From time to time, your data practices may change to keep up with amendments to existing laws or bring your company into compliance with new ones. Additionally, you might change the types of data you collect or the way that you process it.
At Step 1, select the Website option or App option or both.
Answer some questions about your website or app.
Answer some questions about your business.
- 2.1. Meeting User Expectations
- 2.2. Avoiding Disputes
- 2.3. Protecting Kids Under 13
- 3. Our Top Best Practices
- 3.1. Use Clear Language
- 3.2. Always Provide Notice
- 3.2.1. Use a Pop-Up Notice
- 3.2.3. Update Users Through Email
- 4. Summary
The reason for regular reviews is to ensure that the information it contains is actually accurate and current with your own data practices as well as with all laws and regulations.
For instance, suppose you do business in California. In that case, you'd be subject to the California Consumer Privacy Act (CCPA), which requires companies to update their Privacy Policies every year and to notify consumers of those updates.
Moreover, it's possible that you might be required by federal law to notify your website's users of updates depending on the nature of your policy's changes and what kind of information your company collects.
Meeting User Expectations
In addition to staying compliant with the law, you'll also want to make sure that you're meeting the overall expectations of your customers. People want to have confidence in those with whom they do business.
Customers need to know that they can trust you with the safety of their private, perhaps sensitive information when they access your apps and websites. Remember that in today's world, your commitment to transparency and trustworthiness is something many consumers take a hard look at before doing business with you.
Many consumers are completely aware of the privacy laws in their region, and thus, Privacy Policies on company websites are a feature that most expect to see. They also expect notifications whenever you make changes.
For instance, say your policy says something similar to Wix's, where you mention that your goal is to "always be transparent and maintain your trust," but then you made changes to your policy and didn't send out notifications about them.
That might seem like a small error, but you could be sued for it.
Moreover, a notice is respectful of your customers because it gives them the opportunity to opt-out of your data collection or to close their account with you altogether if they disagree with the changes you've made.
Protecting Kids Under 13
The Children's Online Privacy Protection Act (COPPA) demands that you both obtain the consent of parents or guardians and send a notification if you change anything in terms of the data you collect or the way that data is processed.
Our Top Best Practices
Now that we've covered the reasoning behind the need for up-to-date Privacy Policies and notices let's discuss how to ensure that both meet the highest quality standards.
Use Clear Language
- Easily accessible, intelligible, concise, and transparent
- Written in plain, clear language (especially if addressed to a child)
- Free to access
The UK's Information Commissioner's Office puts it this way:
"Being transparent by providing a privacy notice is an important part of fair processing. You can't be fair if you are not being honest and open about who you are and what you are going to do with the personal data you collect."
It's interesting to note that many developers and academics have decried the overly burdensome legalese that has been the hallmark of most legal documents, such as Privacy Policies and Terms of Service Agreements, for years.
Due to the need to make these documents clear and understandable to the majority of people who read them, some individuals within groups such as Mozilla have worked on developing standard iconography, which could be used to denote different levels of data use or privacy.
Combined with short bits of basic text, these icons could be used to further streamline and clarify Privacy Policies everywhere. However, most of these concepts have not moved outside the academic world and into the commercial yet.
Businesses may still wish to keep an eye on these types of proposals, though, because, as we all know, the trend to simplify, simplify, simplify may continue on past what's required now.
Always Provide Notice
There are three ways you can do this with relative ease:
- Use a pop-up notice on your website, which announces the update, and that requests consent to all changes
Below we'll discuss each of these methods a bit more in-depth.
Use a Pop-Up Notice
To do this, simply:
- Use a mechanism to gain consent, such as clickwrap (where the user must actively click "Agree" or "Accept" to confirm they've given consent) and ensure that it appears at the point of data collection. Note: Remember that browsewrap agreements are no longer acceptable when it comes to gaining consent from users
Here's an example of a simple pop-up notice from WhatsApp:
Some businesses choose to write a dedicated clause and place it near the end of the policy due to the fact that it can sometimes get buried with other information if placed in the preamble.
It's important for companies to be as open and forthcoming as possible in their Privacy Policies, and MeWe's is a good example of that sort of transparency.
Update Users Through Email
An email arrives directly in your customers' inboxes, where they are most likely to see any notifications that you put out. Remember, while a user may visit your site every once in a while, most people visit their email every day.
- What actions users can take if they don't agree to the changes
Here's how Reddit presented this information in an email notice:
And here's one more example: