Last updated on 01 July 2022 by Sara Pegarella (Law school graduate, B.A. in English/Writing. In-house writer at TermsFeed)
Privacy Policies are where you disclose your practices when it comes to your collection, use and handling of the personal data of your users. They provide information and transparency.
What kind of personal data is personal enough to identify an individual? There's a lot that can fall into that category, and here are just a few examples:
Anonymous data (that doesn't include personal data) can also be classified as "personally identifiable information" if used in connection with another type of data that can result in identifying an individual. For example, some types of IP addresses are legally protected personal information under modern privacy laws.
*Editor's note: The video above has outdated content regarding EU laws. The article content is updated as of July 16, 2019. We apologize for any inconvenience this may cause.
There are privacy laws in countries all around the world. Here are a few of the ones that have the farthest reach and widest impact on businesses all over the world.
The FTC (Federal Trade Commission) regulates data protection for all consumers in the USA, and the following laws all have privacy implications:
There are also biometrics laws that add a new level of protection to consumer privacy and data. Some of these laws include:
The CCPA went into affect on January 1, 2020. It affects what certain businesses that reach California residents have to disclose in their Privacy Policies. Transparency is key here, as is granting extra rights to users when it comes to controlling what happens with their personal information.
While the CCPA is still a key law in California, the CPRA will be taking effect on January 1, 2023, and has some specific requirements for businesses that fall under its scope.
The CPRA expands the requirements of the CCPA, so it comes with additional requirements and obligations.
This Act regulates the handling of personal information of individuals and mentions the collection, use, storage and disclosure of personal information.
It groups 13 Privacy Principles that each company that's required to comply with the Privacy Act should follow.
Companies that must comply with UK's DPA act must follow the 8 principles, condensed here:
PIPEDA, the Personal Information Protection and Electronic Documents Act, is the main law of Canada for protecting user data.
Under PIPEDA, personal information means:
any identifiable information about an individual whether recorded or not and it applies to the collection, use, and disclosure of personal information by organizations during commercial activities.
Any business that falls under PIPEDA's scope is required to make information available to the public about the way it handles personal information.
There's also the Digital Charter, which helps individuals take control over their personal information in an increasingly digital world.
The General Data Protection Regulation (GDPR) regulates the processing of personal data within the European Union. This regulation has strict, global requirements for companies who have users located within the EU.
Consent is huge under the GDPR, so if this regulation applies to you you'll want to get familiar with how your consent requirements will change.
Brazil's main privacy law is its Brazilian General Data Protection Law (LGPD). The LGPD affects businesses around the world if they collect personal information from people located in Brazil.
China's Personal Information Protection Law (PIPL) took effect on November 1, 2021. One of the big aspects of this law is the privacy rights it grants to individuals in China.
Because these laws aren't quite as robust as some from the EU and the United States at the moment, you can pretty much ensure you're complying with them by making sure you comply with the requirements of the GDPR or CalOPPA.
*Editor's note: The presentation above has outdated content regarding EU laws. The article content is updated as of July 16, 2019. We apologize for any inconvenience this may cause.
For example, if your app collects personal information, the following third-party privacy requirements will apply:
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
01 July 2022