An excellent way to remain compliant with modern data privacy regulations while collecting and using customer data is to have a privacy center on your website or app.
Keep reading to learn about data privacy centers and how they can help you protect the data privacy rights of your users and the legality of your website.
What Is a Data Privacy Center?
A data privacy center is one central hub for everything relevant to data privacy on your website, enabling users to easily access your privacy policy and learn how you handle their personal data by navigating your legal policies and privacy practices in one spot.
It also offers details about several commonly searched topics within the realm of online privacy and provides a way for users to contact support for further information.
From your privacy center, users should be able to:
- Learn how to access their data, delete personal data,
- Manage their cookie consent
- Review their data privacy rights
Data privacy centers are not required by law, but they help organize your data privacy protocol and make the user experience much simpler and more cohesive.
When Do You Need a Privacy Center?
A data privacy center can help organize your data privacy process and keep all users more informed if you have a wide range of customers across various regions.
Because of this, the more your business grows, the more necessary it is to include a data privacy center.
You may need a data privacy center if you:
- Collect personal, sensitive data on your users
- Collect massive amounts of data
- Want to improve your user experience
- Plan to grow your user base over time
What Do Data Privacy Centers Include?
Data privacy centers are unique, so base yours on your specific privacy policy, business model, user base, and data collection and management methods.
However, every data privacy center should include some standard features, which I cover in the following section.
Your Privacy Policy
When it comes to a data privacy center, your privacy policy is the star of the show.
Privacy policies — often required by data privacy laws — outline:
- How and why you collect and use customer data
- Whether you’ll transfer it internationally
- If you’ll sell or share it with third parties
- The rights users have regarding their data
- How users can act on those rights
Because users refer back to this policy the most, ensure it’s easy to find, navigate, and access in your data privacy center.
Your Cookie Policy
You should also link your cookie policy to your data privacy center.
Websites use internet cookies to function correctly, but they collect personal information from visitors and are used for targeted advertising.
Laws such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) give users the right to control which cookies get placed on their browsers via opt-in or opt-out consent.
They also must be able to easily change their minds through a cookie preference center.
Your cookie policy should be comprehensive and easy to find so that users can refresh their memory of their data privacy rights and your cookie practices.
Your Terms and Conditions Agreement
You should link to your terms and conditions agreement in your privacy center, as these policies often overlap with data privacy policies.
Though not required by law, terms and conditions agreements provide general rules explaining how users must conduct themselves while using your site and describe how you offer and conduct your services.
A Search Function
Consider adding a search function to your data privacy center so users can easily search for topics and find clauses or terms relevant to their query.
The agreements in your privacy center can get lengthy, and users may not have the time or energy to read them all.
Including a search feature reduces time and makes the user experience more efficient.
FAQs
Many users have the same questions about their data privacy, so research the most frequently asked questions about data privacy and create an FAQ list within your data privacy center.
Each answer should link to the relevant policy.
A Way to Contact Support
Users might not be able to find the answers they’re looking for in your FAQs or by searching different policies, so include a way for them to contact support in your privacy center, like:
- Linking to an email address
- Providing a customer support phone number
- Using a live chatbot
There’s no substitute for the assistance of a real-life professional — whichever method you choose, make sure it is easy for users to find and access.
Your Data Processing Agreement
You should add your data processing agreement to your privacy center, which is a legal agreement signed between data controllers and data processors.
For example, Stripe includes information about its data processing agreement in its Privacy Center.
Privacy Center Examples
Although your privacy center will be unique to your business, you can find inspiration by looking through the privacy centers of other successful companies.
These are a couple of data privacy center examples that stand out and serve as good examples of best practices.
Uber’s Privacy Center
Uber, a ride-sharing company, collects a vast amount of driver and user data and has a stringent, comprehensive data privacy policy accessible in its robust privacy center.
The setup of their privacy center is straightforward, pleasing to the eye, and divided based on their different services:
- Rides
- Driving and Delivering
- Uber Eats
- Postmates
- All products
They break information down into five categories:
- What can drivers see about riders?
- What can delivery people see about customers?
- How does data shape your trip experience?
- A summary of how you use Uber
- A copy of your personal data
They also include information about their privacy approach, the correlation between ads and data, and a quick link to delete your account.
However, it lacks a link to contact support for more information.
Salesforce Privacy Center
Salesforce’s privacy center has it all, including links to regional privacy laws, global privacy support, and updates on any recent changes to its privacy protocols.
Additionally, resources like their Trust and Compliance documentation and Data Processing Addendum are easy to find on the page.
Finally, there is a link to contact Salesforce with questions not answered by their privacy center.
Summary
Your website should be easy to follow and navigate, including your data privacy information.
Creating one central hub for all things data privacy makes your site more accessible to all users and makes it easier to remain compliant with privacy laws.
Your privacy center should be unique to your business and customer base and include everything users need to know about your data privacy procedures.
Try looking through established data privacy centers on other websites for inspiration when making your own.
More about the author
Written by Ali Talip Pınarbaşı, CIPP/E, & LLM
Ali is a London-based Data Privacy Law Consultant with a Master of Laws Degree in EU Privacy law at King's College London. He has three years of experience in advising businesses on how to comply data protection laws. More about the author
