- Privacy notice
- Privacy page
- Privacy clause
- Privacy agreement
- What information is collected
- Where information is collected from
- Why information is collected
- How information is collected (including through cookies and other tracking technologies)
- Who information is shared with or sold to
- What rights users have over their data
- The site’s contact details
Privacy policies should be clear, thorough, and easy for internet users to find on any given site.
If you target users in the European Economic Area (EEA), you’re subject to comply with the General Data Protection Regulation (GDPR).
The GDPR is one of the world’s most comprehensive privacy laws, setting international standards for appropriate data handling. Article 12 of the GDPR grants users the right to transparent information about how their data is collected and handled. For business and website owners, this means that transparent privacy policies are mandated by the GDPR.
If your website markets to children, strict rules and regulations apply. Most notably, the Children’s Online Privacy Protection Act (COPPA) governs websites that market specifically to kids.
The California Online Privacy Protection Act (CalOPPA) was the original privacy law in the US which mandated that websites make privacy policies available to users. The act also outlines what information needs to be made available regarding data handling — including what data is collected, where from, and whether it’s shared or sold.
For businesses operating in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) outlines ten fair information privacy practices and principles, including “openness.”
In action, complying with this principle means website operators need to make transparent privacy policies available to their users.
Other Notable Laws
If your website is “significantly engaged” in financial activities, you may be subject to the Federal Trade Commission’s (FTC) Gramm-Leach-Bliley Act, which requires the publication of “clear, conspicuous and accurate statements” regarding information collection and sharing practices.
What Information You Collect
- Personal data (like names and email addresses)
- Derivative data (like IP addresses and browser types)
- Financial data (like credit card details)
- Social network data (like Facebook login information)
- Mobile data (like mobile device IDs and manufacturers)
- Third-party data (like social network friends lists)
Both the GDPR and CCPA state that privacy policies should disclose what types of information a website collects. The above are only some basic examples of what types of information may mean for your site.
Why You Collect Information
Here are just a few examples of ways you may use the user data you collect:
- To send marketing materials or newsletters
- To process orders
- To complete transactions
- To enter users in sweepstakes, contests, or surveys
- To create and maintain user accounts
- To prevent fraudulent activities
Whether You Disclose Data to Third Parties
It’s not uncommon for a website to be integrated with other sites and services. For example, nearly 30 million live websites use Google Analytics. Given this online ecosystem, it’s only to be expected that your website might need to transfer data to third parties to operate smoothly.
- Service providers
- Ad vendors & networks (like Google Adsense)
- Social networks
- Business partners
- Other site users
|Third-Party Service Providers|
|We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.|
|With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes, as permitted by law.|
|Interactions with Other Users|
|If you interact with other users of the Site [and our mobile application], those users may see your name, profile photo, and descriptions of your activity, including sending invitations to other users, chatting with other users, liking posts, following blogs.|
The green text highlights the type of third party that user information could be shared with, while the blue section gives a brief explanation of how and why that information may be shared.
User Rights Over Their Data
This section of Airbnb’s policy goes on to specify four more data rights, and includes links to pages with more information on acting on those rights.
Links to Other Policies
Also gaining increasing popularity and legal necessity are cookie policies. All of these documents should link to one another, so users can always find answers to their questions about your site’s operations.
Here are some privacy statement examples from notable companies:
Not only does Twitter’s policy notice include a navigable sidebar menu, but it also highlights important words and phrases in each section as you scroll down the page.
Privacy policies for news websites are unique in that they tend to focus less on data collection and transfer for business purposes, and more on user accounts and user-to-user interactions.
It clearly states the reason data is shared with this service, by what means that data is collected, and how users can opt out of their data being shared with Google Analytics.