If your WordPress site collects personal information from users, you need a WordPress privacy policy. A WordPress privacy policy that outlines your data handling practices can shield your site from potential legal penalties, and help build user trust.
Read on to find out what a WordPress privacy policy is, why you may need one, and how to add a privacy policy to WordPress.
What Is a WordPress Privacy Policy?
A WordPress privacy policy is a document that outlines how a website hosted on or built with WordPress collects and uses personal information. The privacy policy goes over the type of information collected, how it’s used, and whether it’s shared or sold to third-parties.
Personal information refers to information that can directly or indirectly be linked to an individual. Here are some examples of personal information that WordPress sites might collect:
- Names
- Email addresses
- Social media profiles
- Cookie data
- Geolocation information
Websites can collect personal data directly or through third-party services. Some common data collection methods on WordPress sites include:
- Contact forms
- Account sign-ups
- User comment forms
- Social media plugins
- Third-party advertisers or analytics
As data privacy issues have gained global attention, many countries legally require websites to have a privacy policy if they collect personal information, which also applies to WordPress websites.
Do You Need a WordPress Privacy Policy?
You need a WordPress privacy policy if you collect personal information from users, as you may be subject to comply with privacy laws around the world.
Privacy laws that may apply to your WordPress site include the General Data Protection Regulation (GDPR), California Online Privacy Protection Act (CalOPPA), and the California Consumer Privacy Act (CCPA).
The scope of these privacy laws and others often extend beyond the countries they originate from. If your WordPress site is accessible to users around the world, you need a privacy policy — regardless of where you operate from — to avoid potential legal penalties.
Let’s take a closer look at two notable privacy regulations and how they apply to your WordPress site.
GDPR
The GDPR applies to any website that serves and collects data from European Economic Area (EEA) and Switzerland residents.
A GDPR-compliant privacy policy must be transparent in language and content, and explain how and why you process personal data. It also needs to address data transfers, users’ rights in regards to their data, and use of cookies.
For example, the Obama Foundation’s privacy policy includes a section addressing EEA users, which goes over the legal basis for processing data, users’ data rights, and contact information.
Like this example, your GDPR privacy policy needs to explain the purpose of data collection and users’ rights using language that’s legalese-free and easy to understand for the average user.
CalOPPA
CalOPPA applies to WordPress sites that collect personal information from California residents. To meet CalOPPA requirements, your privacy policy needs to address your data handling practices, whether you honor do not track requests, and how you’ll notify users of privacy policy changes.
For example, solar panel company Smartflower’s privacy policy includes a CalOPPA section explaining that do not track requests are honored, third-party behavioral tracking is allowed, and privacy policy updates are posted on the privacy policy page.
If your WordPress site collects personal information from California residents, you may need a California privacy policy that addresses the state’s various privacy requirements.
Privacy policy requirements vary around the world, so review the applicable laws to comply accordingly. Remember that just because your website is on WordPress, the burden of data privacy doesn’t just fall on the hosting platform.
How to Create a Privacy Policy for WordPress
There are several ways to create a privacy policy for your WordPress site. Rather than writing a privacy policy from scratch, you can use:
- WordPress privacy policy plugins
- a privacy policy template
- a privacy policy generator
- a licensed attorney
After your privacy policy is created, add your privacy policy onto a new page on your WordPress website and link to it in visible locations on your site.
What to Include in a WordPress Privacy Policy
Privacy policies for WordPress sites vary slightly in content, depending on the applicable privacy law requirements. In general, your privacy policy should address the following:
- Information Collection and Use: Explain what type of personal information is collected, and what it’s used for.
- Methods of Data Collection: Outline the direct and indirect ways that personal information is collected, such as through contact forms, comment forms, or social media plugins.
- Third-Party Services: Identify all third-party plugins, services or advertisers that collect information on your site, and link to their privacy policies.
- Cookie Usage and Preferences: Describe your site’s use of cookies and how users can enable or disable cookies.
- Users’ Rights: List the rights that users have over their data, such as requesting to access, update, or delete their data.
- Contact Information: Provide ways for users to reach you if they have questions or require more information about your privacy policy.
Let’s look at an example WordPress privacy policy menu to see how these clauses can be incorporated and organized.
Media outlet Quartz’s privacy policy has sections explaining what, how, and why they collect data. It includes sections on how information is shared with third-parties and how third-party services collect information on the site:
The privacy policy also includes clauses that address US and European privacy laws, as the site has global visitors.
To comply with multiple data laws, add sections to your privacy that address specific privacy laws and their jurisdictions, as seen in the example’s “Residents of the EEA & Switzerland” section, which features GDPR-related information.
How to Add a Privacy Policy to WordPress
Here’s how to add a privacy policy to WordPress:
- From your WordPress dashboard, navigate to Settings > Privacy.
- To edit and use WordPress’s built-in privacy policy, click Use This Page beside “Privacy Policy (draft).” To add your own privacy policy, click Create New Page.
- Fill out the title and copy and paste your privacy policy to the body.
- Publish the privacy policy.
- To display your privacy policy, navigate to Appearances > Menus on your dashboard.
- Name the menu and click the box next to your privacy policy page.
- Click Add to Menu then Save Menu.
- Go to Appearances > Widgets on your dashboard.
- In the Available Widgets section, drag the Navigation Menu widget to the areas on the website where you want to display your privacy policy (e.g. sidebar, footer).
- Select the menu that includes your privacy policy and click Save.
Remember to display and link to your privacy policy in prominent locations on your site, such as in the footer, terms and conditions, and other pages where data is collected.
Next Steps
Now you should have a better understanding of what a WordPress privacy policy is, why you need one, and how to add a privacy policy to WordPress. Let’s review the takeaway points:
- A WordPress privacy policy explains to users what, how, and why you collect their personal information.
- Privacy laws around the world, such as the GDPR and CalOPPA, mandate privacy policies for websites.
- A privacy policy should be written using user-friendly language and clearly displayed on your WordPress site.
Having a privacy policy on your website not only allows you to avoid legal penalties, but also helps you establish trust with site visitors by showing that you treat data protection seriously.
Create your privacy policy for WordPress now using Termly’s free privacy policy generator.