party privacy policies been reviewed to evaluate any risks and to determine whether the Website or application is appropriate for OPDIV use?	Yes
Describe alternative means by which the public can obtain comparable information or services if they choose not to use the third-party Website or application:	If consumers do not want to interact with advertisements from Nextdoor, consumers can learn about CMS campaigns through other advertising channels such as TV, radio, CMS websites, social media, and events.
Does the third-party Website or application have appropriate branding to distinguish the OPDIV activities from those of nongovernmental actors?	No
How does the public navigate to the third party Website or application from the OPIDIV?	Other
Please describe how the public navigate to the third-party website or application:	Not Applicable. The CMS websites do not link to Nextdoor. Nextdoor is a tool used to place and track advertising on third-party sites.
If the public navigate to the third-party website or application via an external hyperlink, is there an alert to notify the public that they are being directed to a nongovernmental Website?	No
Has the OPDIV Privacy Policy been updated to describe the use of a third-party Website or application?	Yes
Provide a hyperlink to the OPDIV Privacy Policy:	https://www.cms.gov/privacy/ The above is the privacy policy for all CMS websites unless a separate one is noted below: https://www.healthcare.gov/privacy/ https://www.medicare.gov/privacy-policy/index.html
Is an OPDIV Privacy Notice posted on the third-party Website or application?	No
Is PII collected by the OPDIV from the third-party Website or application?	No
Will the third-party Website or application make PII available to the OPDIV?	No
Describe the PII that will be collected by the OPDIV from the third-party Website or application and/or the PII which the public could make available to the OPDIV through the use of the third-party Website or application and the intended or expected use of the PII:	Not applicable. CMS does not collect any PII through the use of Nextdoor nor will Nextdoor make available any PII to CMS.
Describe the type of PII from the third-party Website or application that will be shared, with whom the PII will be shared, and the purpose of the information sharing:	Not Applicable. Nextdoor does not collect or share PII.
If PII is shared, how are the risks of sharing PII mitigated?	Not Applicable. Nextdoor does not collect or share PII.
Will the PII from the third-party Website or application be maintained by the OPDIV?	No
Describe how PII that is used or maintained will be secured:	Not applicable
What other privacy risks exist and how will they be mitigated?	CMS will conduct periodic reviews of Nextdoor’s privacy policy to ensure its policies continue to align with agency objectives and privacy policies and do not present unreasonable or unmitigated risks to user’s privacy interests. CMS uses Nextdoor solely for the purposes of improving consumer engagement with CMS websites by directing consumers to CMS websites through the use of targeted advertising. Use of Cookies and Web Beacons for Targeted Advertising Based on Sensitive Information Potential Risk: The use of cookies, pixels, and web beacons generally presents the risk that an application could collect information about a user’s activity on the Internet and use it for purposes that the user did not intend. The unintended purposes include providing a user with behaviorally targeted advertising. A growing number of states have enacted privacy laws that allow users to opt-out of receiving targeted advertising. In those states, when a user instructs Nextdoor to opt them out of targeted advertising, Nextdoor must respect the user’s request. Additional Background: Nextdoor collects non-personally identifiable information by placing a cookie or pixel (also known as a web beacon) on CMS websites and on advertisements sponsored by CMS on third party websites. The non-personally identifiable information collected by Nextdoor may include; plan type, IP address, browser types, operating systems, domain names, access dates and times and app interaction, referring website addresses, online transactions, browsing and search activity, device IDs and network type and service provider. A pixel (or web beacon) is a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a web page that allows Nextdoor to collect information regarding the use of the web page. A cookie is a small text file stored on a website visitor’s computer that allows the site to recognize the user and keep track of preferences. These technologies provide information about when a visitor clicks on or views an advertisement. Nextdoor uses that information to judge which advertisements are more appealing to users and which result in greater conversions, such as transactions with CMS websites. Mitigation: Nextdoor discloses in its privacy policy that personal information received from its users may be used to serve them with targeted advertisements. Further, in the States with privacy laws in place, Nextdoor has published privacy notices (accessible through its privacy policy) that explain a user’s right to opt-out of targeted advertising and also tells users how they are able to exercise this right. Users may opt-out through Nextdoor’s consent management platform (operated by Didomi) or through emailing us directly.

Third-Party Web and Application (TPWA) Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services

View all CMS PIAs

Authorization to Operate (ATO)

Ongoing Authorization (OA)

Assessments & Audits

CMS Policies and Guidance

Federal Policies and Guidance

Application Security

Security Operations

Risk Management and Reporting

Agreements

Privacy Activities

Privacy Resources

Reporting & Compliance

System Security

Tests & Assessments

Nextdoor