Starting a blog has never been easier - new website builders are easy to use and no longer require any technical skills, making this a perfect platform for people of all ages and backgrounds.
The answer is most likely, especially if you operate a blog for commercial purposes, have affiliate links, ads, or collect any kind of personal information.
Table of contents
- A short definition of personal information
- The type of information that you collect
- How you collect that information
- The purpose of collecting that information
- How you securely store and protect your readers’ personal information
- The third-party services that you use and that may have access to that information
- Your users’ rights over their data, including how they can opt-out of data collection
- Contact information - including that of your data protection officer under the GDPR
In addition to the above, you will have to consider which privacy laws apply to you - both the GDPR and the CalOPPA have additional requirements - as well as the particularities of your blog.
A lot of bloggers tend to use affiliate links or programs - if you could make a profit from one of your readers purchasing items through clicking on one of those links, you should disclose that affiliate relationship through the use of an affiliate disclaimer but also explain that your third-party partners may process personal information under the terms of their respective policies.
Before coming to the conclusion that you are not collecting that kind of data, consider the following:
- Do you send out a weekly newsletter to people that have subscribed to your mailing list?
- Do you ever run contests, whether by yourself or in partnerships with brands or other bloggers?
- Do you sell products or merchandise directly on your website (eBooks, templates, online courses, etc.)?
- Do you use third-party services, such as Google Analytics?
- Do you participate in affiliate programs, such as Amazon Associates?
- Can your readers comment on or share your posts on social media by linking their personal accounts?
Considering the global nature of the Internet and the chances that your readers could be located anywhere across the globe, this is something that you must take into consideration.
Here are two examples of global privacy laws:
If there is a possibility that your blog may collect personal information from users residing in California, which is highly likely even if you are located abroad, you will have to take into consideration the requirements of the California Online Privacy Protection Act (CalOPPA).
To find out more about what you need to know to comply with California privacy legislation see our blog on CalOPPA.
If your blog attracts (or could attract) readers located in the European Economic Area, then you may need to comply with the General Data Protection Regulation (GDPR), the strictest privacy regulation in the world.
Your readers no doubt value their privacy and, if you want to build a lasting relationship with them, you should make them feel safe by being upfront about what personal information you collect and for what purpose.
It also states that the participant is solely responsible for its website, including displaying any privacy-related content mandated by applicable laws, citing the ePrivacy Directive and the GDPR.
It is also good practice to remind your readers of its existence and request their consent, when applicable, each time that you collect data from them. This could be at the time of account creation when signing up to your email list, or during the checkout process, for example.
WhoWhatWear, owned by Clique Brands Inc., is a major fashion blog, sharing the latest runway and celebrity trends with its wide international audience.
WhoWhatWear includes a very handy linkable table of contents, which makes its policy easy to read and to navigate:
The policy is very detailed and transparent when it comes to exactly what type of information is collected, how it is collected, and how it is used. Readers can, at a glance, have a good idea of what type of information the company gathers about them:
You will note that WhoWhatWear mentions that it may use user-generated content, which can include photos, as it pleases without attributing it to the original user. Thus it's important to inform your readers to think before they share if you intend to do the same.
Section 13 sets out the additional privacy rights and protections of European and UK users as well as mentions the legal basis for data processing under the GDPR.
This addresses the additional rights of users residing in the state of California under the CCPA, notably the right to request access to information, to request that their personal information be deleted, or to exercise their right to opt-out of the sale of their personal information.
The blog makes it easy for its users to manage their data and exercise their rights by having a separate page just for that purpose, accessible under the website footer, with an easy-to-fill request form:
Startup and technology news website TechCrunch, which is owned by Verizon Media, is one of the biggest blogs on the Internet. Readers can sign up for different newsletters, leave public comments under articles, share them on social media and create an account.
You may also find it in the footer:
When it comes to the type of information collected, the policy splits this into a few categories, namely: essential information to use their services, the information provided to the company, device information, location information, information from cookies and other technologies, and information from others (such as third parties and affiliates).
Verizon Media ensures its users that it has technical, administrative, and physical safeguards in place to protect user data that it collects or stores - users that want to learn more about these security practices can read through a separate document going over the specific measures taken.
Here is what this page looks like:
This way of summarizing important information and linking to a page with more detailed information is great, as it makes it digestible for readers while still providing maximum transparency.
Users can manage their privacy preferences through Verizon Media’s Privacy Dashboard.
Here is what it looks like to a simple website visitor:
The Minimalist Baker team shares simple recipes through its blog, app, Instagram account, and YouTube channel. Blog readers can leave comments and ratings under each recipe, which requires them to input their names and email addresses. They also have the option to subscribe to a newsletter.
When on the blog, it is evident that third-party advertising services are used, as readers are served with personalized ads. The website even has a “shop” section with kitchen essentials and pantry items used in the recipes. By clicking on one of the links, readers are taken to a third-party vendor, such as Amazon, to make the purchase - safe to say that these are all affiliate links.
It is made clear to EEA and California residents that they have distinctive rights when it comes to the sharing of information with third-party advertising partners:
Additional rights of EEA residents are set out in a separate clause:
Since Minimalist Baker may process payment details, it also includes a section that addresses transactional data, including contact details and credit card details, with a link to the payment services providers’ respective policies:
Like many other websites, Minimalist Baker makes it clear to its users that while it does take measures to protect the personal information that is shared with them, no exchange of information over the Internet is 100% secure and that it should not be held liable for any incident:
Minimalist Baker has also provided for the eventuality that its website and assets may be sold one day and informs its readers that their personal information may be one of the assets sold in this context:
Controversial blogger Perez Hilton runs one of the most popular entertainment and celebrity blogs on the Internet.
The famous blogger and his team share a constant stream of gossip, rumors, and celebrity sightings on which readers are invited to leave a written, video, or audio comment.
Blog posts are shareable on Facebook, Pinterest, and Twitter with the click of a button, and readers are invited to share tips through a contact form on the website:
It starts off by informing Californian readers of their rights to request a copy of the personal information that was disclosed to third parties for direct marketing purposes:
It then covers what personal information is collected by the company, including from third parties such as social media networks with which the website connects:
Last but not least, Perez Hilton informs its readers that usage of his website is subject to this Privacy Notice and to its Conditions of Use, which are both subject to modification:
Be sure to look into other examples of privacy policies in different industries to get a good sense of how others write them.
If you own a blog, however small it is, and collect personal information, protect your business and your readers by having a transparent blog privacy notice that covers in detail how you collect and use personal information.
- Updated on June 1, 2021