Table of contents
The definition of personal data includes names, addresses (physical or e-mail), IP addresses, telephone numbers, date of birth, and financial information, such as debit or credit card details.
In addition to outlining how the company will use the information, it also includes how it will meet its legal obligations, and how those sharing their data can seek recourse should the company fail to meet those responsibilities.
This includes eCommerce sites, sites that track users' behavior through cookies, and even companies that simply send out occasional newsletters.
Many websites require site users to indicate that they have read the policy when they first provide their information.
As the nature of the internet means that websites may be accessed and utilized by people anywhere in the world, privacy policies need to meet the major standards, such as those required in Europe and the United States.
In Europe, those countries which form part of the European Economic Area (EEA) are required to meet seven principles.
These principles require that the data collected be limited to only that which is entirely necessary for the purpose of the site; how individuals may access their data; how the information is protected; and the accountability of the data collector.
As of May 2016, the General Data Protection Regulations (GDPR) became law across the EEA, standardizing the regulations across the entire region. Any organization whose website is available in Europe will be required to meet the GDPR, regardless of where in the world it is registered, including Canada and the USA.
In the United States, there is no over-riding data protection law, but it does have a number of other laws that cover specific demographics and circumstances. One of the best known is the Children's Online Privacy Act (COPPA).
This regulates websites that are deliberately targeted at children under the age of 13, whether or not they collect data. It also applies to websites that, while they may not be targeted at children, knowingly collect information from users who are under the age of 13.
The other latest regulation that takes effect in January 2020 is the California Consumer Privacy Act (CCPA).
Any website that meets these criteria and is accessible within the United States must adhere to these regulations. Usually, where a site does gather information from children, a parent or guardian must provide their consent for this to happen.
Many non-eCommerce websites, especially blogs, generate income through advertising placed on their site by third parties. The best-known ones are Google's AdSense and Amazon Affiliates, although there are many other similar schemes.
As these schemes involve the sharing of data, before being allowed to take part in either program, websites are required to have privacy policies published within them.
A breach of this data could have serious consequences for the people affected. The policy should include the security measures that are in place to protect the data.
- The exact information that will be collected from website users, which may include names, physical or e-mail addresses, IP addresses, and telephone numbers, and location tracking.
- If cookies are being used on the site, how to opt-out of them, and what effect this might have on the user's experience.
- How the information will be collected, and by whom, for example, if it is being collected by an advertising program.
- How the information will be used, including if it will be shared with third parties.
- How the information is protected from misuse or unauthorized access.
- How to opt-out of data sharing, along with the potential consequences of doing so.
In addition, certain types of websites must include other information. For example, anyone using Google AdSense must include information about the cookies, links, and any third-party sellers or advertisers featured on the site.
E-commerce websites must also detail how payment information will be accessed, processed and stored. They must make it clear who is handling the information, as the complexity surrounding the storage of payment details means that many sites use third parties to manage the payment process and storage of financial information.
This is usually either in the form of a link with a checkbox to confirm that the user has read the terms and conditions and accepts them, or the user may be required to scroll down through the page before they are able to accept them.
It could be argued that the second approach - used by Google in particular - is the better option, as the person agreeing is provided with direct access to the policy rather than having to make an effort to open another page.
We collect the content and other information you provide when you use our services, including when you sign up for an account, create or share, and message or communicate with others. This can include information in or about the content you provide, such as the location of a photo or the date a file was created. We also collect information about how you use our services, such as the types of content you view or engage with or the frequency and duration of your activities.
Facebook clearly outlines what information that the user provides - whether deliberately or not - will be accessed and used. There is no ambiguity about what data will be collected, and where from.
We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input. We reveal only the last four digits of your credit card numbers when confirming an order. Of course, we transmit the entire credit card number to the appropriate credit card company during order processing. It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer.
It also advises their customers on their responsibility for protecting themselves, and what actions they should take to prevent fraud.
Microsoft uses the data we collect to provide you the products we offer, which includes using data to improve and personalize your experiences. We also may use the data to communicate with you, for example, informing you about your account, security updates and product information. And we use data to help show more relevant ads, whether in our own products like MSN and Bing, or in products offered by third parties. However, we do not use what you say in e-mail, chat, video calls or voice mail, or your documents, photos or other personal files to target ads to you.
This statement outlines in simple language how Microsoft will utilize its users' data. Anyone signing up to their services will understand precisely what their data may be used for, and when.
It also details what information will not be used and will remain private to the user, which allows individuals to make an informed decision about their usage.
You may also set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us. However, it's important to remember that many of our services may not function properly if your cookies are disabled. For example, we may not remember your language preferences.
- Updated on November 18, 2020