"What Are Your Privacy Rights" Clause

A Privacy Policy aims to inform users of their rights in relation to the collection of their personal data, and how those rights can be exercised.

To achieve this, your Privacy Policy should provide a clear summary of how you collect users' personal data, what you do with the personal data you collect, and users' rights in relation to this.

The best way to incorporate this into your Privacy Policy is with a "What Are Your Privacy Rights" clause, which this article will explore deeper.

What is a "What Are Your Privacy Rights" Clause?

A What Are Your Privacy Rights clause is a statement summarizing:

• The kind of personal data you collect
• Users' rights in relation to their personal data
• How users can raise any concerns or otherwise exercise their privacy rights

It's mandatory to include a What Are Your Privacy Rights clause in your Privacy Policy under certain legislation.

Is a "What Are Your Privacy Rights" Clause Required in a Privacy Policy?

If you have users in the UK, EU, or California, you are required to inform users of their privacy rights under the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

Regardless of whether it's legally required, including a What Are Your Privacy Rights clause in your Privacy Policy is best practice when it comes to ensuring your users fully understand their data rights.

Including this clause enhances your organization's transparency around data processing, a subject of increasing importance to users. It reassures users that you handle their personal information ethically and responsibly.

How to Incorporate a "What Are Your Privacy Rights" Clause into Your Privacy Policy

You can incorporate a What Are Your Privacy Rights clause in your Privacy Policy in a variety of ways. Like all sections of a Privacy Policy, the key is to ensure it's clearly written and easy for readers to understand.

Here's how Bankuet includes a What Are Your Privacy Rights clause in its Privacy Policy's table of contents:

Users can quickly and easily jump to that part of the Privacy Policy and find out more, as seen in Bankuet's clause below:

If you're including a What Are Your Privacy Rights clause in compliance with UK or Californian data protection laws, you can also directly refer to the relevant legislation.

For example, Claridge's Privacy Notice refers to this clause as "Your California Privacy Rights." It goes on to list five CCPA-specific user rights and provides an email address users can contact to exercise their rights under the CCPA:

Regardless of how you present a What Are Your Privacy Rights clause in your Privacy Policy, it should clearly and succinctly explain users' rights and how they can exercise them. Let's look at that in more detail.

What Information Should a "What Are Your Privacy Rights" Clause Include?

A What Are Your Privacy Rights clause should include the following points of information:

• An explanation of users' privacy rights
• An explanation of how users can exercise their rights
• Information about how you handle cookies, or a link to your Cookies Policy, if applicable

Explanation of Users' Privacy Rights

A What Are Your Privacy Rights clause should clearly set out and explain users' fundamental privacy rights in relation to their personal information.

For example:

• Users have eight rights under the GDPR including the right to be informed, the right to request their information be deleted, and the right to access their personal information.
• Users have five rights under the CCPA including the right to know what personal information is being collected and how it's being used and the right to opt-out of the sale of their personal information.

This information can be presented in several different ways.

In its What Are Your Privacy Rights clause, Quitain lists users' rights in a table format with a detailed explanation of each right:

In comparison, Modo's Privacy Policy includes a concise but comprehensive bullet-point list of users' data rights:

MullenLowe Profero's "What Are Your Privacy Rights" clause includes a brief statement of the users' main data protection rights under the GDPR:

As you can see, you can format this section as you wish, as long as it clearly informs users about their rights under your Privacy Policy.

How Users Can Exercise Their Rights

Your What Are Your Privacy Rights clause should also tell users how they can exercise these rights in relation to their data. This includes correcting and accessing personal information as well as opting out of the sharing or sale of their personal information.

Oracle does this by providing a link to a form where users can contact Oracle's Privacy Team with their concerns or personal data requests:

Hologo has a separate clause for California residents and informs them of how to exert their rights by submitting a request in writing to the provided contact information:

Verbolia explains how European users can make a complaint to their local data protection supervisory authority:

Including an email address in your What Are Your Privacy Rights clause that users can contact with any privacy-related issues, complaints, or requests would also be sufficient.

Your Cookies Policy

If your site collects cookies, you must notify users of this, and inform them that they can opt out of this. A What Are Your Privacy Rights clause is a good place to do this, especially if you don't have a separate standalone Cookies Policy.

The Millennial Money Woman includes a short paragraph explaining its use of cookies and providing a link for users to opt out:

Summary

If your site or service has users in the UK, EU, or California, you're legally required to include a What Are Your Privacy Rights clause in your Privacy Policy. Even where it's not mandatory, doing so ensures users are fully informed about their data rights when engaging with your site or service.

A What Are Your Privacy Rights clause should use clear and simple language to explain users' privacy rights, how they can exercise their rights, and your Cookies Policy.