Data Privacy & Web Accessibility Compliance: What’s The Link?

By: Masha Komnenic CIPP/E, CIPM, CIPT, FIP Masha Komnenic CIPP/E, CIPM, CIPT, FIP | Updated on: March 22, 2022

Data-Privacy-and-Web-Accessibility-Compliance-Whats-The-Link-01

In this article, we’ll look at what data privacy compliance and web accessibility compliance have in common, how they work together, and how to avoid legal implications for both!

Table of Contents
  1. What Is Data Privacy Compliance?
  2. What Is Web Accessibility Compliance?
  3. How Are Data Privacy Compliance and Web Accessibility Compliance Linked?
  4. Summary

What Is Data Privacy Compliance?

Data privacy involves how an organization deals with your personal data. Being data privacy compliant means your website meets regulatory and legal requirements for how you collect, process, store, and maintain personal information. 

There are several privacy compliance laws that apply to certain jurisdictions that state how an organization must meet the requirements to be compliant.

The Importance of Data Privacy Compliance

Data privacy compliance is important for two main reasons:

  • For the end-user
  • For legal compliance

Someone providing you with personal information online wants to know precisely how you will store and use their information. By complying with data privacy laws, you’re giving the end-user peace of mind that their information is safe and won’t be used for purposes other than what they’re explicitly allowing you to do.

Furthermore, if you’re bound by one of the data privacy laws, being compliant ensures you’re not going to get hit with legal consequences for noncompliance.

Does Privacy Compliance Apply to Everyone?

Data privacy compliance applies to anyone who collects personal information on their website, mobile app, or desktop app. This personal information can include names, email addresses, credit card details, home addresses, and other pieces of data.

Privacy Compliance Laws

As data collection and processing becomes more ubiquitous across the internet, privacy laws in the US and privacy laws around the world set strict requirements which demand privacy policies. Depending on your website, who your audience is, and what data you collect, various laws may apply to you and your privacy policy.

There are over one hundred privacy laws currently in place globally, and new laws are being developed each year. Here are the significant data privacy laws that affect your website:

Europe: General Data Protection Regulation (GDPR)

If you target users in the European Economic Area (EEA), you must comply with the GDPR. The GDPR is one of the world’s most comprehensive privacy laws and has set high standards internationally about how data is collected and handled.

For end-users, Article 12 of the GDPR grants users the right to transparent information about how their data is collected and handled. In addition, for business and website owners in the EEA, transparent privacy policies are now mandated by the GDPR.

US: California Online Privacy Protection Act (CalOPPA)

The CalOPPA was the original privacy law in the US, which mandated that websites make privacy policies available to users. The act also outlines what information needs to be made available regarding data handling — including what data is collected, where it comes from, and whether it’s shared or sold.

US: California Consumer Privacy Act (CCPA)

The most comprehensive data privacy law based in the US is the CCPA. Don’t be confused by California being in the name because this Act builds on the online privacy requirements of CalOPPA, demanding that businesses and websites nationally implement even more transparent and comprehensive policies.

In effect, since January 1, 2020, the CCPA has set an annual update requirement for privacy policies. Therefore, you will need to update your CCPA privacy policy each year.

US: Children’s Online Privacy Protection Act (COPPA)

If your website markets to children, strict rules and regulations apply. Most notably, the Children’s Online Privacy Protection Act (COPPA) governs websites that market specifically to kids. 

If your site’s target audience includes children under the age of 13, US federal law requires you to have a company privacy policy covering certain information about your business.

Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)

The PIPEDA outlines ten fair information privacy practices and principles for businesses operating in Canada, including “openness.” Complying with this principle means website operators need to make transparent privacy policies available to their users.

Consequences of Data Privacy Noncompliance

Being privacy-compliant is black or white because you’re either compliant or not compliant — there are no gray areas. 

If you’re not compliant with data privacy laws, there are significant legal consequences that could come your way. How much you will be fined depends on what legislation you’re breaching.

  • The fine for a GDPR breach is €20 million ($24 million) or 4% of annual global turnover, whichever is higher.
  • Noncompliant businesses with the CCPA have 30 days to fix the alleged violations. If they fail to do so, they will be fined up to $2,500 per consumer for unintentional violations and $7,500 per consumer for intentional violations.
  • When noncompliance is first noted for CalOPPA, a website owner is given 30 days to rectify the situation. If they fail to comply within this grace period, they will be fined a maximum penalty of $2,500 per violation.

What Is Web Accessibility Compliance?

Web accessibility compliance means your website is accessible to users with disabilities, as it complies with the laws and regulations put in place to protect people with disabilities online. 

Due to increased internet usage, some countries have incorporated web accessibility into existing civil rights legislation to protect people with disabilities. In contrast, other countries have created new laws explicitly addressing these issues.

The Importance of Web Accessibility Compliance

Like data privacy compliance, web accessibility compliance is important for two main reasons:

  • For the end-user
  • For legal compliance

Currently, 26% of adults living in the United States live with a disability. These people rely on accessible websites and web accessibility tools to access the internet, such as screen readers and text-to-speech software. 

For example, a website with inaccurate alt-text on its images won’t be accessible, and some users will miss part of the site’s messaging. The same is true for poor color contrast ratios, websites that are difficult to navigate, and videos without captions or transcripts.

Furthermore, suppose a website does not comply with the web accessibility legislation in their country. In that case, they’re subject to legal ramifications, which can apply to businesses of all sizes and be expensive and difficult to deal with.

Does Web Accessibility Compliance Apply to Everyone?

Different accessibility laws can apply to different sized businesses and both the public and private sectors. The laws were created to ensure that all customers with disabilities have equal access to your business via your website. 

For example, you can be charged with an ADA title III lawsuit even if you are not based in the US, but your customers who use your website are based in the US.

Web Accessibility Laws and Guidelines

Here is an overview of some of the significant accessibility compliance laws that may affect your website:

Web Content Accessibility Guidelines (WCAG) 2.1

The WCAG is arguably the most influential protocol that shapes web accessibility policy. The full WCAG 2.1 is incredibly long and complex, with many different points and requirements, but it’s all based on four essential principles:

  • Perceivable
  • Operable
  • Understandable
  • Robust

The WCAG isn’t a set of laws that can be enforced, but many governments have adopted it as the standard for their accessibility regulations.

Americans with Disabilities Act (ADA) Title III

ADA Title III covers public areas like schooling, transportation, and “public accommodations.” The 1990 bill did not predict today’s vast breadth of internet use. But as the internet and websites now play a more prominent role in the way consumers interact with businesses, there is now a clear consensus that ADA also covers the online world.

Total cases for digital accessibility are up 20% by the end of 2020, with the lawsuit filing rate increasing by more than 50% post COVID.

Unruh Act

California’s Unruh Civil Rights Act, enacted in 1959, protects people with disabilities from discrimination by most business establishments, including housing and public establishments. It was initially for brick-and-mortar establishments but now includes virtual businesses, including websites.

The Act prohibits discrimination based on: race, color, national origin, ancestry, language, immigration status, citizenship, religion, sex, sexual orientation, marital status, disability, medical condition, or genetic information.

If you violate the Unruh act in California, courts will require the business to adhere to WCAG 2.0 Level AA compliance to rectify the situation.

Section 508 of the Rehabilitation Act

In March 2017, the US Access Board published a final update of Section 508’s accessibility requirements for information and communication technology. The update was intended to provide a stricter definition of “accessibility” and bring the requirements in line with the radically new technology of the 21st century.

Here are the four changes:

  • WCAG Compliance
  • Content accessibility
  • Synchronization
  • Expanded Marketplace

Accessibility for Ontarians with Disabilities Act (AODA)

The AODA was ratified in 2005 by provincial authorities to fix standards for accessibility to services in Ontario.

The AODA for websites has 2-time frames:

  • All websites have to reach WCAG 2.0 Level A compliance by January 1, 2014
  • Websites have to reach WCAG 2.0 Level AA by January 2st, 2021

Consequences of Web Accessibility Noncompliance

Noncompliance with web accessibility legislation has various consequences depending on the legislation that you are not complying with:

  • ADA: the average lawsuit settlement comes to $35,000.
  • AODA: $50,000 per day or part day for individuals and fines of up to $100,000 per day or part day for corporations.
  • Unruh Act: plaintiffs can claim up to 3x in damages per incident (damages can include emotional distress), with no less than $4000 in statutory damages.
  • Section 508 of the Rehabilitation Act: up to $55,000 for the first violation and $110,000 for the following.

Lawsuit numbers are estimated to continue to increase as the need to enable accessible digital experiences becomes more prominent.

How Are Data Privacy Compliance and Web Accessibility Compliance Linked?

So far, we have explained in detail both privacy compliance and accessibility compliance individually. But how are these two concepts linked together, you might be wondering?

Both Are the Right Thing To Do!

No data privacy and accessibility compliance legislation would have come about without previous issues emerging from a lack of legislation. History has shown that the laws and guidelines set in place for both are necessary to ensure the safety and equality of all users.

Being privacy compliant and web accessibility compliant is simply the right thing to do, whatever way you look at it!

Both Have Legal Implications

Both data privacy and web accessibility have legislations, guidelines, and laws linked to them to ensure that end-users are protected at all times. Failure to comply with the laws results in heavy fines that can damage both small and large businesses.

Both Focus Heavily on the Benefits to End-users

The end-users are the top priority in both realms. Protecting a consumer’s private information and making websites accessible to people with disabilities is the purpose of privacy and accessibility compliance laws.

Benefits of Data Privacy Compliance for End-users

Transparency

Being transparent both on a desktop and mobile device when it concerns someone’s private information is what will retain more loyal customers and make them trust your business more. In addition, by complying with data privacy laws, such as GDPR, customers feel that their private information is secure and won’t be sold elsewhere or used for purposes other than what they agreed to initially.

Avoiding fines

Complying with data privacy laws ensures you aren’t breaching or violating the privacy of anyone while avoiding fines at the same time. Heavy penalties can ultimately destroy a small or large business; in being data privacy compliant, you’re avoiding these fines at all costs.

More trusting customers

The ultimate goal is to ensure that your customers trust you. If there is a data breach, your customer loyalty will decrease, word of mouth will spread, and you will no longer be trusted as a business. Customers will be disappointed, and it will affect your business much more than just paying a fine; you’ll also lose your most loyal and trusting customers!

Avoid making this mistake, and get your data privacy compliance sorted to retain loyal customers and avoid costly data breaches.

Benefits of Web Accessibility Compliance for End-users

Equal opportunity for people with disabilities

Living with a disability isn’t a choice for anyone. It’s how some people are born or how some people have been made to live — making up 10% of the world’s population. There are many things that people without disabilities take for granted that someone with disabilities struggles with every day. 

Navigating a simple website is one of them.

By ensuring you’re compliant with accessibility legislation, you’re giving equal opportunity for people living with disabilities to access your website and browse freely as anyone else can. It’s as simple as that.

Improves performance, from reach to SEO, to user experience

Web accessibility solutions are business-friendly tools that ensure clients are happy with the performance of their digital assets. When making websites accessible, you expect more traffic to your website because you’re increasing potential reach by around 20% since one in four people has a disability that requires accessibility adjustments on websites.

You’re opening your goods and services to more customers and a wider audience of their peers. People with disabilities are the most loyal customers: when they find an accessible website, they will come back and tell their friends and family.

On top of that, the user experience is dramatically improved by allowing people to customize their experience to their abilities. By doing that, you will prolong dwell time, reduce bounce rate and improve SEO and conversion rates. If the website isn’t accessible, viewers will quickly bounce out, which could impact your performance score.

Positive word of mouth

If your website is compliant with accessibility guidelines and regulations, this, in turn, will lead to positive word of mouth spreading about your site. However, if your website is not compliant, this can damage your site’s reputation, leading to a loss of trust and loyal customers. Word of mouth is a powerful tool and can play a significant role in influencing the decisions of potential visitors and customers.

Mitigate unnecessary legal risk

As stated above, the legal ramifications for noncompliance with accessibility laws can be heavy fines. These fines can vary for the size of the business but don’t differentiate between whether you set up your website one week ago or ten years ago. Web accessibility is essential from the first day of starting your business. If you’re accessibility compliant, you’re avoiding the risk of being fined or hit with damaging lawsuits.

Satisfied consumers

Happy consumers go much further than making a sale or gaining a new client. It means your consumers trust you. They will value you and respect you for considering them under all circumstances. Satisfied visitors will come back in the future and can be your most loyal customers.

Summary

Data Privacy Compliance Web Accessibility Compliance
Applicable To Anyone who collects personal information on their website, mobile app, or desktop apps, such as names, email addresses, credit card information, or home addresses. Accessibility compliance applies to anyone who has a website online, and is based in or interacting with people who are covered by accessibility legislations. This applies to both large and small businesses alike.
Types of Laws
  • GDPR
  • CCPA
  • PIPEDA
  • COPPA
  • CalOPPA
  • WCAG
  • ADA Title III
  • EEA/EN
  • Unruh
  • AODA
  • Section 508 of the Rehabilitation Act
  • ACA
Benefits of Compliance
  • Transparency
  • Avoiding fines and legal implications
  • More trusting customers
  • Equal opportunity for people with disabilities
  • Better websites performance
  • Avoid implications
  • Good online reputation
  • Satisfied, trusting customers
Penalties
  • GDPR breach: €20 million ($24 million) or 4% of annual global turnover, whichever is higher.
  • CCPA breach: up to $7,500 for intentional violations, and up to $2,500 for unintentional violations.
  • CalOPPA breach: given 30 days to rectify the situation. If you fail to comply within this grace period, you will be fined a maximum penalty of $2,500 per violation.
  • CCPA breach: have 30 days to fix the alleged violations. If you fail to do so, you will be fined up to $2,500 per consumer for unintentional violations and $7,500 per consumer for intentional violations.
  • ADA: the average lawsuit settlement comes to $35,000
  • AODA: $50,000 per day or part day for individuals and fines of up to $100,000 per day or part day for corporations.
  • Unruh Act: plaintiffs can claim up to 3x in damages per incident (damages can include emotional distress), with no less than $4000 in statutory damages.
  • Section 508 of the Rehabilitation Act: up to $55,000 for the first violation and $110,000 for the following.
Easiest Way to Comply Termly is the all-in-one compliance solution for small businesses. Comply with the GDPR, CCPA, ePrivacy Regulation, and more — for FREE. Browse the web for automated accessibility solutions you can implement on your website. There are many highly reviewed companies in this space.
Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources