By Will Elton, Last updated: 2021-10-06 (originally published on 2019-05-09)
In January 2017, it was official – exactly 50% of the global population had internet access. Though this international connectivity brought about a multitude of benefits, we cannot say it wasn’t without a few issues, to put it mildly.
As we arrived in the online world, we entered almost completely exposed. We were ready to put our personal information out in the open, if it meant gaining something in return. Unfortunately, much as in regular life, not everyone we gave our details to had good intentions. Many joined the online community just to collect user data and utilise it in whichever way they pleased without asking if we were okay with it first.
In fact, statistics indicate that there are almost 6.5 million data breaches on a daily basis – if that doesn’t put a little scare in you, Brach Level Index (April 2019) states that someone has their data records lost or stolen every 75 seconds of the day.
This has resulted in the majority of users becoming displeased with the fact that any website they visit can collect their personal info without their consent, and then use it for their own purposes. Of course, there are still many modern consumers who appreciate the benefits this data collection has brought with it (eg. better ad targeting, better services), but most are also worried whether about the downside.
But let’s get into the specifics:
- The document should also outline the methods of data collection (eg. through website cookies, form, etc.).
- It should also state how long you plan on storing the data and keeping it in your possession.
- Users also need to know who can be contacted to access their data in case they decide to request or make changes to their data.
- Furthermore, depending on the location of your company, it is important to provide information on where the data is being stored – are you doing it yourself or is a data centre doing it for you (and if so – where is the centre located?).
- When it comes to businesses that collect cookies, or if your third-party software collects them, it is essential to draft a Cookies Policy where you will explain what cookies are, how you are using them, why they are necessary, and which types and functions each cookie performs.
- Certain countries require websites to give customers a chance to opt out of receiving any further email or notices.
1. Firstly, it’s required by law.
In response to catastrophic breach events, which have occurred on a frequent basis over the years, we’ve seen the rise of laws and regulations intended to keep users’ personal data as safe as possible.
The two most influential ones are:
- General Data Protection Regulation (GDPR) – Europe’s directive which affects websites worldwide. It replaced the Data Protection Act 1998 and dealt with concerns regarding the collection, possession, storage, and sharing of personal data. To find out more about GDPR and how it affects your business, check out Zegal’s white paper on Understanding the new GDPR.
- California Online Privacy Protection Act (CalOPPA) – Established in 2004, it represents the first US law which prevents any website from collecting California-based users’ data, including their email address, phone number, location info, etc. In case a website does intend to collect any information, it is required to have a legal statement outlining your business privacy practices available for a user review.
Others include, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the US’ Children’s Online Privacy Protection Act (COPPA), the UK’s Data Protection Act (DPA) and Australia’s Privacy Act of 1988.
Certainly, we can expect more regulations in the future in response to the emerging global requirements.
2. It is required by third-party services your business website uses
In order to deliver certain services, websites collaborate with third-party affiliates, including website analytics tools, online shopping functions, advertising services, and so on. Consequently, you are required to include a section about these online associates, their role on your website, and explain whether or not they collect user data, in which manner, and for what purposes.
3. Users Demand Privacy
Let’s go back to the beginning. All of this started, largely, because internet users were concerned about their personal data being exposed, collected, used, and share without their knowledge.
It is not that everybody is looking to keep their data private – quite the contrary. Many are willing to disclose their personal information if they get something in return. Nevertheless, they would still like to know what the info will be used for.
- Which information will be collected
- How will the data be used
- Who can they contact to access their personal data
- If the information will be used in another country
- If payments are possible on the website and which type of encryption is used
Easy. Make one here.
This article does not constitute legal advice.