Privacy is a space that belongs to an individual — and neither governments nor companies can intrude without permission. But we share private information all the time: our addresses, our credit card numbers, our birthdays. It’s at this juncture that privacy policies come into play.
- A list and description of information collected
- Where you find that information
- Why you collect it
- How it is collected
- Who else can see it and whether it will be shared or sold
- The rights that users have over their data
- How users can use those rights
- Your contact information
Other parts you may want to include:
- How you store the data
- How to access or remove data
Consumer privacy laws are quickly growing in number and strength. Both consumers and business partners now expect you to tell them how you use and guard their personal data.
1.) It’s the Law
US Federal Law
COPPA requires American businesses to get verifiable consent from a parent or guardian before a child under 13 can use your service, whether within the US or abroad.
In addition, the Health Insurance Portability and Accountability Act (HIPAA) carries strict requirements for how medical facilities protect the sensitive health information of their patients.
California has the strictest privacy laws in the US. The primary law is the California Consumer Protection Act (CCPA) — now amended by the California Privacy Rights Act (CPRA).
While EU laws don’t apply in the States, the GDPR probably will apply to you. If you market or sell to people in the European Union, your website must comply with their privacy laws.
Europe asks for Privacy by Design, meaning businesses examine how they handle private information in every step they take with customer data. This process helps them be proactive about avoiding potential issues.
The GDPR outlines the users’ right to know about their data and how it’s used. It also requires sites to have a process to take down information that users don’t want online and information about where that data has traveled.
As of 2021, 97% of privacy policies fail to meet the GDPR’s standards.
2.) Third-Party Apps Require It
This trend is only becoming more common, too. All Google or Apple software or apps already require privacy policies from everyone they work with. And, because analytics software can be so reliant on personal information, using any kind of it almost always means you need a policy.
For example, Google Analytics includes this requirement in its terms of service.
3.) Build Trust with Customers
Many people don’t read privacy policies because they’re very long and filled with complex legalese. In fact, to counter this, some laws today actually require your policy to be in simple enough language that a layperson could read it.
But, even if you’re not trying to comply with a law, a short and clear policy lets your customers know you care about their time. Having a focus on good design can also better engage users and clarify the policy even more.
Finally, don’t overlook the rapport you can build when you give users transparency in a document that they’ve grown used to skipping over because of its complexity.
4.) Make Customers Feel Informed and Comfortable
Remember, people care about their privacy; with the number of data breaches that the news reports on, it’s easy for anyone to feel scared or unsafe. This pushes many people to learn more about privacy, and once they know the risks, they often want to make sure that their information is safe.
As a website owner, you’re responsible for your users’ personal data — such as names, birthdays, postal addresses, phone numbers, email addresses, and any other physical information that you could use to identify someone. And remember, it also includes non-descriptive details, like geolocation, shopping activity, educational and medical history, and the contents of emails and texts.
5.) Show a Security-First Stance
6.) Avoid Legal Battles and Fines
If you want to put more concrete numbers to the penalties, here are the violations you will face for non-compliance with some major privacy acts:
- The GDPR will fine you up to the higher between €10 million or 2% of your worldwide annual turnover from the last financial year.
- HIPAA categorizes violations into different tiers. Tier 1 fines will charge you at least $100 per offense, up to $50,000, while the most severe violations, Tier 4, carry a minimum charge of $50,000 per offense and no upper limit.
- Violating COPPA can land you a $43,792 fine per violation.
- CCPA violations carry a fine of up to $7,500 per intentional offense and up to $2,500 for each unintentional offense.
7.) SEO and Marketing Purposes
8.) Keeping up with New and Changing Technology
With the pace that technology grows at, user expectations are constantly advancing and changing as well. Therefore, it’s reasonable to predict that privacy policies will become required for even more uses in the future.
9.) It’s the Right Thing to Do
Contemporary ethicists speak of a moral right to privacy. For example, you expect your neighbors not to walk into your home without your permission. It’s essential to hold your neighbors on the internet to the same standard.
Almost every person today is a data source for many companies, analysts, and even bad actors. Therefore, everyone has the right to know what’s happening to all this information they need to give out, and they should be able to make an informed decision on who they give it to.
Online privacy is a newly recognized right, and the world is still in the process of working out what it means. Around the world, new laws around privacy policies are coming out all the time, but technology is changing just as quickly.
The good thing is that you can use technology to your advantage, too. For example, you could check out our guide to writing privacy policies to learn more about what you should include and how to make yours work.