Last updated on 08 December 2022 by Cara Hartley (Legal writer at TermsFeed)
Google's reCAPTCHA system is a security tool that many businesses use, which was designed to protect your business and your users from abusive bots and spam.
ReCAPTCHA is Google's version of a CAPTCHA. You have more than likely clicked on the box verifying that you are not a robot, and then clicked on the images that the reCAPTCHA directed you to choose. Newer versions of reCAPTCHA only require you to click the box saying that you are not a robot, while older versions will use images to determine whether or not you are in fact a human.
Adding a reCAPTCHA to your website helps to keep it safe from bots, and helps users to feel more secure when inputting their information.
CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart" (really!) and is a tool that is used to differentiate human internet users from bots. A CAPTCHA functions as a fully automated system, which helps to provide a low-cost layer of protection for your website.
You've probably come across a CAPTCHA in the form of a test where you need to type skewed letters into a box in order to login or save your information.
2Captcha, a company that provides a CAPTCHA solving service, shows users an image of a CAPTCHA on its website:
Ascension Medical Group uses a reCAPTCHA to weed out bots whenever it asks patients to provide personal information:
One of the ways reCAPTCHAs work is by checking your browser to see if you already have a Google cookie installed. Cookies are files that store information about how you interact with specific websites.
ReCAPTCHAs require users to share their cookies and other personal information with Google, which means that any business that uses reCAPTCHAs must abide by certain privacy regulations.
Google has its own requirements for any businesses that use reCAPTCHA, but you should also be aware of state and global privacy legislation concerning the collection of personal information.
According to the United Nations Conference on Trade and Development (UNCTAD), 137 countries currently have legislation concerning personal information and privacy. That means that if your company does business with consumers from any of these countries then you need to be aware of any national or regional privacy rules and make sure that you aren't violating any of their regulations.
In the U.S., there are a number of states that have enacted privacy laws including California, Colorado, Connecticut, Utah, and Virginia. Each of these state privacy laws give consumers the right to access and/or delete their personal information, as well as the right to opt-out of the sale of their personal information.
These laws also require that businesses are transparent about how they handle consumers' personal information and refrain from discriminating against consumers for exercising their rights.
The California Consumer Privacy Act (CCPA) requires that businesses divulge what kind of data they collect, what purposes they use it for, and whether and with whom they share the personal information they collect.
The CCPA also requires that businesses inform users of their rights to request information about how their data is used and to request that their data be deleted. Section 1798.100 of the official text of the CCPA outlines consumers' rights to know the details of how their personal information is collected and used:
And, Section 1798.105 informs consumers of their right to request that their personal information be deleted:
The General Data Protection Regulation (GDPR) is the European Union's (EU) premier privacy legislation, requiring organizations that handle information from residents of the EU to get user's consent before collecting or processing personal information, keep the data they collect secure, and only use data that is essential to their business.
Failure to follow GDPR rules can result in hefty financial penalties of up to 4% of your business's annual revenue.
Article 7 of the official text of the GDPR explains how businesses need to get consumers' consent before processing their data:
Article 5 of the GDPR requires that a company only collects personal data for purposes necessary for the functioning of the business, and securely processes the personal information it collects:
Creative Commons is an open source global sharing platform that uses reCAPTCHA on its contact form:
When users tick the "I'm not a robot" box, a new page opens, requiring users to select certain images to prove that they aren't a malicious bot:
In order to remain compliant with state laws, you should make sure that your business:
The Home Depot requires users wishing to create an account with the company to pass a reCAPTCHA test, and provides users with a link to its Privacy and Security Statement:
When users click on The Home Depot's Privacy and Security Statement link, they are taken to a new page, which includes a California Privacy Rights and Report section which outlines what California consumers' privacy rights are and how the Home Depot complies with the CCPA:
Privacy laws vary by country, but Europe's GDPR is one of the most prominent global privacy laws, and requires that the businesses under its jurisdiction:
Roku is a company that provides digital streaming devices to users around the world, and uses a reCAPTCHA to help keep users' account information secure:
ReCAPTCHA is a test designed by Google that helps to differentiate humans from bots. You can use reCAPTCHA to help protect your business and your users' information.
You need to follow certain privacy rules in order to use reCAPTCHA, including those outlined in Google's Terms of Service, as well as any applicable state and global privacy regulations.
The CCPA is California's primary privacy legislation, and serves to inform consumers of their rights as well as let them know how businesses collect and use their personal information.
The GDPR is the European Union's main privacy and data law, and it requires that applicable companies get consent from consumers before collecting their personal information, and keep the information they collect secure, among other directives.
You should also inform consumers of their rights concerning their personal information and privacy, and let them know how they can access and delete their data, as well as give them the opportunity to opt-out of the sale of their information.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
08 December 2022