Post-graduate law degree, CIPP/E from the International Association of Privacy Professionals (IAPP). Privacy and Data Protection Research Writer at TermsFeed.
On this page
- 1. You Might Be Collecting Personal Information Without Realizing It
- 2.1. Ensuring Consumer Trust
- 2.2. Meeting Third-Party Requirements
- 2.3. Developing Your Business
- 2.4. Avoiding Legal Headaches
- 5. Summary
You Might Be Collecting Personal Information Without Realizing It
Many types of data qualify as "personal information." It's actually pretty rare for a business, website, or mobile app not to collect at least some personal information.
For example, under the definitions used in many privacy laws, the following activities involve the processing of personal information:
- Taking customer inquiries via email, contact forms, or social media
- Maintaining a mailing list
- Using cookies for advertising or analytics
That last point can surprise some people.
Many people know that using cookies to deliver personalized advertising falls under the ambit of privacy law. But did you know that using analytics to measure the performance or functionality of your website can count as collecting personal information?
If your website or app collects users' IP addresses, advertising IDs, location, referral data, or tracks their usage, this could bring you under the jurisdiction of certain privacy laws.
Let's look at each.
Ensuring Consumer Trust
Privacy Policies are so abundant online that it's increasingly hard to take a company seriously if it doesn't have one.
If you've read the section above and determined that you really don't collect any personal information, you can leverage this fact to your advantage. Many consumers will see this as a good thing.
This company makes it clear not only what information it collects, but also what it does not collect.
There are legitimate uses of personal information. But if you don't need to track your users, great! Shout it from the rooftops.
Meeting Third-Party Requirements
When you host your blog on a WordPress site, run a Facebook Page, or offer your mobile app on the App Store, you depend on third parties to get the job done. You enter into legally-binding agreements with these third parties before you can use their services. Often, these agreements contain clauses that require you to take certain steps toward legal compliance. Sometimes these steps can require you to go even further than the law requires.
Whatever your online business or project involves, you're almost certainly not doing it entirely alone.
For example, take a look at this section of Apple's App Store Review Guidelines:
These can include third-party analytics companies (i.e. Google Analytics), as well.
Developing Your Business
By laying the foundations now, early in your venture, you save yourself some work in the future, when things could get more serious.
Avoiding Legal Headaches
If your customers believe you might be in breach of privacy law, they could report you to the relevant privacy authority, such as a Data Protection Authority in the EU, or an Attorney-General in many U.S. states.
At Step 1, select the Website option or App option or both.
Answer some questions about your website or app.
Answer some questions about your business.
Above, we showed how you can express your decision not to collect personal information as an affirmation of your commitment to user privacy. Here's another example from search engine Startpage:
Privacy laws typically require you to explain what types of personal information you collect. So, if you don't collect any personal information, you can explain this instead. What types of data do you not collect?
And here's how law firm AWO does this:
Startpage addresses the issue of disclosing data, both through sales and if a governmental authority requests data.
While it may seem like common sense that if a company doesn't collect data, it can't be sold or disclosed since there is nothing there to do either with. However, writing this out makes it clear to the public and avoids assumptions:
This is useful information, and it also confirms your commitment to your users' privacy.