One of the most important things you should know and never neglect when you own a website or run an online shop is the legal aspect of the trade. In this article, we are going to provide all the information necessary to completely understand privacy policies, how they work and why you need them.
Dealing with any website online can leave you vulnerable to cyber-attacks and data theft, among a host of other types of risks. Because of this, you must know the basic privacy laws and requirements to make sure that your website is complying well with these standards.
Privacy policies can be a long and boring subject, but we recommended that you study it thoroughly. In this article, we will go over privacy policies bit by bit. There is a lot of ground to cover when it comes to this subject, so it would be wise to split it so that each part gets your undivided attention.
Table of contents
- Non-compliance penalties
- Final words
Privacy is a fundamental human right that many governments from all over the world recognize. There are numerous legislations made to support and protect an individual’s right to have their personal data kept a secret if they choose not to divulge their information.
As much as possible, such legislations ensure that one’s data are safe from the unfair collection, distribution, and other types of uses that are done without the knowledge of the individual.
Additionally, it reminds them that remaining on the website means that they are comfortable with the uses of their data. Simply put, it is a document that describes in detail what personal information your website collects from its visitors, along with how you store it and use it.
Of course, this disclaimer shouldn’t be used to justify unscrupulous data collection and use. There are still limits to how you can use the data collected via cookies. To help you understand what we consider as “personal data” here are some of the factors that meet the criteria:
- The visitor's IP address
- Full name, name or surname
- Email address
- Postal Address
- Any other information that can be used to identify the individual visiting your website
Thus, many countries have laws in place that require you to display it if you live in one of them or you collect and use any data about their citizens. If you want to have an online web entity, you should comply with these laws to prevent facing legal issues.
Having third-party services might require you to do so
As an online entity, there’s a possibility that you enlist the help of other third-party services to boost your online presence and increase your web traffic and visibility or to simply help you manage your website.
Examples of these include Google AdSense and Amazon Affiliates. These third-party services work effectively because they store and use the private information of web visitors. It is your duty as a host website to ensure that your visitors know how their personal data are being used to enhance their experience online.
It helps you establish a connection with your audience
You don’t want to take advantage of their private information. You are making your intentions regarding personal data collection, storage, and sharing known. This is a good step.
After all, being deceitful means that you not only risk losing all the credibility you have built over the years with website visitors; you can also face charges for your illegal activities with regard to the use of personal data.
1. United States of America
There are several states and federal laws in the USA that have provisions on data privacy:
- The California Consumer Protection Act of 2020
- The Computer Security Act of 1997
- The Consumer Credit Reporting Control Act
- The Computer Fraud and Abuse Act of 1986
- The Americans With Disability Act
- The Children's Internet Protection Act of 2001 (last updated in 2013)
- The Cable Communications Policy Act of 1984
Additionally, you have to get familiar with the laws and acts in the state where you reside. For instance, the State of California has the CCPA in place among others.
2. European Union
Furthermore, this directive establishes a legal framework inside, of which you can gather and use the personal data of website visitors. This ruling also governs how businesses can collect, store, and use personal data and what they need to do to protect it from misuse.
Australia's Privacy Act strictly regulates how companies need to handle sensitive user data. It covers all segments of sensitive data processing, from the collection and usage to storage and disclosure.
There are various requirements when it comes to the inclusions in privacy policies per country. Nonetheless, some elements exist in almost all types and formats of privacy policies.
Of course, it would be best to review the applicable laws and consult an attorney in your country to make sure that you are complying with all requirements in privacy policies. Let's face it though - it's by far not the fastest or cheapest option available.
Type of information collected
It’s not enough for you to mention that the personal information of your web visitor will be used to enhance their online experience and improve your data. You must elaborate on the details because this could be misconstrued.
What that means is that you really have to delve on to the nitty-gritty when it comes to detailing the information you plan to get. Your web visitors should know that their name, age, email address, the state they live in, and their social media platforms are going to be stored for lawful use.
The purpose of information collection
Gather as many "yes, I agree" from your web visitors by explaining the reason why you want to access their personal information. Most websites explain their need for this type of data by stating that they need the data to increase the overall satisfaction of their clients, customers, or followers.
If you wish to utilize their private information in other lawful ways, list that reason as well to make sure that all your bases are covered when it comes to disclosure.
How you collect information
Moreover, they’ll have an understanding as to how the internal process of information collection works. It also enhances your relationship with your consumers and establishes a level of trust between the brand and the customer.
How you protect information
It’s not enough to state that you’re collecting information to enhance their web experience. You should also assure your customers that you are doing your best to protect their information and avoid leaks or mishandlings. As they say, what happens on your website should stay on your website.
The option to deny information collection
It's up to you to make this decision as a business. Still, it needs to be in accordance with your long-term goals.
Take a look at their opening sentence, for instance: "Amazon.com knows that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly."
The reason for this is quite simple: it’s easier for website visitors to notice and understand your privacy agreement if it’s not connected with another long document/agreement like terms and conditions.
Here is the footer of the Google.com page:
Implement the enforceability of this agreement by using either browse-wrap or clickwrap. A browse-wrap would be the first two examples in the previous section of the article, while the clickwrap method can be seen in the last example of the last section.
- To display it prominently on the page (not close to edges, for instance).
- Make the font and links different and easier to spot (size, style, color).
- Notify users about changes.
When using the clickwrap method, make sure to:
- Provide unchecked checkbox if you use one. Remember, it is about forcing a visitor to take action. (If a visitor wants to continue without checking the box, provide a notice informing them why they can't continue the registration process)
To help you understand how important complying with such laws is, here are some of the penalties that come with non-compliance that you should be aware of:
Otherwise known as the California Online Privacy Protection Act, this piece of legislation seeks to oversee the collection of data and private information in the United States. Violations will incur a penalty of USD 2,500 each.
General Data Protection Regulation (EU)
Failure to comply with this will result in two tiers of fines. The first tier will have you surrender 2% of your company’s annual turnover or 10 Million Euros, whichever is higher.
For a tier 2 violation, you’ll have to surrender 4% of your company’s annual turnover or 20 Million Euros, whichever is higher. In both cases, you’ll definitely lose out financially if you fail to comply with this law.
EU Cookies Directive
The penalty for violating this law includes monetary fines that reach up to GBP 500,000 GBP. Smaller penalties include notices and enforcement being sent to your company to alert you of your violation.
Personal Information Protection and Electronic Documents Act (PIPEDA, Canada)
This law is pretty straightforward, but the fines that come with this are not cheap. Companies who knowingly breach PIPEDA requirements can be fined up to $100,000 for each violation.
We reserve the right to change this policy at any given time, of which you will be promptly updated. If you want to make sure that you are up to date with the latest changes, we advise you to frequently visit this page.
What User Data We Collect
When you visit the website, we may collect the following data:
- Your IP address.
- Your contact information and email address.
- Other information such as interests and preferences.
- Data profile regarding your online behavior on our website.
Why We Collect Your Data
We are collecting your data for several reasons:
- To better understand your needs.
- To improve our services and products.
- To send you promotional emails containing the information we think you will find interesting.
- To contact you to fill out surveys and participate in other types of market research.
- To customize our website according to your online behavior and personal preferences.
Safeguarding and Securing the Data
[name] is committed to securing your data and keeping it confidential. [name] has done all in its power to prevent data theft, unauthorized access, and disclosure by implementing the latest technologies and software, which help us safeguard all the information we collect online.
The data we collect by using cookies is used to customize our website to your needs. After we use the data for statistical analysis, the data is completely removed from our systems.
Please note that cookies don't allow us to gain control of your computer in any way. They are strictly used to monitor which pages you find useful and which you do not so that we can provide a better experience for you.
If you want to disable cookies, you can do it by accessing the settings of your internet browser. (Provide links for cookie settings for major internet browsers).
Links to Other Websites
Restricting the Collection of your Personal Data
At some point, you might wish to restrict the use and collection of your personal data. You can achieve this by doing the following:
- When you are filling the forms on the website, make sure to check if there is a box which you can leave unchecked, if you don't want to disclose your personal information.
- If you have already agreed to share your information with us, feel free to contact us via email and we will be more than happy to change this for you.
This legal agreement has legal power. It will be used in the court of law if your business is facing serious charges regarding any of the data privacy laws existing today.
- Updated on February 10, 2020