Privacy Notice vs. Privacy Policy: What’s The Difference?

Modern websites are required to protect visitors’ private information more carefully than ever before. If you’re preparing to start a new website or bring an old one into compliance, then you’ve probably heard about privacy notices and privacy policies.

They sound pretty similar, so what’s the difference?

To summarize the difference between a privacy notice and a privacy policy:

You should note that while there are essential differences between the information included in a privacy policy and a privacy notice, the terms can still be confused and are often used interchangeably.

Even the Federal Trade Commission has used the two terms interchangeably. Despite this confusion, you should still develop both documents.

Below, you’ll learn the details of privacy notices vs privacy policies, the most important differences, what terms you need to use when, and how to write and publish privacy disclosures that comply with important laws.

What Is a Privacy Notice?

The privacy notice is a document you present to people who visit your site used to explain to them how you collect their information and how they can opt out. These kinds of notices are required by multiple laws, including:

• California Consumer Protection Act (CCPA)
• California Online Privacy Protection Act (CalOPPA)
• EU General Data Protection Regulation (GDPR)

Your privacy notice must:

• Inform users exactly what data you’re collecting
• Identify the controller collecting that data
• Explain why you’re collecting data, including the legal basis for that collection
• Describe how you’ll use and store the data, including how long it will be kept
• Explain how to opt out of data collection entirely and how to request the controller to delete stored personal information

To display a privacy notice, you need to make sure that you:

• Display a privacy notification clearly in the window, contrasting with the background to catch reader attention
• Link to your actual privacy notice page with direct and understandable language

What Is a Privacy Policy?

Instead of existing for your customers, privacy policies are for your staff.

A privacy policy explains how people within your organization are supposed to gather, track, store, and delete consumer information. A good privacy policy is thorough and explains why your staff needs to do each task to ensure that its requirements are actually followed.

Privacy policies aren’t legally required, but they’re heavily recommended.

Your privacy policy does more than just give your staff data handling guidelines. It also acts as proof that you’re actively working to protect your users’ privacy.

Should you face a privacy inquest, having a policy on hand can help you explain your processes and demonstrate that any violations that may have occurred were accidental. This can significantly reduce the potential fines you face if it’s found that you have violated any privacy laws.

What Is the Difference Between a Privacy Policy and a Privacy Notice?

Once you understand what each of these privacy disclosures includes, you can spot the important differences between them. Comparing a privacy policy vs a privacy notice lets you see that:

Which One Should I Put On My Website?

The most important privacy document to add to your website is your privacy notice. The privacy notice is what informs your visitors of their rights and how their private information will be collected and used.

Digital privacy laws require you to post a privacy notice and to make it clearly apparent to visitors.

Visitors to your website don’t need the information included in your privacy policy. While you can post it if you want, it’s irrelevant to most users. As long as you’ve included a privacy notice on your site, there’s no need to add a privacy policy.

Which Term Do I Have to Legally Use and When?

Using the correct terminology is essential if you want to remain in compliance with privacy laws. To understand which terms you need to use and when, you should understand what different laws require.

None of these laws specifically require you to call your privacy disclosure document a certain term.

As long as you use the word “privacy” in your links and document title, you meet the requirements for each bill. However, if you want to fully cover your bases, using the term “privacy notice” includes the terms mentioned in all three laws, preventing miscommunications and misunderstandings.

You can call your internal privacy guidelines whatever you want. As long as you have one, you can name it a “privacy policy” or a selection of other terms that refer to the same concept. This document isn’t external-facing, so the title doesn’t matter as long as the document is structured to meet legal requirements and you follow it appropriately.

Are There Other Terms I Should Know?

There are several other terms that may be used instead of privacy notice and privacy policy. The exact names used for privacy documents vary around the world. Depending on where you live, you may also see terms such as:

• Privacy statement
• Information notice
• Data protection notice

Each of these terms can apply to both types of privacy documents.

Businesses in the EU may be slightly more likely to use the term “privacy statement” instead of privacy notice because they are directly regulated by the GDPR. Since the Article 29 Working Party clarified that “privacy statement” is what is meant by the GDPR, it’s an acceptable term in EU companies. It’s still usable in the US, too, since it’s in compliance with CalOPPA.

Similarly, “information notice” and “data protection notice” are likely to be used for privacy notices outside the US by businesses not held to CalOPPA. Since these terms don’t include the word “privacy,” they aren’t in compliance with CalOPPA’s requirements for public-facing privacy disclosures.

Solutions for Creating a Privacy Policy, Notice, or Statement

If you need to create any kind of privacy disclosure, you have three main options: choosing a managed solution, using a template, or building one from scratch. All of these choices have their own benefits and drawbacks. Here’s what you need to know about each so you can choose the one that works best for your business.

Use a Managed Solution

Managed solutions do the work of generating legally sound privacy notices and policies for you. The managed solution will consider your business’s requirements, then will create and post a privacy notice that complies with all the relevant laws.

Our privacy policy generator takes the hard work out of keeping your privacy statements up-to-date. It also tracks user consent for you. All you need to do is work with Termly to add the policy to your site.

Use a Template

If you want a little more control over your policy, you can choose to use a template. With a privacy policy template, you start with a basic format which you can customize to fit your needs. You don’t have to write the policy from scratch, so you don’t have to worry about reinventing the wheel and potentially failing to comply with data privacy laws.

Our privacy policy template is a great place to start. With the template, you can create a custom document in minutes while still having direct control over what it includes.

DIY

If you do want to write your privacy notice or policy from scratch, you can do that, too. You’ll need to make sure you include all the legally required information, so you should make sure you’re working with quality resources when you’re writing.

You can refer to our guide on how to write a privacy policy to make sure you don’t miss anything important and to reference many excellent privacy-protecting examples.

Where Do I Publish My Privacy Notice, Policy, or Statement?

Your privacy notice or statement should be published clearly on your website. You can post it by setting up a dedicated page for the notice, then by:

• Linking to the page in a pop-up
• Adding a large, obvious link to the front page
• Inserting a privacy notice footer
• Placing a link on mobile app menus

Your privacy policy doesn’t need to be published publicly. However, it should be easily accessible to your employees. Make sure all staff who interact with customer data can easily reach the document through solutions like:

• Posting the policy on your internal staff hub
• Adding the policy to the main folder of shared cloud drives
• Emailing the policy to all staff

Summary

Comparing a privacy notice vs privacy policy is like comparing apples and oranges. The two types of documents are used for entirely different purposes. The fact that some organizations use the terms interchangeably can make things even more confusing.

Still, it’s worthwhile to have both. If you’re ready to implement a better privacy policy or notice, Termly can help. You can explore our privacy policy and privacy notice services today to learn more about how Termly makes it easier to stay in compliance with modern data privacy laws.

More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author