Privacy Policy – What Is It and Why Do I Need It?
June 7, 2019
Regardless if you are a business owner that operates online selling products or a blogger with your own website, it’s likely that you require to have an active Privacy Policy on your website. Many businesses and web administrators have been updating their policies, especially in the past year.
Countries throughout the world have laws and regulations that determine whether one needs a Privacy Policy or not, as well as the type of information that each Privacy Policy must contain. Since these laws and regulations have recently changed in key global markets, many businesses throughout the world have been updating their Privacy Policies to ensure their website is compliant with said laws and regulations.
What is Privacy Policy?
A Privacy Policy is a legal document that is almost always digitalized and hosted on your website. It provides you with certain legal protections by openly disclosing how your company and website will handle and protect user information.
Privacy Policies typically cover:
- The types of information collected by the website
- The purpose for collecting the data
- Where and how the data is stored
- How the data is protected
- Whether the data is transferred or shared with third parties
- Websites and companies affiliated with you
- The use of cookies
It is important to note that a Privacy Policy is different from a Terms of Use (Terms and Conditions). While you’re not legally required to have a Terms of Use, it is strongly recommended that you have one for your protection. Your Privacy Policy should be linked in your Terms of Use to increase the odds of your users reading your Privacy Policy.
The Types of Information Collected by the Website
Your Privacy Policy must thoroughly describe the user information that you collect from your website’s users. This information includes:
- Personal information
- Usage and data analytics data
- Cookies
The Purpose for Collecting the Data
Your Privacy Policy must explain why the data is collected and how you will be using it. Some examples are:
- Shipping information
- Customer Service
- Retargeting
- General announcements
- Third-party service providers
Where and How the Data Is Stored
You must explain how you will store the data (Google Drive, Local Servers, etc.) and in what country the data is stored in. You must explain that the country in which the data is stored in will be subject to any laws in said country.
How the Data Is Protected
You must explain the measures you are taking to ensure the data you collect is secure. If your website is ever the victim of a cyber attack resulting in collected data being compromised, you must alert both legal authorities and those involved directly with the breach immediately.
Whether the Data Is Transferred or Shared with Third Parties
This includes transferring information to third-party programs such as Google Analytics or Facebook. In addition, you must explain whether you sell the data or share it with partners.
Websites and Companies Affiliated with You
You must disclose any websites or companies affiliated with you. You should link to those companies from your Privacy Policy.
The Use of Cookies
Your Privacy Policy should disclose that your website uses cookies in order to enhance your site’s functionality. You should explain that most web browsers are initially set up to accept cookies but can always be set to refuse all cookies or to indicate when a cookie is being sent in browser settings.
Do I Need a Privacy Policy?
If your website collects or stores personal data from those who visit your website in any way, you need a Privacy Policy. Some examples of personal data are:
- Names
- Dates of birth
- Email addresses
- Billing and shipping information
- Phone numbers
- Bank details
- Social Security numbers
These are typical examples of data types that will definitely leave you requiring a Privacy Policy for your website. However, if you utilize third-party tracking software or plug-ins such as Google Analytics, Yandex.Metrica, or Hotjar, you will also be legally required to have a Privacy Policy.
These types of programs and plug-ins utilize cookies that track your website’s users in the background while they browse your site. With that said, you are technically collecting personal data from your website’s users by using said programs and plug-ins.
This can be seen in Google’s Terms of Service as well, which specifically states that those who utilize the Google Analytics program must have a Privacy Policy linked on their website.
This is true for social media plug-ins as well that integrate social media accounts with your website for easy sharing. If you have integrated Facebook or another similar social media platform with your website or blog, it’s likely that your website is utilizing the Facebook Pixel – a tracking method used for analytics.
Internet Privacy Laws by Country
Countries all throughout the world have passed laws in regard to privacy and how website owners are allowed to handle the data they collect from their users. It is important to understand that you may be held accountable under a specific country’s privacy law, even if you are a citizen of another country.
The United States of America
When it comes to U.S. privacy laws, the U.S. does not have a single federal law that requires companies or website administrators to have a Privacy Policy, but rather a sum of various federal laws and state laws that strongly suggest that you should.
The Federal Trade Commission (FTC) regulates data protection on all consumers in the United States under the following acts:
- The Americans With Disabilities Act
- The Cable Communications Policy Act of 1984
- The Children’s Online Privacy Protection Act (COPPA)
- The California Online Privacy Protection Act (CalOPPA, CAOPPA)
- The Computer Fraud and Abuse Act of 1986 (CFAA)
- The Computer Security Act of 1997
- The Fair Credit Reporting Act (FCRA) or Consumer Credit Reporting Control Act
Regardless of state citizenship, all citizens of the United States must follow the regulations outlined in the CAOPPA if they are collecting personal data from individuals residing in California. This is also the case for non-U.S. citizens for as long as they are collecting data of individuals residing in California.
Canada
The Personal Information Protection and Electronic Documents Act (PIPEDA) governs data privacy throughout Canada. PIPEDA requires that all companies from Canada to have a Privacy Policy.
Under the PIPEDA, personal information means:
Any identifiable information about an individual whether recorded or not and it applies to the collection, use and disclosure of personal information by organizations during commercial activities.
Australia
The Privacy Act of 1988 governs data privacy throughout Australia. It specifically requires companies from Australia to have a Privacy Policy.
The United Kingdom
The Data Protection Act 1998 (DPA) governs data privacy throughout the United Kingdom. Companies that must comply with the United Kingdom’s DPA must adhere to the following principles:
- Any kind of personal data from users must be collected in a specified and lawful way. The data cannot be processed in any way that is incompatible with that purpose.
- The personal data that you collect should be adequate, relevant and not excessive in relation to the purpose for which you’re collecting personal data.
- The personal data should be kept up-to-date and accurate.
- Any kind of personal data collected from individuals should not be kept longer than is necessary for the purpose which it was collected for.
The European Union (EU)
The European Union also has its own laws in regard to privacy policies and data protection. Recently, the General Data Protection Regulation (GDPR) was passed and governs data privacy throughout the EU.
The GDPR is strict and includes global requirements for companies who deal with residents of the EU. In other words, even if you are not a citizen of the EU, you must comply with the GDPR for as long as you collect information from individuals residing in the EU.
India
The Information Technology Act of 2000 (IT) governs data privacy throughout India.
Singapore and Malaysia
The Personal Data Protection Act (PDPA) governs data privacy throughout Singapore and Malaysia. However, Singapore’s PDPA came into force in 2012, while Malaysia’s came into force in 2013.
South Korea
The Personal Information Protection Act of 2012 governs data privacy throughout South Korea.
Vietnam
Article 21 of the Law on Information Technology governs data privacy throughout Vietnam.
Platforms That Require Privacy Policies
In addition to national laws requiring Privacy Policies, specific companies and platforms require that you have a Privacy Policy if you utilize their services.
- All iOS applications – Apple’s App Store Review Guidelines state that applications that will collect personal information from users without consent and proper notification will be rejected.
- All Android applications – The Developer Distribution Agreement from the Google Play Store requires you to have privacy procedures and notices in place as an app developer on the Google Play Store.
- All Windows Phone applications – The Microsoft App Developer Agreement requires all developers of Windows Phone applications to have a policy.
- All Facebook applications – Facebook requires you to have a policy if you are developing applications on their social media platform.
- Login with Amazon – If you utilize Login with Amazon on your website, your Privacy Policy must be available before you are able to use the sign-in functionality.
Create a Privacy Policy Today
Once you’ve determined whether you need a Privacy Policy or not, creating one would be your next step. If you’re the owner of a big company, legal counseling should be sought and utilized to create a thorough policy. However, if you’re a small business owner, a Privacy Policy Generator may be right for you. Many generators can be found online. Termly.io, Rocketlawyer and Formswift all offer policy generators that can be used to create a thorough Privacy Policy for your website.
