Do I Need a Privacy Policy if I Don't Collect Any Data?

Do I Need a Privacy Policy if I Don't Collect Any Data?

Complying with privacy law is an important consideration for any online venture, whether you're a startup business, a mobile app developer, or a blogger who maintains a simple website. Creating a Privacy Policy is often seen as the first step in legal compliance.

But what if you don't actually collect any personal information? Can you avoid the hassle of creating a lengthy legal document that many of your users might not even read?

We think virtually every serious online project should have an associated Privacy Policy, even if it appears not to be collecting any personal information. Here's why.


You Might Be Collecting Personal Information Without Realizing It

Firstly, you should be aware that many types of data qualify as "personal information." It's actually pretty rare for a business, website, or mobile app not to collect at least some personal information.

For example, under the definitions used in many privacy laws, the following activities involve the processing of personal information:

  • Taking customer inquiries via email, contact forms, or social media
  • Maintaining a mailing list
  • Using cookies for advertising or analytics

That last point can surprise some people.

Many people know that using cookies to deliver personalized advertising falls under the ambit of privacy law. But did you know that using analytics to measure the performance or functionality of your website can count as collecting personal information?

If your website or app collects users' IP addresses, advertising IDs, location, referral data, or tracks their usage, this could bring you under the jurisdiction of certain privacy laws.

But even if you're going out of your way not to collect personal information, it might still be a good idea for you to create a Privacy Policy.

Four Reasons to Create a Privacy Policy Even If You Don't Collect Personal Information

Four Reasons to Create a Privacy Policy Even If You Don't Collect Personal Information

Here are the four main reasons we think every online project should have a Privacy Policy, whether or not it collects personal information.

Ensuring Consumer Trust

Privacy Policies are so abundant online that it's increasingly hard to take a company seriously if it doesn't have one.

Whether they understand the law or not, consumers expect to see that a company has certain legal documents available at the footer of its website or the "Settings" page of its app. These include its Terms and Conditions and its Privacy Policy.

Creating a Privacy Policy explaining your practices with full transparency helps build consumer trust, and makes your project or business appear more professional.

If you've read the section above and determined that you really don't collect any personal information, you can leverage this fact to your advantage. Many consumers will see this as a good thing.

For example, take a look at the Privacy Policy of consultancy firm ThinkPrivacy:

ThinkPrivacy Privacy Policy screenshot

This company clearly trades on its commitment to user privacy.

There are legitimate uses of personal information. But if you don't need to track your users, great! Shout it from the rooftops.

Meeting Third-Party Requirements

Meeting Third-Party Requirements

Whatever your online business or project involves, you're almost certainly not doing it entirely alone.

When you host your blog on a WordPress site, run a Facebook Page, or offer your mobile app on the App Store, you depend on third parties to get the job done. You enter into legally-binding agreements with these third parties before you can use their services.

Often, these agreements contain clauses that require you to take certain steps toward legal compliance. Sometimes these steps can require you to go even further than the law requires.

For example, take a look at this section of Apple's App Store Review Guidelines:

Apple App Store Review Guidelines: Data Collection and Storage section - Privacy Policy Link required section highlighted

The section above explains that every app submitted to the App Store must come with a Privacy Policy, whether the app collects user data or not.

It's worth creating a Privacy Policy just in case you're required to do so under the numerous third-party agreements by which you're almost certainly bound.

Developing Your Business

As your business or project grows and expands, your needs will evolve with it. Sure, you might not need to collect personal information right now, but don't assume you won't need to do so in the future.

If you ever want to start a social media ad campaign, start selling merchandise, or even just add a contact form to your website, you'll need a Privacy Policy at this point.

By laying the foundations now, early in your venture, you save yourself some work in the future, when things could get more serious.

As outlined above, collecting personal information online is actually pretty hard to avoid for many projects. And users increasingly expect to see that a company has an accessible and comprehensive Privacy Policy.

If your customers believe you might be in breach of privacy law, they could report you to the relevant privacy authority, such as a Data Protection Authority in the EU, or an Attorney-General in many U.S. states.

Even if you're not strictly required to maintain a Privacy Policy under the law (and remember, you might be), you don't need this sort of a headache. Any suggestion of a regulatory investigation, or even a customer complaint, is a hassle that you want to avoid.

What Should my Privacy Policy Include If I Don't Collect Personal Information?

What Should my Privacy Policy Include If I Don't Collect Personal Information?

So, if you're creating a Privacy Policy even though you don't collect any personal information, what do you actually write about?

As noted above, your Privacy Policy doesn't need to be an empty document. It can be a declaration of your good privacy practices that can win you some good PR points with your customers.

Above, we showed how you can express your decision not to collect personal information as an affirmation of your commitment to user privacy. Here's another example from search engine Startpage:

Startpage Privacy Policy: Intro clause - Fundamental human right highlighted

Privacy laws typically require you to explain what types of personal information you collect. So, if you don't collect any personal information, you can explain this instead. What types of data do you not collect?

Here's how law firm AWO does this:

AWO Privacy Policy: What we do not collect clause

This is useful information, and it also confirms your commitment to your users' privacy.

In sum, if you don't collect any data, you can and still should have a Privacy Policy in place for a number of reasons.

Robert B.

Robert B.

Legal writer.

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.