Legal content writer at TermsFeed.
On this page
- 3. Consent
- 3.1. Clickwrap
- 4. Opt-out
- 5. Best practices
- 5.2. Use clickwrap to gain consent from your users regarding your Privacy Policies
- 5.3. Use clickwrap to offer opt-out options of data collection or sale
- 5.4. Allow your users to opt-out of other processes such as remarketing
- 6. Conclusion
If you have a business that collects data and plans to sell it to third-parties and data brokers, what do you need to do in order to do this legally?
Here's an example of this type of disclosure from Unroll.me:
Depending on the laws that apply to you and your users, there are other guidelines that must be followed in order to share or sell the personal data you have collected safely and legally.
This article will discuss best practices for data brokers and the selling of personal data to third-parties, as well as highlight what not to do.
In 2017, Trusted Media Brands, Inc. (the publisher of popular magazines such as Reader's Digest) settled a federal class action lawsuit for $8,225,000 after allegedly collecting personal information including magazine preferences and selling it to third-parties in a manner that did not comply with Michigan law.
As a class action lawsuit, this also shows that people really do care about their privacy and personal information. Many people don't like the idea of their personal information being sold, so this can be a particularly tricky situation that should be approached honestly and professionally.
Email services are a popular example of a type of company that collects and sells data to third-parties. Oftentimes, free services collect and sell data in order to create a revenue stream in exchange for what they offer.
If you learn one thing from this article, it should be that inadequate Privacy Policies can be a very expensive mistake.
At Step 1, select the Website option or App option or both.
Answer some questions about your website or app.
Answer some questions about your business.
- Inform your users that you are collecting their personal data
- Disclose what personal data you are collecting
- Explain what you do with the data you have collected
- Disclose if you share or sell that data, and to whom
- Describe the measures you take to secure the data you have collected
This gives your users a complete understanding of what happens to the data you collect from them, and gives them the power to decide not to participate.
While asking users for consent is always a good idea when processing personal data (and often a legal requirement), it is especially vital when sharing or selling personal information from your users.
If approached correctly, gaining consent should be pain-free. Simply explain to your users that you plan to sell data you gather from them while simultaneously quelling any concerns they may have by explaining what data you are selling it, how and to whom, and why you are selling it.
If your methods of sharing user data are reasonable and well explained, most users will have no issue agreeing to them. Also, the easier you make the process of giving consent, the more users will agree and continue on with your services.
Here's an example from Whatsapp that requires users to type "Agree and continue" as well as click an "Agree and continue" button before continuing to use the service:
Making it easy for your users to opt-out of data selling practices is a great way to build trust and retain users without causing them any concern.
Most privacy laws require some form of opt-out option in relation to data processing, so be sure you are complying with any regulations regarding the rights of users to opt-out of your data processing or data sharing services.
You may also wish to go above and beyond the legally required opt-out procedures in order to better serve your users.
Depending on the service you provide, selling user data may or may not be a crucial component to your business.
For example, if you own a social media website that primarily profits off of ads, selling user data is probably not a huge concern.
If, however, you offer a free app that profits primarily off of selling user data to a third party, allowing users to opt-out may have an impact on your earnings if too many users opt out.
In either case, you must comply with the applicable laws that may or may not require you to provide an opt-out option in a certain manner. Aside from that, you must decide on the proper balance of customer service and convenience versus your revenue.
If you give all of your users a simple yes or no option for allowing you to share their data when they use your website, most will probably select no unless you have a good reason to convince them otherwise. This could be detrimental to your business.
However, burying the opt-out process somewhere hard to find or requiring a phone call to opt-out of having one's data sold is likely to upset your users and may encourage them to no longer use your services. It also may be in violation of privacy laws.
Finding the proper balance is important, but first and foremost, make sure you are compliant with the laws regarding opt-out procedures for data processing and the selling of personal data.
Regardless of the law, let's discuss some best practices for systems that sell user data to a third-party.
While becoming minimally compliant with the laws protecting your user base is important, these best practices will improve the overall quality of your app or website and futureproof you in the event of changing laws or expansion into a new jurisdiction.
Use clickwrap to gain consent from your users regarding your Privacy Policies
Even if you are not legally required to obtain consent or agreement from your users, most countries' privacy laws are moving in that direction. It may be a good idea to follow the stricter rules of the leading privacy laws such as the GDPR of the EU in order to futureproof your company when laws change or to be compliant with the laws of the EU should you expand to serve that market.
Here's an example of how Slice gets consent using clickwrap:
Use clickwrap to offer opt-out options of data collection or sale
Best practices for opt-out options are to have a checkbox located in areas where you collect personal data from your users so that they may decide not to share that data or decide not to give you consent to sell it.
An example of this is a registration form where users enter their email addresses. By providing a checkbox that they can use to opt-out of having their email address sold to a third-party or data broker, your users can easily make this decision. You'll also earn their trust by providing such a convenient method of opting-out.
Here's how GameStop lets users opt-in and opt-out in one convenient clickwrap form during account registration:
The major privacy laws of many countries are cementing guidelines such as these for gaining consent before collecting or processing the personal data of users within their jurisdiction.
Allow your users to opt-out of other processes such as remarketing
While this is not always required by law, it can drastically improve user-experience by giving them more control over what is done with their personal data and who has access to it.
Remarketing is a common use of user data where ads for websites previously visited are shown to users elsewhere on the internet.
For example, if you browse the selection of products at a shoe website, you will then see ads pop-up on other websites for that shoe website.
For some, this phenomenon can be disconcerting as they may be uncomfortable with their habits being monitored or data about them being shared to the third-parties who handle the remarketing. Some users also feel hounded by such ads and dislike the aggressive nature of seeing more ads pop-up for something they may not have actually been interested in purchasing.
By giving your users an easy way to opt-out of processes such as these, you give them more control over their personal data which can earn you trust and make them more comfortable using your app or website.
Collecting and using user data requires a developed system that is compliant with laws and mutually beneficial to both you and your users. Selling personal data to third-parties and data brokers can be a sensitive subject that requires extra care to ensure not only compliance with the laws that oversee data selling and sharing, but also to gain the consent and trust of your users
Beyond that, by following the best practices above you can set yourself apart as a trustworthy company that cares about the rights and privacy of its users by making everything easy to understand and convenient opt-into or opt-out of. Following these best practices will also help futureproof you from changes in the law or expansions into territories with different laws.