Any business that collects consumers' personal information should have a comprehensive and clearly written Privacy Policy available on its website and apps.
Your Privacy Policy should contain a few essential clauses, including sections about how you collect information, what you do with the information you collect, and a "what information do we collect" clause.
This article will explain what a "what information do we collect" clause is, why you need one, what laws require it, and how to write an effective "what information do we collect" clause.
Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:
-
At Step 1, select the Website option or App option or both.
-
Answer some questions about your website or app.
-
Answer some questions about your business.
-
Enter the email address where you'd like the Privacy Policy delivered and click "Generate."
You'll be able to instantly access and download your new Privacy Policy.
- 1. What is a "What Information Do We Collect" Clause?
- 2. Why Do You Need a "What Information Do We Collect" Clause?
- 2.1. CCPA/CPRA
- 3. How to Write a "What Information Do We Collect" Clause
- 3.1. Clearly Written
- 3.2. Intentional Formatting
- 3.2.1. Subheadings
- 3.2.2. Bullet Points
- 3.2.3. Short Paragraphs
- 4. What to Include in Your "What Information Do We Collect" Clause
- 4.1. Information Voluntarily Provided by Users
- 4.2. Information Collected Automatically
- 4.3. Third Party Information
- 4.4. How to Opt Out
- 5. Summary
What is a "What Information Do We Collect" Clause?
A "what information do we collect" clause informs users about the types of information you collect, such as names, addresses, and financial information.
It can also disclose whether you collect the information automatically (such as through cookies or analytics tracking), manually (such as when users enter their personal information in order to sign up for an account or make a purchase), or via third parties.
Snapchat's Information We Collect clause lets users know that it collects information directly from users, automatically when they use its services, and from third parties:
Why Do You Need a "What Information Do We Collect" Clause?
There are numerous state and global privacy laws that require businesses that meet their criteria to inform users about how they use their personal information before collecting or processing their personal information.
These laws include the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA) among others. Violations of these laws can result in hefty financial penalties as well as damage to your business's reputation.
The GDPR is the European Union's (EU) primary privacy law, and applies to any business that is based in the EU or that offers goods or services to residents of the EU. It requires applicable businesses to inform users of the purposes for which it collects and processes their personal data.
CCPA/CPRA
The CCPA was amended and expanded by the CPRA. It provides California consumers with privacy rights and lays out applicable businesses' data protection responsibilities.
The CCPA requires that businesses let consumers know how they collect and use their personal information.
One of the best ways to ensure that users understand and consent to your data collection practices is to include a "what information do we collect" clause within your Privacy Policy, and to add a link to your Privacy Policy to your website, apps, and ecommerce checkout and account login pages.
How to Write a "What Information Do We Collect" Clause
Your "what information do we collect" clause should be clearly written, optimally formatted, and should only contain pertinent information so that it is easy for people to read and understand.
Clearly Written
Your "what information do we collect" clause needs to be easy to understand. There is no need to include jargon or industry terms. You should aim to write it so that the average 8th grader can understand it. Double-check your clause once it's written to avoid poor grammar, run-on sentences, capitalization errors, and use of jargon.
The Information Google Collects clause in Google's Privacy Policy is clearly written so that users know that the types of information it collects and how it uses that information depends on how users access its services and control their privacy preferences.
It further informs users how it stores their information when they are signed out of and into their Google Accounts.
Intentional Formatting
When it comes to writing an effective "what information do we collect" clause, formatting is huge. Using subheadings, bullet points, and short paragraphs can help to keep users' attention focused on your content.
Subheadings
You can use subheadings to break up the content of your "what information do we collect" clause, giving readers' eyes a break between batches of information.
Conversely, neglecting to add spacing between paragraphs and using walls of text can deter users from reading your content.
The Information Collected Automatically section of Outback Steakhouse's Collection of Personal Information clause is an example of how a wall of text (and poor font choice and lack of paragraph spacing) can have a negative effect on readability:
Here's an example of a clause that is very readable and organized, being broken into three subheadings describing the types of information collected directly from users, automatically, and from third parties:
Bullet Points
Using bullet points is a great way to keep the reader's attention on your content. The key to writing effective bullet point lists is to keep them short and simple and to use consistent punctuation.
The Personal Information We Collect clause in Coca-Cola's Privacy Policy uses bullet points to describe the types of personal information it collects, but the content of each bullet point is a little bit too long to keep readers engaged, and the punctuation is inconsistent (some bullets end in periods, while others do not).
Apple does a better job at using bullet points in its Privacy Policy's Personal Data Apple Collects From You clause by treating each bullet point as a miniature headline, maintaining consistent punctuation, and keeping each bullet point short and sweet:
Short Paragraphs
Breaking the paragraphs in your "what information do we collect" clause into 5 or fewer sentences helps to keep users engaged with your content. Combining subheadings, bullet points, and short paragraphs is an effective way to keep readers' attention.
While the Information We Collect clause in the iTouchless Notice of Privacy Practices is written in short paragraphs, it still has a "wall of text" effect on the reader:
In contrast, LinkedIn breaks its Data We Collect clause into subheadings that describe the type of data it collects. It then provides an example of and a short paragraph describing each type of data:
Now that you know how to format your clause to best present the relevant information, let's look more at specifically what your clause should contain.
What to Include in Your "What Information Do We Collect" Clause
Your "what information do we collect" clause should thoroughly explain the circumstances in which you collect information, the types of information you collect, and how users can control their data collection preferences.
The clause should only contain relevant information. While it's important to go into detail about exactly what information you are collecting and for what purposes, you don't need to go overboard here.
You want to include pertinent information and make sure that it's not so much text that users' eyes glaze over. The goal is to have users actually read it, and paring the content of your clause down to only the essentials goes a long way in constructing readability.
That's not to say that your "what information do we collect" clause has to be short. Having a lot of content in your "what information do we collect" clause is not a bad thing when done right.
In fact, the more relevant information you can include in your "what information do we collect" clause, the better informed your users will be and the more likely you are to be fully compliant with applicable privacy legislation.
Molson Coors' Privacy Policy uses a table to go into great detail about the context in which it collects users' personal information, the types of personal information it collects, and the purposes for which it collects the information:
While it's important to be thorough, the presentation of this information could be organized in a more accessible way. Scroll down to take a look at how Meta organizes its What Information Do We Collect? clause so that the information is accessible and engaging.
Meta's Privacy Policy contains an extensive What Information Do We Collect? clause, which includes an explanatory video and lets users know that the types of information it collects depends on how they use its products. It also informs users that it collects their information regardless of whether they have an account with its platforms:
Meta's clause utilizes a drop-down menu that users can click on to find out more about the types of information it collects, including users' activity and any information they willingly provide, information about account users' friends and followers, information from and about users' devices, apps, and browsers, and information collected from third parties, as well as how to manage their privacy preferences.
The clause lets users know that some of the information Meta collects is necessary for the functioning of its Products, and that while other information is optional, choosing to opt-out of allowing its collection could have a negative effect on the user experience.
Finally, it gives users the option to control how their information is collected:
Information Voluntarily Provided by Users
You should explain if you collect information directly from users, such as when they sign up for an account, make a purchase, or provide user-generated content (UGC) or interact with other users on your platform.
You should also let users know exactly what kind of information you collect, such as names and email addresses or financial and health information.
The Information We Collect clause in Kraft Heinz's Privacy Notice describes the circumstances in which the company collects information directly from users, such as when users create an account, buy a product, or subscribe to a newsletter:
Note that the clause also details the types of personal information it collects from users, including names, birthdays, telephone numbers, email addresses, and financial information.
Information Collected Automatically
Users need to know whether you are collecting information from them through automatic means such as through things like cookies, web beacons or tracking services like analytics programs.
The Automated Information Collection section of Target's Privacy Policy lets users know that it automatically collects information about their website, app, and shopping behaviors:
You should inform users if you are collecting information from their devices, such as their device characteristics, GPS location, camera access, IP address, or their network settings.
Here's an example of such a clause:
Third Party Information
You should let users know if you collect any information about them from your affiliate partners, vendors, service providers, or any other third parties.
The Information We Collect and Receive clause in PlayStation's Privacy Policy informs users that the company may collect information about them from third parties when users link their Playstation account to social media or gaming accounts, or when their information is accessible from other users' profiles:
How to Opt Out
Users need to know how to opt out of having their information collected, and what happens when they opt out.
You can include links within your "what information do we collect" clause that take users to a separate page with details about how to manage their preferences, or include a step-by-step description of the opting-out process within the clause itself.
Clicking on the Manage the information we collect about you link in Meta's What Information Do We Collect? clause takes users to its Collection page:
Meta's Data Collection page gives users options to review the information the company has collected from them, learn more about the types of information it collects, learn whether Facebook and Instagram are spying on them, and learn how to delete their information:
Summary
A "what information do we collect" clause is a section of your Privacy Policy that describes the circumstances in which you collect users' personal information and the types of information you collect.
You should have a "what information do we collect" clause in your Privacy Policy to help comply with state and global privacy laws, educate users, and build a culture of transparency and trust in your business.
The GDPR and the CCPA (CPRA) are examples of international and state privacy laws that your business may be required to comply with. These laws require businesses that meet their criteria to inform users about their data collection practices.
To write an effective "what information do we collect" clause, you should make sure that it is clearly written, well-formatted, and contains relevant content. Adding subheadings, bullet points, and short paragraphs to your "what information do we collect" clause can help you to keep readers' attention.
Your "what information do we collect" clause should let users know the circumstances in which you collect their personal information, including:
- When they provide it to you to use your services
- When you automatically collect it through cookies, web beacons, or advertising identifiers
- When you collect it via third parties
You should also let users know how to opt-out of having their personal information collected, and how their use of your services is affected if they choose to opt-out.
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.
