Practically every business needs a page on its website or app explaining how it collects and uses personal data.

Some businesses call this transparency information a "Privacy Policy." Some call it a "Privacy Notice" and some call it a "Privacy Statement." There are other names, too, like "Fair Processing Notice" or "Data Protection Notice."

What's the difference? Which one is right for you? While these terms can be used interchangeably, some might be better than others in some contexts. Let's figure out the right one for your business.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.

    TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  2. Answer some questions about your website or app.

    TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  3. Answer some questions about your business.

    TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  4. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.

What is a Privacy Policy, a Privacy Notice, and a Privacy Statement?

As the introduction notes, you almost certainly have a legal obligation to explain how you collect and use personal data. You should provide this explanation to your customers, users, and website visitors, and in some cases, your employees and business partners, too.

What you call this transparency information is up to you, to some extent. But here are some initial factors to consider:

  • "Privacy Policy" is the most widely-used term and gets a name-check in several important privacy laws. However, a "Privacy Policy" can also be an internal document setting out how your employees should handle personal data.
  • "Privacy Notice" is becoming more popular and is used in many new U.S. privacy laws.
  • "Privacy Statement" is relatively rare and doesn't appear in any significant privacy laws. But that doesn't mean you shouldn't use the term.

To decide what you should call this document, we can consider:

  • What the law says
  • Which terms other businesses use
  • The context of your business

What Do Privacy Laws Say About Privacy Policy, Privacy Notice or Privacy Statement?

To help you pick a name, let's look first at how transparency information is described in various privacy and data protection laws that require it.

California Laws

The first U.S. law requiring private sector businesses to explain their personal data-collection practices was the California Online Privacy Protection Act (CalOPPA).

CalOPPA applies to any business whose website or app collects personal information about people in California, and its only requirement is to post an easily accessible Privacy Policy on its website homepage and app download page and "settings" menu.

In 2018, California passed a much more comprehensive privacy law, the California Consumer Privacy Act (CCPA/CPRA). The CCPA/CPRA doesn't apply as broadly as CalOPPA, but its requirements are much more extensive.

Under these two California laws, a Privacy Policy must explain (among other things):

  • The types of personal information (called "personally identifiable information" under CalOPPA and "personal information" under the CCPA) you collect
  • The types of third parties with whom you share personal data
  • How consumers can exercise their privacy rights
  • How your website or app tracks users via cookies

While these California laws use the term "Privacy Policy," they don't require businesses to use it. However, California law does require businesses to use the term "privacy" when referencing the document, as we can in the California Attorney General's CCPA Regulations:

California Attorney General: CCPA - Privacy Policy posted with conspicuous link section

Other U.S. State Laws

Since California passed the CCPA in 2018, many other U.S. states have passed "comprehensive" privacy laws.

Several of these new privacy laws are already in effect across states such as Virginia, Connecticut, and Colorado. Privacy laws in other states, such as Montana, Oregon, and Texas, will kick in throughout 2024.

All these new laws include transparency requirements, too. But unlike in California, these other laws refer to a "Privacy Notice" rather than a "Privacy Policy." For example, here's the relevant part of the Virginia Consumer Data Protection Act (VCDPA):

VCDPA excerpt with Privacy Notice highlighted

So far, all major U.S. state privacy laws except California also refer to a "Privacy Notice." But the laws don't require businesses to use that term.

However, in Colorado, just like in California, businesses are required to use the word "privacy" when referring to their transparency documents, as shown in the Colorado Attorney General's Colorado Privacy Act (CPA) Rules:

Code of Colorado Regulations: CPA - Privacy Notice requirements excerpt

U.S. Federal Level Laws

Several U.S. federal laws, which apply across every state, also include transparency requirements.

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule requires certain healthcare providers to create a "Notice of Privacy Practices."

HIPAA Section 164 520 Notice of Privacy Practices for Protected Health Information excerpt

While HIPAA does require healthcare providers to include certain language in the notice, the law does not mandate the title "Notice of Privacy Practices."

Nonetheless, many healthcare providers, and the Department of Health and Human Services (HHS), tend to use the term "Notice of Privacy Practices" or "NPP" to refer to this document.

EU and UK Laws

Transparency requirements in the European Economic Area (EEA) (which includes the EU) and the UK come from the General Data Protection Regulation (GDPR).

European law distinguishes between "privacy" and "data protection" differently than in the EU. However, European companies generally still use terms like "Privacy Policy" to describe their transparency information.

The GDPR doesn't provide a name for your transparency information. The law sets out what information you have to provide, gives some general rules about how to provide the information, and leaves the rest up to you.

The GDPR's transparency rules are at Articles 12-14 of the GDPR. Read our GDPR Privacy Policy Template article for more information about the requirements.

The European Data Protection Board (EDPB), which brings together each of the EU's Data Protection Authorities (DPAs), mentions several names in its GDPR transparency guidelines:

European Commission: GDPR Transparency Guidelines - Privacy notice section

This guidance suggests that the following terms are acceptable under the GDPR:

  • Data Protection Notice
  • Privacy Notice
  • Privacy Policy
  • Privacy Statement
  • Fair Processing Notice

However, the EDPB's list isn't intended to be exhaustive. To some extent, you can call your Privacy Policy whatever you want, as long as it is clear and accessible to the people who need to read it.

Canadian Laws

Canada's main privacy law, the Personal Information and Protection of Electronic Documents Act (PIPEDA), requires businesses to provide "information" but doesn't specify a name for the document containing the information:

PIPEDA Principle 8: Openness

The Canadian Office of the Privacy Commissioner (OPC) calls this type of document a "Privacy Policy," but doesn't necessarily expect you to do the same:

Canadian Office of the Privacy Commissioner: Ten tips for a better privacy policy guidelines excerpt

Australian Laws

Entities covered by Australia's Privacy Act 1988 must comply with the Australian Privacy Principles (APPs), including by publishing an "APP Privacy Policy."

OAIC Australian Privacy Principles: APP Privacy Policy section

What Do Other Businesses Call Their Transparency Information?

We've looked at what various privacy and data protection laws say about transparency information. While some laws use specific terms, such as "Privacy Policy" and "Privacy Notice," most do not require a business to use any particular terminology.

So what do most businesses do? Let's take a look at the most widespread approaches to titling transparency documents.

Which Term Is Most Widely Used?

To give you an idea of how many businesses use the terms "Privacy Policy," "Privacy Notice," and "Privacy Statement," here is the number of pages indexed for each term by Microsoft's Bing (which, unlike Google, still displays the number of search results):

  • "Privacy Policy": 1.4 billion results
  • "Privacy Notice": 460 million results
  • "Privacy Statement": 354 million results

"Privacy Policy" is by far the most popular term, but bear in mind that some of these results might relate to internal privacy policies rather than transparency information.

Google, which remains the world's most popular website, uses "Privacy Policy."

Google Privacy and Terms main page screenshot

Meta, the owner of Facebook and Instagram, also uses "Privacy Policy."

Meta Privacy Centre Privacy Policy main page

In fact, almost all of the world's most-visited websites use "Privacy Policy", except Amazon, which uses "Privacy Notice."

Amazon Privacy Notice intro section

"Privacy Policy" appears to be popular across most English-speaking regions.

UK-based BBC News, the world's most visited news website, uses "Privacy Policy":

BBC website screenshot with Privacy Policy link highlighted

And Daily Mail, the second most popular UK-based website, uses "Privacy Policy" too:

Daily Mail Privacy Policy: Intro section

Using the term "Privacy Policy" is also popular in the United States. However, as businesses publish new transparency information to comply with new U.S. state laws, it seems "Privacy Notice" might be experiencing an uptick in popularity.

Most websites specifically referencing Virginia appear to prefer the term "Privacy Notice." This makes sense, as the state's new privacy law, the VCDPA, references this term.

Here's an example from the Financial Health Network:

Financial Health Network Privacy Notice for Virginia Residents: Intro section

And some websites appear to be transitioning between the California-inspired "Privacy Policy" and the more recent "Privacy Notice," like this page from Smarty Pants Vitamins:

Smarty Pants Vitamins: Colorado Privacy Policy intro section

How Should You Display Your Privacy Policy, Privacy Notice and Privacy Statement?

The laws we've considered have different requirements for what your Privacy Policy (or "Privacy Notice", etc) must include. But all these laws require you to make your Privacy Policy easy to understand, and easy to access.

Place a link to your Privacy Policy, Notice or Statement in the footer of your website, and on any page that collects personal data (whether via cookies or otherwise).

Here's how Misfits Market does this, displaying both a Privacy Policy link and a separate California Privacy Notice link:

Misfits Market website footer with Privacy Policy and Notice links highlighted

If you have a cookie consent notice, you should link your Privacy Policy within it so that users can find out more about how you use their personal data.

Here's an example from The Times:

Times UK Cookie Consent Notice with Privacy Policy link highlighted

If you have a newsletter, put a link to your Privacy Policy alongside your newsletter signup form since people submit an email address here, and this is legally protected personal information.

Here's an example of this:

Generic email newsletter sign-up form with Privacy Notice link highlighted

If you allow users to create an account with your business, make a link to your Privacy Policy available during the account creation process.

Here's how Tesco does this:

Tesco create account form with Privacy and cookies policy link highlighted

And if you have an app, make sure users can access your Privacy Policy within your mobile app's "settings" menu.

Here's an example of this:

Generic app Settings menu with Privacy Policy link highlighted

Privacy Policy, Privacy Notice, or Privacy Statement? Here's What Really Matters

It should be clear that there's no "one right name" for your transparency information.

But if you run a website or operate an app, you have a legal obligation to be transparent about how you collect, use, and share personal data. As such, you need to pick a name and publish the required information.

Here's a summary of what we've learned in this article:

  • You should publish information about your data-collection practices.
  • There's no legal obligation to choose one name over another.
  • The important thing is that people can find the information they're looking for.
  • To comply with U.S. state laws and regulatory requirements, you should choose a name that includes the word "privacy."
  • Even outside of the U.S., people increasingly expect to see the word "privacy" in the title of this document.
  • "Privacy Policy" appears to be the most popular choice across the world's most visited websites.
  • "Privacy Notice" might become more popular due to new U.S. state laws.
  • But "Privacy Statement" is fine too! Even "Privacy Information" could work.
  • Ensure your Privacy Policy meets the requirements under whichever laws apply to you.
  • Display a link to your Privacy Policy on your website, wherever you collect personal data, and with your app's "settings" menu (if you have one).

Whether you choose "Privacy Policy," "Privacy Notice," "Privacy Statement," or something else entirely, make sure you're giving people the right information in an easily-accessible and understandable format.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy