Yes, a website privacy policy is required by law for many websites that collect personal information from users. For websites with Californian users, a privacy policy is legally required by the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA). For websites with users in the EEA, a privacy policy is mandated by the General Data Protection Regulation (GDPR).