Bolt Image

Privacy Policy Updates

Avatar for Lisa Xu

by Lisa Xu

November 23, 2020

Build My Privacy Policy
Privacy policy updates - why you're getting so many emails

To stay compliant with privacy laws and continue to operate your business transparently, you need to make privacy policy updates and notify your users of these changes.

As you already know, you’re required to have a privacy policy to meet certain legal privacy standards. Failing to maintain an updated privacy policy can compromise your compliance and undermine user trust.

When you make privacy policy changes, notify your users in order to stay compliant with laws and regulations, and to develop a strong rapport with your customers.

Table of Contents
  1. Why Make Privacy Policy Updates
  2. Why You Should Inform Users About Privacy Policy Updates
  3. How You Can Notify Users About Privacy Policy Updates
  4. Why Are Privacy Policies Changing
  5. Privacy Policy Updates FAQs

1. Why Make Privacy Policy Updates

Online business is dynamic. Changes are often made to forecasts, models, partnerships, and business plans in order to better suit a company’s needs.

As with all company practices and policies, it’s essential to review your privacy policy to ensure that it’s up-to-date and still an accurate reflection of your current way of doing business.

Every time you change the functionality of your website or the way you interact with user data, you need to review your privacy policy and consider whether it still adequately addresses your data collection practices.

If you add a new payment option to your online store, for example, or overhaul your platform — which may collect user information in a different way — you need to read over and possibly update your privacy policy.

Furthermore, if state or federal laws change, you may need to update your privacy policy to comply with those laws or amendments.

With the California Consumer Privacy Act (CCPA) officially in effect as of 2020, you should review your current privacy policy to make sure it meets CCPA privacy policy requirements.

2. Why You Should Inform Users About Privacy Policy Updates

Depending on applicable laws, you may be legally required to provide notification of any changes you make to your privacy policy.

It’s also best business practice to incorporate privacy by design and create an atmosphere of transparency with your customers regarding their data.

Here are some reasons why you need to notify users about privacy policy changes.

1. You Want to Avoid Legal Challenges

You may be legally required to have a privacy policy if you collect personal information from users. Many of the same laws that require privacy policies, require privacy policy updates and update notifications.

Here are some laws that require privacy policy updates:

  • The California Online Privacy Protection Act (CalOPPA)
  • The California Consumer Privacy Act (CCPA)
  • The General Data Protection Regulation (GDPR)
  • The Federal Trade Commission’s Gramm-Leach-Bliley Act

Failing to comply with these laws can result in fines of thousands, or even millions, of dollars.

Federal legislation also prohibits deceptive business practices. If you change your privacy policy but don’t notify users of updates, it can be framed in court as a deceptive business practice.

2. You Want to Avoid Public Backlash

Internet users are becoming more conscious of the information they share online. Along with emerging US and international privacy laws, internet users are also putting more focus on how their personal information is collected and used.

In order to earn trust with customers, it’s crucial for businesses to be transparent about their use of personal information. To keep up with growing fears over data collection, your privacy policy should be frequently updated to remain transparent.

Letting users know that you updated your policy will help build and maintain trust, and allow individuals to review any changes in how you handle their personal information.

3. You Market to Children

Your responsibilities over data are especially serious if your website markets to children. Data collected from users under the age of 13 is protected under the Children’s Online Privacy Protection Act (COPPA).

If you are updating your website with anything that remotely relates to children under 13, perform a critical review of your privacy policy to make sure it’s COPPA-compliant.

Notify the parents or guardians of users that you’ve updated your privacy policy, so they can review the changes on their children’s behalf.

3. How You Can Notify Users About Privacy Policy Updates

After you’ve updated your privacy policy, alert users to the changes.

Here’s how you can notify users of your privacy policy updates:

Banner or Pop-up Notice

Place a banner or pop-up on your site’s homepage that lets users know about your updated policy. Make sure it’s in a visible location so users have the opportunity to leave if they find the changes unacceptable.

Here’s an example of a privacy policy update banner from Baxter’s homepage, which links to their updated privacy policy.

Baxter example of a privacy policy update banner

Your banner or pop-up should link to your new privacy policy so users can review it in detail.

Privacy Policy Update Email

Your notification email should also include a link to the complete text of the new privacy policy.

Here’s an example of a 2018 privacy policy update email from Couchsurfing detailing their privacy policy changes for the GDPR.

example of a privacy policy update email from couchsurfing

Whenever you send “We’ve updated our privacy policy” emails to users, also give an overview of the privacy policy changes you made.

That way, in the event of a legal challenge, you can make the argument that users were not only informed of the policy updates, but you made the information accessible and easy to comprehend.

Blog or News Post

You can also create a blog post for your site about your latest privacy policy changes.

For example, WordFly’s privacy policy update blog post includes a bullet list summarizing the company’s privacy policy updates.

Wordfly's privacy policy update blog post

Keep your privacy policy update post short and sweet by going over the key changes and linking to your updated privacy policy.

4. Why Are Privacy Policies Changing

While the occasional privacy policy update email likely just means the company has changed its policies, a sudden onslaught of updates and accompanying notifications usually means there’s a new privacy law.

The introduction of legislation like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) has ushered in a new privacy landscape. With growing public concern over user data and significant data breaches, laws are being passed around the world every year to better regulate digital data handling.

So, why is everybody updating their privacy policies year after year? In short, they have to, and you probably do too.

The majority of privacy laws establish new standards for privacy policies. So when a new law or regulation comes to pass, one of the first steps you need to take to stay compliant is to update your privacy policy and notify users of the changes.

Privacy Policy Updates FAQs

Avatar for Lisa Xu
More about the author

Written by Lisa Xu

Lisa Xu is a legal writer for Termly. She specializes in privacy legislation, digital trends, and best business practices. More about the author

Related Articles

Explore more resources Explore more resources