Data privacy policies are mandated by privacy laws, including the General Data Protection Regulation (GDPR) for the EU, California Online Privacy Protection Act (CalOPPA), the Delaware Online Privacy and Protection Act (DOPPA), and the Children’s Online Privacy Protection Act (COPPA), among others. Non-compliance puts companies at risk of penalties and fines amounting to thousands of dollars per violation.
Data privacy policies are important not only for compliance but also serve as legal documents on a website that sets expectations for site visitors. Therefore, privacy policies should be accessible to visitors regardless of where they are on a company’s website.
- What details to include
- Where to put it on the website
- How to make sure visitors read it
Data privacy policies need to include important details, like:
- Company information, including legal name, headquarters or mailing address, contact number, and email.
- The types of data collected from consumers include personal identifying information (PII), demographic data, technical information, and website activity.
- How visitor data is collected, e.g., through direct interaction, third-party sources, external technologies, or user contributions from website activities like account logins.
- What the company intends to do with visitor data, e.g., advertising initiatives, personalised browsing experience, targeted marketing.
- Visitors’ privacy rights under applicable laws within a specific jurisdiction.
- People or parties with whom the company may share visitor data, e.g., company affiliates and subsidiaries, business suppliers, advertisers, and third-party buyers.
- Visitors’ options about what data may be collected and how these may be used.
- Implications of cross-border data transfer.
- Company policies on data security, retention, and deletion.
Companies must obtain visitors’ consent before collecting data. While some websites require visitors to confirm their agreement, others imply user acceptance through continued use of the site. Make sure to check applicable privacy laws and comply with regulatory requirements for user consent.
The last consideration is how to make the policy appealing to readers. Here are a few tips to encourage users to read the policy:
- Use plain words and avoid unnecessary jargon.
- Place important details at the beginning of the document.
- Break up large blocks of text.
- Include a hyperlinked and/or bookmarked table of contents.
- Outline visitors’ choices regarding personal data, like opt-outs.
- Be transparent about how your company uses visitor data.