Privacy Policy
Why you Need a Privacy Policy
Companies or websites that handle customer information are required by law and third parties to publish their Privacy Policies on their business websites. If you own a website, web app, mobile app or desktop app that collects or processes user data, you most certainly will have to post a Privacy Policy on your website (or give in-app access to the full Privacy Policy agreement).
Privacy is not a new concept. Humans have always desired privacy in their social as well as private lives. But the idea of privacy as a human right is a relatively modern phenomenon.
Around the world, laws and regulations have been developed for the protection of data related to government, education, health, children, consumers, financial institutions, etc.
This data is critical to the person it belongs to. From credit card numbers and social security numbers to email addresses and phone numbers, our sensitive, personally identifiable information is important. This sort of information in unreliable hands can potentially have far-reaching consequences.
There are several reasons for a website to post its Privacy Policy agreement on its website.
Here are some of the main reasons:
Required by the law
Required by third party services
Increases Transparency
Let's take a look at each of these reasons in more depth.
A Privacy Policy is Required by the Law
For individuals to feel comfortable sharing their personal information on the internet, there should be some sort of legal responsibility on businesses to protect that data and keep the users informed about the status and health of their information.
Countries around the world have realized the need to protect their citizens' data and privacy. Businesses and websites that collect and/or process customer information are required to publish and abide by a Privacy Policy agreement.
A majority of countries have already enacted laws to protect their users' data security and privacy. These laws require businesses to obtain explicit consent from users whose data they will store or process.
A few of these laws include the following:
CalOPPA in the USA
GDPR in the EU
PIPEDA in Canada
For a business or a website that collects and processes user information in a certain region or country, it is very important to have complete knowledge of the data and privacy protection laws enforced in that region and the region your customers and end users are in. Non-compliance with these laws can result in hefty fines or even prosecution against the violator.
In some cases, businesses have to follow laws specific to states or regulations specific to industries.
For example, here's how General Motors complies with CalOPPA in the US by including a California-specific section in its Privacy Policy:
General Motors California Privacy Policy clause
General Motors informs its California users of their rights through its Privacy Policy as required by CalOPPA.
If your website/app reaches users around the world, regardless of where you're located or headquartered, you'll need to make sure you follow privacy laws in all applicable countries you reach.
While data protection and privacy laws differ from region to region, a Privacy Policy must comprehensively inform its users about how their data will be used.
For example, the GDPR is currently the most robust privacy legislation in the world and one of its main requirements for any business that falls under its jurisdiction is to have a GDPR-compliant Privacy Policy that contains some very specific information and is written in an easy-to-understand way.
Whether your website is a self-help blog or a game hosted at Google Play, it is your responsibility to give your end users complete information about how any associated third-parties will collect and process their data and (if possible) to what purpose.