This article will explain what a "what information do we collect" clause is, why you need one, what laws require it, and how to write an effective "what information do we collect" clause.
At Step 1, select the Website option or App option or both.
Answer some questions about your website or app.
Answer some questions about your business.
- 1. What is a "What Information Do We Collect" Clause?
- 2. Why Do You Need a "What Information Do We Collect" Clause?
- 2.1. CCPA/CPRA
- 3. How to Write a "What Information Do We Collect" Clause
- 3.1. Clearly Written
- 3.2. Intentional Formatting
- 3.2.1. Subheadings
- 3.2.2. Bullet Points
- 3.2.3. Short Paragraphs
- 4. What to Include in Your "What Information Do We Collect" Clause
- 4.1. Information Voluntarily Provided by Users
- 4.2. Information Collected Automatically
- 4.3. Third Party Information
- 4.4. How to Opt Out
- 5. Summary
What is a "What Information Do We Collect" Clause?
A "what information do we collect" clause informs users about the types of information you collect, such as names, addresses, and financial information.
It can also disclose whether you collect the information automatically (such as through cookies or analytics tracking), manually (such as when users enter their personal information in order to sign up for an account or make a purchase), or via third parties.
Snapchat's Information We Collect clause lets users know that it collects information directly from users, automatically when they use its services, and from third parties:
Why Do You Need a "What Information Do We Collect" Clause?
There are numerous state and global privacy laws that require businesses that meet their criteria to inform users about how they use their personal information before collecting or processing their personal information.
These laws include the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA) among others. Violations of these laws can result in hefty financial penalties as well as damage to your business's reputation.
The GDPR is the European Union's (EU) primary privacy law, and applies to any business that is based in the EU or that offers goods or services to residents of the EU. It requires applicable businesses to inform users of the purposes for which it collects and processes their personal data.
The CCPA was amended and expanded by the CPRA. It provides California consumers with privacy rights and lays out applicable businesses' data protection responsibilities.
The CCPA requires that businesses let consumers know how they collect and use their personal information.
How to Write a "What Information Do We Collect" Clause
Your "what information do we collect" clause should be clearly written, optimally formatted, and should only contain pertinent information so that it is easy for people to read and understand.
Your "what information do we collect" clause needs to be easy to understand. There is no need to include jargon or industry terms. You should aim to write it so that the average 8th grader can understand it. Double-check your clause once it's written to avoid poor grammar, run-on sentences, capitalization errors, and use of jargon.
It further informs users how it stores their information when they are signed out of and into their Google Accounts.
When it comes to writing an effective "what information do we collect" clause, formatting is huge. Using subheadings, bullet points, and short paragraphs can help to keep users' attention focused on your content.
You can use subheadings to break up the content of your "what information do we collect" clause, giving readers' eyes a break between batches of information.
Conversely, neglecting to add spacing between paragraphs and using walls of text can deter users from reading your content.
The Information Collected Automatically section of Outback Steakhouse's Collection of Personal Information clause is an example of how a wall of text (and poor font choice and lack of paragraph spacing) can have a negative effect on readability:
Here's an example of a clause that is very readable and organized, being broken into three subheadings describing the types of information collected directly from users, automatically, and from third parties:
Using bullet points is a great way to keep the reader's attention on your content. The key to writing effective bullet point lists is to keep them short and simple and to use consistent punctuation.
Breaking the paragraphs in your "what information do we collect" clause into 5 or fewer sentences helps to keep users engaged with your content. Combining subheadings, bullet points, and short paragraphs is an effective way to keep readers' attention.
While the Information We Collect clause in the iTouchless Notice of Privacy Practices is written in short paragraphs, it still has a "wall of text" effect on the reader:
In contrast, LinkedIn breaks its Data We Collect clause into subheadings that describe the type of data it collects. It then provides an example of and a short paragraph describing each type of data:
Now that you know how to format your clause to best present the relevant information, let's look more at specifically what your clause should contain.
What to Include in Your "What Information Do We Collect" Clause
Your "what information do we collect" clause should thoroughly explain the circumstances in which you collect information, the types of information you collect, and how users can control their data collection preferences.
The clause should only contain relevant information. While it's important to go into detail about exactly what information you are collecting and for what purposes, you don't need to go overboard here.
You want to include pertinent information and make sure that it's not so much text that users' eyes glaze over. The goal is to have users actually read it, and paring the content of your clause down to only the essentials goes a long way in constructing readability.
That's not to say that your "what information do we collect" clause has to be short. Having a lot of content in your "what information do we collect" clause is not a bad thing when done right.
In fact, the more relevant information you can include in your "what information do we collect" clause, the better informed your users will be and the more likely you are to be fully compliant with applicable privacy legislation.
While it's important to be thorough, the presentation of this information could be organized in a more accessible way. Scroll down to take a look at how Meta organizes its What Information Do We Collect? clause so that the information is accessible and engaging.
Meta's clause utilizes a drop-down menu that users can click on to find out more about the types of information it collects, including users' activity and any information they willingly provide, information about account users' friends and followers, information from and about users' devices, apps, and browsers, and information collected from third parties, as well as how to manage their privacy preferences.
The clause lets users know that some of the information Meta collects is necessary for the functioning of its Products, and that while other information is optional, choosing to opt-out of allowing its collection could have a negative effect on the user experience.
Finally, it gives users the option to control how their information is collected:
Information Voluntarily Provided by Users
You should explain if you collect information directly from users, such as when they sign up for an account, make a purchase, or provide user-generated content (UGC) or interact with other users on your platform.
You should also let users know exactly what kind of information you collect, such as names and email addresses or financial and health information.
The Information We Collect clause in Kraft Heinz's Privacy Notice describes the circumstances in which the company collects information directly from users, such as when users create an account, buy a product, or subscribe to a newsletter:
Note that the clause also details the types of personal information it collects from users, including names, birthdays, telephone numbers, email addresses, and financial information.
Information Collected Automatically
Users need to know whether you are collecting information from them through automatic means such as through things like cookies, web beacons or tracking services like analytics programs.
You should inform users if you are collecting information from their devices, such as their device characteristics, GPS location, camera access, IP address, or their network settings.
Here's an example of such a clause:
Third Party Information
You should let users know if you collect any information about them from your affiliate partners, vendors, service providers, or any other third parties.
How to Opt Out
Users need to know how to opt out of having their information collected, and what happens when they opt out.
You can include links within your "what information do we collect" clause that take users to a separate page with details about how to manage their preferences, or include a step-by-step description of the opting-out process within the clause itself.
Clicking on the Manage the information we collect about you link in Meta's What Information Do We Collect? clause takes users to its Collection page:
Meta's Data Collection page gives users options to review the information the company has collected from them, learn more about the types of information it collects, learn whether Facebook and Instagram are spying on them, and learn how to delete their information:
The GDPR and the CCPA (CPRA) are examples of international and state privacy laws that your business may be required to comply with. These laws require businesses that meet their criteria to inform users about their data collection practices.
To write an effective "what information do we collect" clause, you should make sure that it is clearly written, well-formatted, and contains relevant content. Adding subheadings, bullet points, and short paragraphs to your "what information do we collect" clause can help you to keep readers' attention.
Your "what information do we collect" clause should let users know the circumstances in which you collect their personal information, including:
- When they provide it to you to use your services
- When you automatically collect it through cookies, web beacons, or advertising identifiers
- When you collect it via third parties
You should also let users know how to opt-out of having their personal information collected, and how their use of your services is affected if they choose to opt-out.