- Privacy Statement
- Privacy Notice
- Privacy Page
- Privacy Information Policy
- E-commerce stores
- Mobile apps
- Social media apps
- Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA): This act requires all websites in Canada to specify how information is circulated and exchanged online while also establishing rules that govern the collection and disclosure of personal information by websites.
- Europe’s General Data Protection Regulation (GDPR): Anyone who goes to Europe and visits a website will immediately see a pop-up prompting someone to specify the cookies they are comfortable with. This law is designed to place users in control of how their information is collected and used.
- Australia’s Privacy Act: Australia also has a similar privacy act and place that requires websites to disclose how they collect and use the personal information of their visitors.
- The UK’s Data Protection Act: This app is very similar to the act in mainland Europe, and it requires websites to place users in control of how cookies are used on their computers, how their personal information is collected, and how their personal information can be used. The goal is to make sure all information is used lawfully and transparently.
- The California Consumer Privacy Act (CCPA): This act applies to most businesses operating for profit in California. It gives users the right to know, the right to delete, and the right to opt-out of the selection or sale of their personal information.
Some of the top examples include:
- The Google Play Store
- Google Analytics
- Google AdSense
- Amazon Associates
- Google AdWords
- The Apple App Store
- Personally-identifying information is any information that on its own can be used to identify a specific person. Some examples of personally-identifying information include a person’s name, date of birth, address, email address, marital status, financial records, and medical history.
- Non-personally identifying information is information that, without the aid of additional information, cannot be directly associated with a specific person. Some examples of non-personally identifying information include a person’s internet protocol (IP) address, browser type, and location of other websites viewed before arriving at the website.
User input: If a website requires users to register, users will usually have to provide personally-identifying information, such as their name, address, telephone number, email address, age, and/or credit card number. In addition, a website might ask for other information from the user, such as interests, gender, user name, and other demographic information.
Derivative data: Most websites collect non-personally identifying information that web browsers make available, including the user’s IP address, operating system, browsing history, and statistical data.
Web cookies: Web cookies are small text files that are stored on a user’s computer. Each time the user submits a query to the website, the user’s web browser sends the text file back to the website, allowing the website to keep track of users, remember important information and customize web pages.
Web beacons: A web beacon is a small file embedded in an email or web page that allows websites to invisibly monitor a user and see if the user has viewed their content.
Social media: If users can connect their social media accounts to the website, certain information may be disclosed by the social media network to the website.
General use: In general, websites will use the information it collects to help provide and deliver the services of the website and manage and maintain the website.
Email communications: Companies will often use their customers’ names and email addresses to deliver notices and announcements to those customers.
Analytics: A helpful tool for companies is to be able to track and analyze the activities of their users and the traffic on their website. Companies can use third-party vendors to allow such tracking data on their websites.
By law: Companies will have to disclose personal information if it is required by law.
Marketing: Sometimes companies will sell or give their customers’ email addresses to third parties who may send emails about additional products and services.
Business partners and affiliates: Personal information can also be shared with business partners and affiliates.
Third-party service providers: Companies will sometimes need to share personal information with third-party service providers that help them with the business, such as credit card processors.
Example Privacy Policies
There are plenty of websites that have strong privacy policies in place.
The New York Times
- What Information Do We Gather About You?
- What Are Your Rights?
- What About Links to Third Party Services?
- How Do You Protect My Information?
- What We Collect
- What We Collect (and How it is Used and Shared)
- Your Choices
- Your Rights
In the United States, the Federal Trade Commission (FTC) regulates laws and policies regarding the privacy practices of businesses and the protection of their customers’ personal information. The FTC also helps to enforce federal laws concerning the privacy of customers’ information, including the following:
- Fair Credit Reporting Act (FCRA), limits how companies can obtain and use a customer’s credit and background reports.
- Gramm-Leach-Bliley Act, requires financial institutions to clearly explain their information-sharing practices and also restricts the sharing and use of specific financial information.
- Health Insurance Portability and Accountability Act (HIPAA) created a “Privacy Rule” that establishes a national set of standards of how health care service providers can use an individual’s protected health information.
The European Union has more established laws regarding privacy protection, including the Data Protection Directive (95/46/EC) and the E-Privacy Directive (2002/58/EC). These directives state that the personal information of European Union residents can only be transferred to countries outside of the European Union that have policies with an adequate level of protection.
|Paying hefty fines or having your website shut down||Having your financial information shared and used for fraudulent transactions|
|Being sued by users for improper disclosure of personal information||Having your social information posted online and used for illegal activity, character assassination, or unapproved use|
|Compromising a user’s personal safety||Having your location data posted online and receiving unwanted visitors|
|Lack of trust and credibility||Skepticism and apprehension about doing continued business with a company|
How often should Privacy Policies be updated?