Modern websites are required to protect visitors’ private information more carefully than ever before. If you’re preparing to start a new website or bring an old one into compliance, then you’ve probably heard about privacy notices and privacy policies.
They sound pretty similar, so what’s the difference?
- Privacy policies are internal documents that tell your employees how to protect customer data.
- Privacy notices are external documents that inform visitors about how their data is used and their privacy rights.
Even the Federal Trade Commission has used the two terms interchangeably. Despite this confusion, you should still develop both documents.
Below, you’ll learn the details of privacy notices vs privacy policies, the most important differences, what terms you need to use when, and how to write and publish privacy disclosures that comply with important laws.
What Is a Privacy Notice?
The privacy notice is a document you present to people who visit your site used to explain to them how you collect their information and how they can opt out. These kinds of notices are required by multiple laws, including:
- California Consumer Protection Act (CCPA)
- California Online Privacy Protection Act (CalOPPA)
- EU General Data Protection Regulation (GDPR)
Your privacy notice must:
- Inform users exactly what data you’re collecting
- Identify the controller collecting that data
- Explain why you’re collecting data, including the legal basis for that collection
- Describe how you’ll use and store the data, including how long it will be kept
- Explain how to opt out of data collection entirely and how to request the controller to delete stored personal information
To display a privacy notice, you need to make sure that you:
- Display a privacy notification clearly in the window, contrasting with the background to catch reader attention
- Link to your actual privacy notice page with direct and understandable language
Instead of existing for your customers, privacy policies are for your staff.
Privacy policies aren’t legally required, but they’re heavily recommended.
Should you face a privacy inquest, having a policy on hand can help you explain your processes and demonstrate that any violations that may have occurred were accidental. This can significantly reduce the potential fines you face if it’s found that you have violated any privacy laws.
- Privacy policies are internal-facing, while privacy notices are public-facing.
- Privacy policies provide guidelines for how the company handles data protection, while privacy notices inform users of their rights.
- Privacy notices explain how to get in touch with the organization, while privacy policies discuss how to respond to customer requests.
Which One Should I Put On My Website?
The most important privacy document to add to your website is your privacy notice. The privacy notice is what informs your visitors of their rights and how their private information will be collected and used.
Digital privacy laws require you to post a privacy notice and to make it clearly apparent to visitors.
Which Term Do I Have to Legally Use and When?
Using the correct terminology is essential if you want to remain in compliance with privacy laws. To understand which terms you need to use and when, you should understand what different laws require.
- CalOPPA: This bill requires sites to provide a clear link to the privacy notice’s page with an icon or text hyperlink that includes the word “privacy.”
- CCPA: This law states that website owners are required to provide “notice” to users about their privacy practices.
- GDPR: This regulation requires sites to provide users with information about their privacy rights, and the Article 29 Working Party has clarified that that means offering a “privacy notice” or “privacy statement.”
None of these laws specifically require you to call your privacy disclosure document a certain term.
As long as you use the word “privacy” in your links and document title, you meet the requirements for each bill. However, if you want to fully cover your bases, using the term “privacy notice” includes the terms mentioned in all three laws, preventing miscommunications and misunderstandings.
Are There Other Terms I Should Know?
- Privacy statement
- Information notice
- Data protection notice
Each of these terms can apply to both types of privacy documents.
Businesses in the EU may be slightly more likely to use the term “privacy statement” instead of privacy notice because they are directly regulated by the GDPR. Since the Article 29 Working Party clarified that “privacy statement” is what is meant by the GDPR, it’s an acceptable term in EU companies. It’s still usable in the US, too, since it’s in compliance with CalOPPA.
Similarly, “information notice” and “data protection notice” are likely to be used for privacy notices outside the US by businesses not held to CalOPPA. Since these terms don’t include the word “privacy,” they aren’t in compliance with CalOPPA’s requirements for public-facing privacy disclosures.
If you need to create any kind of privacy disclosure, you have three main options: choosing a managed solution, using a template, or building one from scratch. All of these choices have their own benefits and drawbacks. Here’s what you need to know about each so you can choose the one that works best for your business.
Use a Managed Solution
Managed solutions do the work of generating legally sound privacy notices and policies for you. The managed solution will consider your business’s requirements, then will create and post a privacy notice that complies with all the relevant laws.
Use a Template
If you do want to write your privacy notice or policy from scratch, you can do that, too. You’ll need to make sure you include all the legally required information, so you should make sure you’re working with quality resources when you’re writing.
Where Do I Publish My Privacy Notice, Policy, or Statement?
Your privacy notice or statement should be published clearly on your website. You can post it by setting up a dedicated page for the notice, then by:
- Linking to the page in a pop-up
- Adding a large, obvious link to the front page
- Inserting a privacy notice footer
- Placing a link on mobile app menus
- Posting the policy on your internal staff hub
- Adding the policy to the main folder of shared cloud drives
- Emailing the policy to all staff