Last updated on 16 August 2022 by William Blesch (Legal and data protection research writer at TermsFeed)
In today's business world, companies depend heavily on data and information derived from it. Indeed, information is essential for all company employees, from the top executives to the operations level.
In fact, privacy laws are in place in many countries around the globe, including the following:
You should provide clauses detailing how you use third-party services, APIs and SDKs.
Trust is essential for companies whose business models are based on sensitive customer data. Users feel secure knowing they have control over their personal information under the terms they signed up for.
It should be structured to make it easy for the reader to understand essential information. You can achieve this by using well-structured, clearly written clauses that are clearly identified with descriptive headlines.
For instance, a website could use a registration form to collect an individual's email address, which the company then adds to its mailing list. This is very different from an app that collects all kinds of personal data, such as name, address, payment information, and location.
The point here is that there is a worldwide consensus that users have the right to know exactly what kind of data you collect.
Here's how TikTok lets users know what kinds of information it uses and collects:
You must also keep in mind that privacy laws generally stipulate that you may only collect personal information if necessary to offer the services you provide.
This clause informs the user about what happens to their personal data after it is collected.
A website might collect information such as a user's address and name in order to ship products purchased online. This information is essential and is not collected more than necessary. This is very different from a website that collects users' names and addresses and then sells it to a third party for marketing purposes.
Both websites collect the same information, but it is vital that you disclose how this information is used once it has been collected.
Here's how Snap discloses what it does with the information it collects:
Personal data that is collected from an individual must be kept secure and only accessible by authorized personnel. You must implement appropriate security measures if you are trusted with handling personal data about users.
For example, to prevent unauthorized people from stealing or hacking your customer's credit card information, you need to secure it behind firewalls.
Data breaches have been affecting millions of internet users over the last few years. Many of those affected faced severe legal and financial consequences. You are responsible to make sure that personal information is not lost or misused if you store it.
Here is how MeWe notifies users about how it secures the data it collects:
This clause is only applicable to specific websites and apps. It is regulated primarily under COPPA (the Children's Online Privacy Protection Act). COPPA imposes special requirements on apps and websites that collect data about children. It is vital to protect the privacy of all people, but it is crucial for minors.
You must comply with COPPA regulations if young people use your app or website.
The kids virtual classroom website Edmodo writes its clause on this subject like this:
Extra-sensitive information such as medical information is subject to additional regulation. The main law that covers additional measures for apps and websites that contain medical and health information is HIPAA (the Health Insurance Portability and Accountability Act of 1996).
If your website or app collects health or medical information, you must comply with HIPAA regulations. Note how the health insurance company Kaiser Permanente provides a link to its HIPAA privacy notice within its main Privacy Statement:
For obvious reasons, financial information requires greater privacy protections than usual. Because financial information and credit are more sensitive than usual, several laws govern what steps must be taken by companies to protect their users from identity theft and fraud.
You must comply with all laws governing financial information and credit information that you offer on your website or app. Kaiser Permanente has a simple statement on this subject.
Privacy Policies often disclose information about third-party services used by websites. It is important to disclose information about third-party usage because the Privacy Policies of third parties may differ from yours. Users need to know who has access and what their own unique policies are, since this may affect their data.
A website might use a third-party credit card processor to process transactions. Although the website does not store or handle this transaction information, users need to be able to see who has access to their credit card information and what they do with it.
The clauses we just went over are pretty common. However, your website might require additional clauses to disclose your privacy practices and inform users about your services.
Check out the Privacy Policies on your favorite websites and apps, or those of your competitors, to see what extra clauses they have, which cover the unique features and services they offer.
Here is a list of frequently asked questions that you may find useful.
Let's look at some Privacy Policies on popular news websites.
This list is a great place to start for most Privacy Policies.
It should be accurate and up-to-date with any changes in policy or practices so that you don't run into problems down the line.
Be sure to include sections on:
But is that time better spent growing your business or creating cobbling together a Frankenpolicy?
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
16 August 2022