If you are a professional photographer, you likely have a photography website because it’s an excellent way to share your work with potential clients in your area, book appointments, and receive payments.
- Why Data Privacy Is Important for Photographers
- Which Privacy Laws Affect Photographers?
- Article Snapshot
Why Data Privacy Is Important for Photographers
If you’re a photographer, you either already have or are likely in the process of designing a professional website. Through your website, you may need to collect various data from potential clients to get the necessary financial information for payments and improve your site’s overall performance.
While this data collection is useful, it is also regulated by both state, federal, and international laws. Many visitors to your photography website may not understand that you may collect their data or what rights they have in this process.
However, even if your photography business does not operate in a state or country with specific online privacy laws, a resident of one of those areas could still access your site, setting you up for potential liability.
- Privacy policies are often beneficial for your website’s search engine optimization (SEO) since major search engines like Google likely prioritize websites with appropriate privacy measures on their websites.
Which Privacy Laws Affect Photographers?
US State and Federal Laws
California Consumer Privacy Act (CCPA)
The CCPA requires some companies that do business with and collect California residents’ information to have privacy policies that inform clients:
- What data you have about them
- How you collect and use this data
- How consumers can opt out of you selling or sharing their data
While some businesses may not be affected by the CCPA, you should always try to comply with data privacy standards because it’s the right thing to do.
Children’s Online Privacy Protection Act (COPPA)
The Children’s Online Privacy Protection Act (COPPA) is a federal law that mandates specific privacy protections for children in the United States. This law applies to any website that may be accessed by children under American jurisdiction.
COPPA gives the US Federal Trade Commission (FTC) the power to determine whether or not a site is “marketing towards children.” A website’s appearance, its content, the kinds of language and music it uses, and the site’s general user composition can all determine if COPPA applies.
California Online Privacy Protection Act (CalOPPA)
CalOPPA applies to any website that may collect “personally identifiable information” about California residents who access that site.
The California Attorney General’s Office now enforces CalOPPA’s privacy requirements for mobile apps, as well.
Colorado Privacy Act
The Colorado Privacy Act may apply to you if your photography business services Colorado residents.
This law — part of the broader Colorado Consumer Protection Act — regulates information “controllers,” which it defines as any person or group of people who collect and control online data of Colorado residents.
Utah Consumer Privacy Act
Utah’s Consumer Privacy Act gives residents of the state of Utah the right to know which data of theirs a business collects via its website, how it uses that data, and whether or not it is selling that data.
Under this law, Utah residents also have the right to access any data of theirs that an online business has collected, and opt-out of any data collection if they so choose.
If you plan on operating your photography business to residents of Utah, your privacy statement should inform them of which data of their you may collect and how you plan on using that data.
You must also clearly inform them that they may access any data of theirs that you have collected and that you will comply with their requests to cease data collection and delete data of yours that you have already collected.
Virginia Consumer Data Protection Act
Virginia’s Consumer Data Protection Act applies to any online business that operates within the commonwealth of Virginia, and that either collects data from 100,000 Virginia residents or derives more than half of its gross income from selling the personal data of at least 25,000 Virginia residents.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) applies to citizens of all countries in the EU, as well as the countries of Norway, Switzerland, Ireland, and Liechtenstein. The UK has also recently passed its version of the GDPR after leaving the EU in 2020.
Both laws require companies to inform site users how their websites are collecting user data, how they are using that data, and how site visitors can opt-out.
Personal Information Protection and Electronic Documents Act (PIPEDA)
If you are selling photography services in Canada, your website must comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), which mandates that you inform site visitors how you are collecting their data and how they can consent or opt-out.
What Personal Data Does Your Website Collect?
This includes email addresses, shipping addresses, and birthdates. It might also include payment information, such as credit card numbers and banking account and routing numbers.
How Do You Use Personal Data?
You must inform visitors how you use the data you collect. For example, if you use it for targeted ads and promotions for upcoming events to a more specialized audience, you must mention this in your policy statement.
Do You Collect Data From Children Younger Than 13?
Under COPPA, you must address this even if you do not specialize in children’s photography. If not, your policy can include a clause specifying that you do not market to or collect data from children under 13.
How Do You Protect the Personal Data That Your Photography Website Collects?
Do You Share the Data With Third Parties?
If you share customer data with third-party companies for analytics, marketing, sales leads, or customer service improvement, you must inform customers of this fact. You must also specify what data of theirs you share.
How Can Your Customers Control the Personal Data That You Have Collected?
You should also link to a Data Subject Access Request form here.
Have Your Photography Website’s Privacy Policies Changed Recently?
- The link to it must be clearly identifiable and easily spotted and accessed.
However, you might also want to link to the policy on any banners, pop-ups, and transaction points you deploy on your site.