Partner Content
Out of the adults Statista surveyed worldwide, 66% of respondents agreed that they felt tech companies control their personal data. Surveyed consumers based in the United States, United Kingdom, and Spain expressed more concern about their personal data when compared to respondents based in Europe and Asia. In response to increasing privacy awareness, companies need to assure consumers of their privacy rights with an accessible and digestible data privacy policy. Let’s take a closer look at what a data privacy policy is and why businesses need to have one on their websites.
A data privacy policy is a public declaration about what data may be collected from visitors and how these may be used by the company, its affiliates, and external technologies like analytics or advertising tools. The policy also lays out how the company maintains, discloses, and protects visitors’ data. Some companies choose to create their own delivery channels for their data policies, like Treasure Data’s Privacy Hub.
Data privacy policies are mandated by privacy laws, including the General Data Protection Regulation (GDPR) for the EU, California Online Privacy Protection Act (CalOPPA), the Delaware Online Privacy and Protection Act (DOPPA), and the Children’s Online Privacy Protection Act (COPPA), among others. Non-compliance puts companies at risk of penalties and fines amounting to thousands of dollars per violation.
Data privacy policies are important not only for compliance but also serve as legal documents on a website that sets expectations for site visitors. Therefore, privacy policies should be accessible to visitors regardless of where they are on a company’s website.
Companies need to think about three main things when creating a data privacy policy:
Data privacy policies need to include important details, like:
Requirements for every mandated data privacy policy will vary according to specific jurisdictions and applicable laws. However, companies may start with the above list and modify it as necessary to comply with current laws.
Another important consideration is where to locate the data privacy policy on the company website. Typically, a dedicated page houses the entirety of the policy document with important details, such as business contact information and the user agreement.
The data privacy policy must be linked to the website homepage and on every webpage. Many companies display a link at the footer of the website. Others use a pop-up to notify visitors of the company’s privacy policy before they can access the site.
Companies must obtain visitors’ consent before collecting data. While some websites require visitors to confirm their agreement, others imply user acceptance through continued use of the site. Make sure to check applicable privacy laws and comply with regulatory requirements for user consent.
The last consideration is how to make the policy appealing to readers. Here are a few tips to encourage users to read the policy:
In summary, a data privacy policy informs website visitors and consumers how a company collects, uses, and shares data. Companies need to provide this policy to comply with privacy laws and set visitors’ expectations about how their privacy rights are being protected. A data privacy policy needs to include important details, like what data points are collected, how users’ personal data are used, and applicable privacy rights, as well as visitors’ options regarding their personal information. Data privacy policies must be accessible from every website page and designed to be reader-friendly to engage website visitors.