Every website needs to have a statement that provides detailed information on how website owners and those who run the site will collect, use, protect, and store individual user's data.
Over 132 countries have enacted data and privacy protection laws as of 2020. While African and Asian countries are lagging in this area, 55 percent of nations in those regions have drafted legislation to deal with privacy protection online.
Companies must bear in mind that individuals anywhere on the planet might access and use their websites. Therefore, website owners must ensure that their Privacy Policies adhere to major standards, such as those held by the United States and Europe.
Website owners need to be transparent about what personal data is collected from users. Additionally, companies need to be forthcoming about why they collect this information. For example, just a few reasons a company might collect user information are:
It should be pointed out that some kinds of websites are required to include more information than others. For instance, sites that use third-party advertising platforms such as Facebook or Google must notify users about third-party advertisers, links, and cookies.
Additionally, E-commerce sites need to inform users about how it obtains, uses, and stores payment information. These sites must be transparent about who manages the data since storing that information may require the use of a third-party (such as a credit card processing company) to handle transactions.
Here's how Barnes&Noble, self-described as the Internet's Largest Bookstore, informs users how it collects and uses their information:
This section describes the ways in which a user's data is used after it is collected.
Here's an excerpt from the multi-paragraph clause:
Website owners may wish to include information about how long they plan to keep a user's data. This is in keeping with principles outlined by organizations such as the United Kingdom's Information Commissioner's Office (ICO).
Not all companies have a clause that outlines the length of time personal information is held. However, a generally held rule is that sites should not keep information any longer than is justifiable. Obviously, this depends on a company's purpose in collecting the data in the first place.
An example of a company that does include a storage limitation clause is Apple Inc. Here's how the company informs its users how long it keeps data:
In essence, this is nothing more than a statement of best practices. In contrast, Europe outlines eight guaranteed rights under the EU Commission's GDPR in chapter 3.
For example, the UK's Information Commission lays it out simply as follows:
It's usually a good practice to include contact information on a business website. Clients and customers who cannot contact customer service, or otherwise get in touch with the relevant party, may quickly grow frustrated. These individuals may choose to skip over to a competitor's site where they can easily find that information.
However, when it comes to Privacy Policies, multiple nations require contact information by law.
Depending on who accesses your website or platform, you may have to comply with requirements of specific countries or states. Here are a few examples.
As with the EU's GDPR, Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) states that companies must include the following in their Privacy Policies:
PIPEDA requirements apply to any organization that collects and processes the personal data of Canadian residents.
Many organizations that operate in the United States of America have a few customers or clients that live in the State of California. The California Online Privacy Protection Act (CalOPPA) is a law that applies to any company doing business in the state. It has only one stipulation when it comes to contact information, and that is:
"If the operator maintains a process for an individual consumer who uses or visits its commercial Web site or online service to review and request changes to any of his or her personally identifiable information collected through the Web site or online service, provide a description of that process."
Website owners can achieve this by giving users a Web portal to see their data, make changes, or delete personal data. Alternatively, companies can provide a contact form or email address to request changes or data deletion.
A customary place website owners place Privacy Policies is within the website's footer section, which is positioned at the bottom of every page.
Users know to look here for important information and legal agreements. It will also be available on every webpage to maximize accessibility.
For example, Amazon places its Privacy Notice in the footer of its website, as seen below:
Here's how Birkenstock does this when new users are creating accounts:
These methods are known as browsewrap and clickwrap.
The browsewrap method incorporates statements indicating that the user understands that by creating, accessing, using, or browsing a site, he or she has accepted the website's agreement. However, it is important to note that because this method is generally not considered prominent, it usually isn't enforceable in many courts.
Here's an example from Under Armour UK:
Some additional benefits of using the clickwrap method as opposed to the browsewrap method are: