New online platforms and the ease of app development makes market entry simple for even amateur developers.
If you perform app or website development outside of your regular day job or wish to test your market first before committing more time to development, it may not be on your immediate to-do list to incorporate.
Many people prefer to check the success of their ideas before taking the steps to officially starting a company.
The Typical Situation
If you review examples of Privacy Policies, you will see they reference a company, not an individual. Even individuals who perform business as sole proprietors often transact their business as an incorporated entity rather than using their own names.
This is due to the need to avoid personal liability.
Being personally connected to a business transaction or a privacy breach risks your personal assets. A successful lawsuit against you can attach your own real estate or bank accounts in addition to funds and property you hold exclusively for business purposes.
That is why you will not find Privacy Policies written for individuals. Tim Ferriss runs a blog that features his name prominently:
This does not mean you can't develop and sell an app or website product without establishing a company first.
It's understandable and not unheard of to do so if you want to test the market without putting in a giant investment, or just want to see if you like developing and distributing apps in the first place. However, the decision to release an app or website as an individual rather than as a corporation does not relieve you of legal requirements.
Privacy Laws for Individuals
Privacy Policies are required anytime you collect personal data from users.
This is the case whether you run a large multinational company like Apple or if you create apps from your basement office.
Privacy protection laws address personal data. If you handle personal data, you must follow the requirements of these laws. Personal data for privacy law purposes is defined as any information that can be used to identify an individual. Some common examples of "personal data" include:
- Full names
- Home or email addresses
- Date of birth
- Identifying numbers, such as a driver's license or Social Security Number
- Physical descriptions or ethnicity
- Telephone numbers
If your service or product works fine without users revealing this information, consider never requesting it in the first place.
However, if you need personal data, being an individual does not exempt you from privacy protection laws.
Individuals as Operators
Laws concerning privacy typically refer to "organizations."
An organization for these purposes includes anyone who creates, runs, and manages an app or website that requests personal data.
While it's often assumed that these rules only apply to corporations, that is not the case.
The California Online Privacy Protection Act is the most extensive privacy act in the United States. Since California is a heavily populated state, it is impossible to run an app or website in the U.S. without engaging California citizens. You need to pay attention to this law as if it contained federal requirements.
The act applies to any person or entity that runs a commercial website or online service available to California residents.
The Canadian law, Personal Information Protection and Electronic Documents Act (PIPEDA), applies to organizations:
Individuals are included in its definition of organizations:
You will also find this in Australia with the Privacy Act 1988. Organizations also include individuals:
In the E.U.
The E.U. places strict privacy requirements on its member states. Individuals are also held to these laws, although it refers to "controllers" and "processors" rather than organizations:
Finally, as an example of following the E.U. requirements, the U.K. passed an extensive privacy protection law called the Data Protection Act 1988. This law does not exempt individual developers if they collection personal information:
Knowing that individual developers are bound by privacy laws helps you make informed decisions. If you handle personal data within a website or app, you may want to consider incorporation.
Privacy breaches are burdensome to all corporations, even the largest ones. If the data you store is compromised, you can face penalties which may include fines and civil liability.
However, rather than enjoying the protection of a corporate structure, users pursue you personally for damages when you aren't incorporated. This can leave you financially destitute in addition to undermining your business efforts.
That is why if you handle personal data, you should consider creating a company first. This offers advantages over doing this on your own, including:
- Establish ownership: Running your app or website through a corporate entity gives you a stronger grip on intellectual property and asset ownership.This is especially important if you develop your service in partnership with another party who may claim a larger ownership interest than deserved or expected.
- Tax consequences: In many jurisdictions, you enjoy greater tax benefits as a corporation than an individual.This can save you money and contribute to the long term success of your products and business.
- Protection from personal liability: This is the theme throughout this discussion. Even if you do not feel you have anything to lose now, that can change later as your life evolves to home ownership and other milestones. You do not want these items attached to fulfill lawsuit or fine payments.By incorporating, you get more protection between your personal assets and any data breaches that may occur as you run your app or website.
Credits: Icon "buildings" by Yamini Ahluwalia from the Noun Project.