Last updated on 01 July 2022 by Jocelyn Mackie (Former civil litigation attorney. Content legal strategist at TermsFeed)
New online platforms and the ease of app development makes market entry simple for even amateur developers.
If you perform app or website development outside of your regular day job or wish to test your market first before committing more time to development, it may not be on your immediate to-do list to incorporate.
Many people prefer to check the success of their ideas before taking the steps to officially starting a company.
If you review examples of Privacy Policies, you will see they reference a company, not an individual. Even individuals who perform business as sole proprietors often transact their business as an incorporated entity rather than using their own names.
This is due to the need to avoid personal liability.
Being personally connected to a business transaction or a privacy breach risks your personal assets. A successful lawsuit against you can attach your own real estate or bank accounts in addition to funds and property you hold exclusively for business purposes.
That is why you will not find Privacy Policies written for individuals. Tim Ferriss runs a blog that features his name prominently:
This does not mean you can't develop and sell an app or website product without establishing a company first.
It's understandable and not unheard of to do so if you want to test the market without putting in a giant investment, or just want to see if you like developing and distributing apps in the first place. However, the decision to release an app or website as an individual rather than as a corporation does not relieve you of legal requirements.
Privacy Policies are required anytime you collect personal data from users.
This is the case whether you run a large multinational company like Apple or if you create apps from your basement office.
Privacy protection laws address personal data. If you handle personal data, you must follow the requirements of these laws. Personal data for privacy law purposes is defined as any information that can be used to identify an individual. Some common examples of "personal data" include:
If your service or product works fine without users revealing this information, consider never requesting it in the first place.
However, if you need personal data, being an individual does not exempt you from privacy protection laws.
Laws concerning privacy typically refer to "organizations."
An organization for these purposes includes anyone who creates, runs, and manages an app or website that requests personal data.
While it's often assumed that these rules only apply to corporations, that is not the case.
The California Online Privacy Protection Act is the most extensive privacy act in the United States. Since California is a heavily populated state, it is impossible to run an app or website in the U.S. without engaging California citizens. You need to pay attention to this law as if it contained federal requirements.
The act applies to any person or entity that runs a commercial website or online service available to California residents.
The Canadian law, Personal Information Protection and Electronic Documents Act (PIPEDA), applies to organizations:
Individuals are included in its definition of organizations:
You will also find this in Australia with the Privacy Act 1988. Organizations also include individuals:
The E.U. places strict privacy requirements on its member states. Individuals are also held to these laws, although it refers to "controllers" and "processors" rather than organizations:
Finally, as an example of following the E.U. requirements, the U.K. passed an extensive privacy protection law called the Data Protection Act 1988. This law does not exempt individual developers if they collection personal information:
Knowing that individual developers are bound by privacy laws helps you make informed decisions. If you handle personal data within a website or app, you may want to consider incorporation.
Privacy breaches are burdensome to all corporations, even the largest ones. If the data you store is compromised, you can face penalties which may include fines and civil liability.
However, rather than enjoying the protection of a corporate structure, users pursue you personally for damages when you aren't incorporated. This can leave you financially destitute in addition to undermining your business efforts.
That is why if you handle personal data, you should consider creating a company first. This offers advantages over doing this on your own, including:
Credits: Icon "buildings" by Yamini Ahluwalia from the Noun Project.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
01 July 2022