Table of Contents

In January 2017, it was official – exactly 50% of the global population had internet access. Though this international connectivity brought about a multitude of benefits, we cannot say it wasn’t without a few issues, to put it mildly.

As we arrived in the online world, we entered almost completely exposed. We were ready to put our personal information out in the open, if it meant gaining something in return. Unfortunately, much as in regular life, not everyone we gave our details to had good intentions. Many joined the online community just to collect user data and utilise it in whichever way they pleased without asking if we were okay with it first.

In fact, statistics indicate that there are almost 6.5 million data breaches on a daily basis – if that doesn’t put a little scare in you, Brach Level Index (April 2019) states that someone has their data records lost or stolen every 75 seconds of the day.

This has resulted in the majority of users becoming displeased with the fact that any website they visit can collect their personal info without their consent, and then use it for their own purposes. Of course, there are still many modern consumers who appreciate the benefits this data collection has brought with it (eg. better ad targeting, better services), but most are also worried whether about the downside.

Here enter’s the Privacy Policy – a legal document, which clearly explains what happens to users’ personal info on a specific website.

Ever notice how much code looks like cross stitch?


What Is A Privacy Policy?

A Privacy Policy is a document that informs your business website users what type of data you are collecting and what you intend to do with it.

But let’s get into the specifics:

  • The Privacy Policy has to specify the type of data being collected. This section should be as detailed as possible, listing everything a website intends to obtain –from users’ IP address, email address, payment information, and so on.
  • The document should also outline the methods of data collection (eg. through website cookies, form, etc.).
  • It should also state how long you plan on storing the data and keeping it in your possession.
  • Users also need to know who can be contacted to access their data in case they decide to request or make changes to their data.
  • Furthermore, depending on the location of your company, it is important to provide information on where the data is being stored – are you doing it yourself or is a data centre doing it for you (and if so – where is the centre located?).
  • It doesn’t matter if your website targets children or not, it is recommended that you address children’s privacy either way. If the website targets adults, a brief sentence will suffice, stating that the website is not intended for children under a certain age. In case the website primarily targets children, you should draft a more detailed Children’s Privacy Policy.
  • When it comes to businesses that collect cookies, or if your third-party software collects them, it is essential to draft a Cookies Policy where you will explain what cookies are, how you are using them, why they are necessary, and which types and functions each cookie performs.
  • A privacy policy might go hand in hand with the security policy intended to protect the collected user data. This section states the measures a business website takes to safeguard customer data.
  • Certain countries require websites to give customers a chance to opt out of receiving any further email or notices.

Note that the language of a Privacy Policy should be formal, but at the same time easy to comprehend so that users can obtain a clear understanding of your actions and intentions.

Yum. But not that kind of cookies.


Why You Need A Privacy Policy

1. Firstly, it’s required by law.

In response to catastrophic breach events, which have occurred on a frequent basis over the years, we’ve seen the rise of laws and regulations intended to keep users’ personal data as safe as possible.

The two most influential ones are:

  • General Data Protection Regulation (GDPR) – Europe’s directive which affects websites worldwide. It replaced the Data Protection Act 1998 and dealt with concerns regarding the collection, possession, storage, and sharing of personal data. To find out more about GDPR and how it affects your business, check out Zegal’s white paper on Understanding the new GDPR.
  • California Online Privacy Protection Act (CalOPPA) – Established in 2004, it represents the first US law which prevents any website from collecting California-based users’ data, including their email address, phone number, location info, etc. In case a website does intend to collect any information, it is required to have a legal statement outlining your business privacy practices available for a user review.

Others include, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the US’ Children’s Online Privacy Protection Act (COPPA), the UK’s Data Protection Act (DPA) and Australia’s Privacy Act of 1988.

Certainly, we can expect more regulations in the future in response to the emerging global requirements.

2. It is required by third-party services your business website uses

In order to deliver certain services, websites collaborate with third-party affiliates, including website analytics tools, online shopping functions, advertising services, and so on. Consequently, you are required to include a section about these online associates, their role on your website, and explain whether or not they collect user data, in which manner, and for what purposes.

3. Users Demand Privacy

Let’s go back to the beginning. All of this started, largely, because internet users were concerned about their personal data being exposed, collected, used, and share without their knowledge.

It is not that everybody is looking to keep their data private – quite the contrary. Many are willing to disclose their personal information if they get something in return. Nevertheless, they would still like to know what the info will be used for.

This is where the Privacy Policy steps in. It answers all of their burning questions, clearly stating:

  • Which information will be collected
  • How will the data be used
  • Who can they contact to access their personal data
  • If the information will be used in another country
  • If a website uses cookies and which ones
  • If payments are possible on the website and which type of encryption is used

This list is by no means exclusive as the specifics of the Privacy Policy depend on the nature of your business and website.

How To Write A Privacy Policy?

Easy. Make one here

Bottom Line

A Privacy Policy safeguards both the business that drafted it and its users. It makes the online environment honest and transparent, helping businesses cultivate trust and confidence with their consumers. A privacy policy should be easily accessible so that users can locate it at any time and read through the details.

Regardless of how you operate – via a website, a desktop app, or a mobile app, you are advised to have a strategically-drafted privacy policy in place. Be sure to update it regularly to reflect changes in the law and automatically inform users.


This article does not constitute legal advice.

Start managing your legal needs with Zegal today


READ MORE: 8 GDPR Compliance Tips Explained Through Queen Songs