To collect data from users, by law, your website will likely need to explain how it gathers data from users and what it does with that information.
For example, you will typically be required by law to mention how:
- You use the data collected
- Information of minor’s is treated
- Medical data is used
- Financial data is used
There are different laws and guidelines depending on your website, the information, you gather and the location of your users, which can affect how you create your business document.
For example, you may want to use an ecommerce Privacy Policy template instead of an app Privacy Policy template if you run an internet-based retail site.
Privacy Policy Requirements in U.S.
In the United States, data protection laws consist of a variety of state-specific and demographic-focused regulations, rather than a single federal law.
The following are some key Privacy Policy laws that should be followed:
Children’s Online Privacy Protection Act (COPPA)
COPPA (15 U.S.C. 6501) requires websites that collect information from children under 13 to obtain parental consent prior to gathering any personal data, applicable regardless of the site’s general audience.
California Online Privacy Protection Act (CalOPPA)
This law demands that any website collecting data from California residents must clearly display a Privacy Policy, ensuring that “privacy” is explicitly mentioned within the notice.
California Consumer Privacy Act (CCPA)
The CCPA enhances protections for California residents and applies to businesses with over $25 million in annual revenues, those handling data of more than 50,000 California consumers, or deriving over 50% of their revenues from selling their data.
International Privacy Policy Laws
International data protection laws may also govern your website’s online Privacy Policy.
One notable example is the General Data Protection Regulation (GDPR) from the EU, which significantly influences privacy legislation worldwide.
To comply with the key requirements of the GDPR you must:
- Process personal data legally, fairly, and transparently
- Only collect data for specified, explicit, and legitimate purposes
- Keep personal data accurate and up-to-date
- Only collect data that is necessary
- Maintain the security of your user’s personal data
If you must follow these international requirements, your Privacy Policy should be clear, concise, and accessible, written in plain language, and provided free of charge.