1. What Is a Privacy Policy?
A basic privacy policy outlines your website’s relationship with users’ personal information.
To succeed online and avoid legal turmoil, your website needs a privacy policy agreement. The first step to creating a compliant and comprehensive privacy policy is understanding exactly what that is.
Privacy Policy Definition
A privacy policy is a legal document that informs your site’s users about how you collect and handle their personal information. You may also hear privacy policies referred to by the following names:
- Privacy notice
- Privacy policy statement
- Privacy page
- Privacy clause
- Privacy agreement
A general privacy policy explains a platform’s interactions with the personal information and personally identifiable information (PII) of its users. PII is information that can be used by itself, or combined with other information, to identify an individual.
Specific platforms or services may require a unique privacy policy template. Examples include:
- app privacy policies
- privacy policies for Blogger
- WordPress privacy policies
- ecommerce privacy policies
- small business privacy policies
However, a standard privacy policy template will likely satisfy user demands and legal requirements for your website.
Standard Privacy Policy for Website
We’ll dive into details later on in What to Include in a Boilerplate Privacy Policy, but a basic privacy policy outlines the following:
- What information is collected
- Where information is collected from
- Why information is collected
- How information is collected (including through cookies and other tracking technologies)
- Who information is shared with or sold to
- What rights users have over their data
- The site’s contact details
Privacy policies should be clear, thorough, and easy for internet users to find on any given site.
If you’d like to write your own privacy policy document from scratch, check out our guide on how to write a privacy policy.
2. Is a Privacy Policy Required by Law?
If your website uses personal information (e.g, collected names, email address, or credit card information), most legislations around the world require that you have a privacy policy.
If you run a website, mobile app, or desktop app, you are likely legally required to have a privacy policy somewhere on your site. You must display links to your policy clearly, prominently, and conspicuously, so that users can navigate to it quickly and easily.
As data collection and processing becomes more ubiquitous across the internet, privacy laws in the US and around the world set strict requirements for privacy policies. Here are the major laws that affect your website privacy policy:
GDPR
If you target users in the European Economic Area (EEA), you’re subject to comply with the General Data Protection Regulation (GDPR).
The GDPR is one of the world’s most comprehensive privacy laws, setting international standards for appropriate data handling. Article 12 of the GDPR grants users the right to transparent information about how their data is collected and handled. For business and website owners, this means that transparent privacy policies are mandated by the GDPR.
COPPA
If your website markets to children, strict rules and regulations apply. Most notably, the Children’s Online Privacy Protection Act (COPPA) governs websites that market specifically to kids.
If the target audience of your site is children under the age of 13, federal law requires you to include a company privacy policy that covers very specific information about your business.
CalOPPA
The California Online Privacy Protection Act (CalOPPA) was the original privacy law in the US which mandated that websites make privacy policies available to users. The act also outlines what information needs to be made available regarding data handling — including what data is collected, where from, and whether it’s shared or sold.
CCPA
Currently the most comprehensive data privacy law based in the US, the California Consumer Privacy Act (CCPA) builds on the online privacy policy requirements of CalOPPA. It builds on CalOPPA’s privacy policy standards, demanding that businesses and websites implement even more transparent and comprehensive policies.
In effect since January 1, 2020, the CCPA sets an annual update requirement for privacy policies. Therefore, you will need to update your CCPA privacy policy every year.