05 October 2020
But what if you don't actually collect any personal information? Can you avoid the hassle of creating a lengthy legal document that many of your users might not even read?
Firstly, you should be aware that many types of data qualify as "personal information." It's actually pretty rare for a business, website, or mobile app not to collect at least some personal information.
For example, under the definitions used in many privacy laws, the following activities involve the processing of personal information:
That last point can surprise some people.
Many people know that using cookies to deliver personalized advertising falls under the ambit of privacy law. But did you know that using analytics to measure the performance or functionality of your website can count as collecting personal information?
If your website or app collects users' IP addresses, advertising IDs, location, referral data, or tracks their usage, this could bring you under the jurisdiction of certain privacy laws.
Privacy Policies are so abundant online that it's increasingly hard to take a company seriously if it doesn't have one.
If you've read the section above and determined that you really don't collect any personal information, you can leverage this fact to your advantage. Many consumers will see this as a good thing.
This company clearly trades on its commitment to user privacy.
There are legitimate uses of personal information. But if you don't need to track your users, great! Shout it from the rooftops.
Whatever your online business or project involves, you're almost certainly not doing it entirely alone.
When you host your blog on a WordPress site, run a Facebook Page, or offer your mobile app on the App Store, you depend on third parties to get the job done. You enter into legally-binding agreements with these third parties before you can use their services.
Often, these agreements contain clauses that require you to take certain steps toward legal compliance. Sometimes these steps can require you to go even further than the law requires.
For example, take a look at this section of Apple's App Store Review Guidelines:
As your business or project grows and expands, your needs will evolve with it. Sure, you might not need to collect personal information right now, but don't assume you won't need to do so in the future.
By laying the foundations now, early in your venture, you save yourself some work in the future, when things could get more serious.
If your customers believe you might be in breach of privacy law, they could report you to the relevant privacy authority, such as a Data Protection Authority in the EU, or an Attorney-General in many U.S. states.
Above, we showed how you can express your decision not to collect personal information as an affirmation of your commitment to user privacy. Here's another example from search engine Startpage:
Privacy laws typically require you to explain what types of personal information you collect. So, if you don't collect any personal information, you can explain this instead. What types of data do you not collect?
Here's how law firm AWO does this:
This is useful information, and it also confirms your commitment to your users' privacy.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.