Privacy Policy FAQs

Here are some questions that are commonly asked about Privacy Policies. They relate to when they're required, what makes a Privacy Policy different from some other common legal agreements and general information on Privacy Policy content and format.

What is a Privacy Policy?

A Privacy Policy is a legal document or statement that informs users about the data being collected from them, how that data is used, and what rights they have regarding their data.

In the US, EU, Canada, Australia, and other countries, there are legal obligations to have a Privacy Policy and disclose this information to your users. These laws are designed to protect customers' and clients' privacy and personal information.

Anything that could be used to identify an individual, such as name, date of birth or email address falls under the category of legally protected personal information in the eyes of the law.

Therefore, businesses will post a Privacy Policy on their websites that describes the policies of how they collect, use, and secure personal information they collect. This includes declaring what information is collected, if that information is shared or sold, and what measures are taken to keep it safe.

What laws regulate the requirements for a Privacy Policy?

There are many laws concerning Privacy Policies depending on the state and country of your company or your users. For example, CalOPPA sets forth regulations for websites that collect information from residents of California. This means that even if your company or website is not based out of California, you must comply with these rules if you have users who reside there.

The major laws regarding Privacy Policies in the United States are:

  • The California Online Privacy Protection Act of 2003 (CalOPPA)
  • The Children's Online Privacy Protection Act (COPPA)
  • The Children's Internet Protection Act of 2001 (CIPA)
  • The Computer Fraud and Abuse Act of 1986 (CFAA)
  • The Americans with Disability Act (ADA)
  • The Cable Communications Policy Act of 1984
  • The Gramm-Leach-Bliley Act
  • The Computer Security Act of 1997
  • The Health Insurance Portability and Accountability Act (HIPAA)
  • The Consumer Credit Reporting Control Act

Outside of the US, some of the major Privacy Policy laws for are as follows:

  • The Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada
  • The Data Protection Act 1998 (DPA) in the UK
  • The Privacy Act 1988 of Australia
  • The Information and Technology Act 2000 (IT Act 2000) of India
  • The General Data Protection Regulation (GDPR) in the EU
  • The Data Protection Directive (Directive 95/46/EC) in the EU which attempts to combine the internet privacy laws of various member states including:
    • The Federal Law on Data Protection of 1992 in Switzerland
    • The Act on Processing of Personal Data of 2000 in Denmark
    • The Data Protection Act of 1978 in France
    • The Federal Data Protection Act of 2001 in Germany
    • The Data Protection Code of 2003 in Italy
    • The Personal Data Act of 2000 in Norway

Can I request the email address of a customer without a Privacy Policy?

No, because an email address is considered personal information.

Collecting any sort of personal identifying information from a user requires you have a Privacy Policy. Even information as simple as a name or email address counts. In fact, most email newsletter services even require you to have a Privacy Policy before you are able to utilize their services.

While you may not think an email address is enough to personal information to identify someone or compromise their privacy, the laws are very strict about the collection of ANY personal information, regardless of how you plan to use it.

Where should I place my Privacy Policy on my website?

In most cases your Privacy Policy needs to be easy to find and easily accessible. In order to comply with the more stringent regulations such as CalOPPA, your safest bet is to have your Privacy Policy "conspicuously" placed on the homepage and elsewhere.

Most major websites include a link to their Privacy Policy in the footer of every page.

Privacy Policy in Footer of Apple.com

It is also not a bad idea to include a link to your Privacy Policies on FAQ or account settings sections, and with any forms where you collect user information.

You want your Privacy Policy to be apparent and accessible, without being inconvenient or annoying to track down.

Where should I place my Privacy Policy in my mobile app?

Place your Privacy Policy within a menu in your app such as the "settings" or "about" menus.

Your Privacy Policy can exist within the app itself or simply be a link to your website where your Privacy Policy currently exists online.

In addition to having your Privacy Policy accessible through your app, most app stores will also require you to have your Privacy Policy available for users to read BEFORE they decide to download your app. Include it in your app store listing.

How should I structure my Privacy Policy?

Structure your Privacy Policy in a way that's easy to read and understand, and includes all the necessary information. Aside from that, it's really up to you how you format and structure your Policy. Some companies use a lot of bulleted lists, while others use bigger blocks of text. Others include Table of Content links, while some companies just have one long document.

What is the difference between a Privacy Policy and a Disclaimer?

A Privacy Policy and a Disclaimer serve two very different purposes, though the concept is similar (though the roles are reversed).

A Privacy Policy protects users by informing them what the website or app does with their information.

A Disclaimer protects the website or app owner by informing the user that the website or app is not responsible for how the user might use the information provided on the website or within the app.

What is the difference between a Privacy Policy and a Terms & Conditions?

A Privacy Policy declares the practices of the app or website involving the collection and use or personal data by a user. A Terms & Conditions sets the rules and agreements needed for the customer or client to use a website or app. This may include agreeing to a Privacy Policy, copyrights, trademarks, and limitations of liability.

A Terms & Conditions is essentially the rules of your website or app. This is considered a legal agreement where if you use the website or app, you agree to these rules.

The rules included in a Terms & Conditions can cover everything from pointing out what is copyrighted and trademarked material to disclosing information about functions of the app or website in order to limit liability.

For example, stating that you are not responsible for user comments on your website lets other users know that they may encounter comments that you are not responsible for and should proceed only if they accept that risk.

While Terms & Conditions are not required by law, they are essential to protect yourself in situations such as these.

What is the difference between a Privacy Policy and a Cookies Policy?

A Privacy Policy declares how users' personal data is collected and used. A Cookies Policy declares how cookies are used. A Cookies Policy or Cookies Clause might be included within a Privacy Policy, depending on the governing jurisdiction.

The EU Cookies Law states that websites must have a Cookies Policy section that is distinct and separate from the Privacy Policy.

If you operate out of the EU or serve clients or customers within the EU, you will need to comply with these regulations.

If, however, you operate out of the US and do not serve clients or customers in the EU, a Cookies Clause within a Privacy Policy is a more common practice. Consider, however, your future plans to expand to EU markets as it may be easier to comply with EU cookie regulations from the outset instead of having to change things in the future.

What if my site links to other sites or uses third-parties with different policies?

If your app or website uses third-party software, third-party analytics, or is partnered with a third-party that may collect data from your users, you should declare this and inform you users who that third-party is and notify them that their Privacy Policy may differ from yours.

Below is an example from WikiHow:

Privacy Policy of WikiHow: Third Party Links Clause

It is a good idea to point your users in the direction of the third-party's website where they can find their Privacy Policy and decide whether they are comfortable with the practices of the third-party in regards to your app or website.