An excellent way to remain compliant with modern data privacy regulations while collecting and using customer data is to have a privacy center on your website or app.
Keep reading to learn about data privacy centers and how they can help you protect the data privacy rights of your users and the legality of your website.
What Is a Data Privacy Center?
A data privacy center is one central hub for everything relevant to data privacy on your website. It allows users to easily access your privacy policy and learn about how you handle their personal data by allowing them to navigate your legal policies and privacy practices in one spot.
It also offers information on several commonly searched topics within the realm of online privacy and provides a way for users to contact support for further information.
From your privacy center, users should be able to learn how to access their data, delete personal data, manage their cookie consent, and review their data privacy rights.
Data privacy centers are not required by law, but they help organize your data privacy protocol and make the user experience that much simpler and more cohesive.
When Do You Need a Privacy Center?
A data privacy center can help organize your data privacy process and keep all users more informed if you have a wide range of customers across various regions.
Because of this, the more your business grows, the more necessary it is to include a data privacy center.
You may need a data privacy center if you:
- Collect personal, sensitive data on your users
- Collect massive amounts of data
- Want to improve your user experience
- Plan to grow your user base over time
What Do Data Privacy Centers Include
Each data privacy center is unique and should be based on your privacy policy, data collection and management methods, business model, and user base.
However, every data privacy center will need to include some standard features:
Your Privacy Policy
This policy is the star of the show when it comes to your data privacy center.
Your privacy policy — required by various data privacy laws — outlines how and why you collect and use customer data, whether that data will be transferred or sold to third parties, and the user’s rights regarding their data.
This policy will be what your users refer back to the most. So make sure it’s easy to find, navigate, and access in your data privacy center.
Your Cookie Policy
Cookies are small files of personal data used to help remember a user’s login information and preferences to enhance their user experience.
According to both CCPA and GDPR, users must consent to collect cookies before any cookies are collected. If they do not consent, the website cannot collect cookies on that user. They should also be able to consent to some cookies, but not all, using a cookie preference center.
Your cookie policy should also be comprehensive and easy to find so that users can refresh their memory of their data privacy rights and your cookie practices.
Your Terms and Conditions Agreement
Though not required by law, your terms and conditions agreement provides general rules by which users must conduct themselves and agreements about how service will be offered and conducted while they use your website.
These often overlap with data privacy policies, so it’s helpful to link to your terms and conditions as well as the other two.
A Search Function
Each of these agreements can be lengthy, and users may not have the time or energy to read through them all.
If your data privacy center includes a search function, they can easily search for the topic in question and find clauses and terms relevant to their query. This feature reduces time and makes for a more efficient user experience.
FAQs
Many users have the same questions about their data privacy.
Research the most commonly asked questions about data privacy and create an FAQ list within your data privacy center. Each answer should link to the relevant policy.
A Way To Contact Support
There’s no substitute for the assistance of a real-life professional.
If your users cannot find the answers they’re looking for in your FAQs or through searching your different policies; you should have a way for them to contact support.
You can offer contact through an email or a customer support phone number. You might also have a live chatbot.
Whichever method you choose, make sure it is easy for users to find and access.
Your Data Processing Agreement
Data processing agreement is a legal agreement signed between data controllers and data processors. For example, Stripe includes information about its data processing agreement in its Privacy Center.
Privacy Center Examples
Although your privacy center will be unique to your business, you may be able to find inspiration by looking through the privacy centers of other successful companies.
These are a couple of data privacy center examples that stand out and serve as good examples of best practices.
Uber’s Privacy Center
Uber is a worldwide rideshare behemoth, boasting over 5 billion rides in its 12 years of business. As they’ve grown, Uber has taken on two food delivery services: Uber Eats and Postmates.
Because of this, Uber collects a vast amount of data and has a stringent and comprehensive data privacy policy accessible in its robust privacy center.
The setup of their privacy center is straightforward and pleasing to the eye. They divide the center based on their different services: Rides, Driving and Delivering, Uber Eats, and Postmates.
You can also stick to the tab that covers “All Products.”
Information is broken down into four categories:
- What can drivers see about riders?
- How does data shape your trip experience?
- A summary of how you use Uber
- A copy of your personal data
They also include information about their privacy approach, the correlation between ads and data, and a quick link to delete your account if you choose.
One thing that is lacking is a link to contact support for more information.
Salesforce Privacy Center
Salesforce’s privacy center has it all, including links to regional privacy laws, global privacy support, and updates on any changes Salesforce has made to its privacy protocols recently.
Additionally, resources like their Trust and Compliance documentation and Data Processing Addendum are easy to find on the page.
Finally, there is a link to contact Salesforce with questions not answered by their privacy center.
Summary
Your website should be easy to follow and navigate, including your data privacy information. Creating one central hub for all things data privacy will make it more accessible to all your users and make it easier for you to remain compliant.
Your privacy center should be unique to your business and customer base but should include everything users need to know about your data privacy procedures. Looking through other established data privacy centers on other websites can give you inspiration and a basis for your own.
More about the author
Written by Ali Talip Pınarbaşı, CIPP/E, & LLM
Ali is a London-based Data Privacy Law Consultant with a Master of Laws Degree in EU Privacy law at King's College London. He has three years of experience in advising businesses on how to comply data protection laws. More about the author
