If your audience includes children, you may also need to explain your practices with respect to collecting data from minors. Furthermore, there are specific privacy regulations for vendors and other specific types of websites, and you could get in real trouble for failing to notify your users properly. Cookies, IP addresses, email addresses, login credentials, location data, and phone numbers are some of the pieces of information that commonly are collected by websites and online stores.
Internet cookies are text files that store information that allows a website to remember you as a unique user. If you log into a website, for example, a cookie may be used to keep you logged in the next time you visit.
GDPR, CalOPPA, and COPPA
The General Data Protection Regulation (GDPR), California Online Privacy Protection Act (CalOPPA), and Children’s Online Privacy Protection Act (COPPA) are three major regulations governing online privacy. If you’re running or planning to set up a website, it’s critical to learn about these laws and how they’re relevant to your site to avoid fines and other regulatory penalties.
The European Union’s GDPR covers businesses and websites that collect data from residents of the EU. The GDPR applies to location and identity data as well as other information, including sexual orientation, race, ethnic origin, and political opinions.
You can be fined up to €20 million (approximately $24 million) or as high as 4 percent of your overall revenue — whichever number is higher — if your website is found to violate GDPR guidelines. Check out the GDPR compliance checklist for United States companies for more information about avoiding GDPR penalties.
CalOPPA is a similar regulation that applies to websites that collect information from anyone who lives in California. The U.S. tends to leave most privacy legislation to individual states, and California has long been known for having some of the strictest digital privacy regulations in the entire country.
COPPA is an American law covering websites that target an audience of children age 13 or younger. Sites geared toward children face many additional restrictions. For example, they generally have to obtain consent from a parent or guardian before collecting any data from a child.
If your site is governed by COPPA, you’ll also need to take steps to avoid unnecessary data collection and delete any information you collect promptly when it’s no longer needed. Parents must be given reasonable access to the account to review the child’s information, prevent further information gathering, and request deletion of any previously collected data.
With so many terms and conditions generators out there, it can be hard to tell which one is best for your website. While it’s tough to recommend any particular provider for every site, these five stand out from the competition in terms of flexibility, ease of use, and overall value.
With TermsFeed, it’s easy to generate privacy policies as well as terms and conditions, end-user license agreements (EULAs), legal disclaimers, return and refund policies, and other common forms. Furthermore, it’s entirely free to use, although there’s a charge for app privacy policies as well as some clauses that aren’t available to free users.
If you use Google Analytics or a similar tracking tool, collect social media data, sell products online, show ads, use invisible reCAPTCHA, advertise through remarketing services, or show ads on your site, you’ll need to pay extra for the corresponding TermsFeed clause. Specific wording for California Consumer Privacy Act (CCPA), GDPR, CalOPPA, COPPA, or other privacy laws also comes at an additional cost.
Overall, TermsFeed is ideal for websites, apps, e-commerce stores, Facebook apps, software as a service (SaaS) apps, and a wide range of other settings. If you use TermsFeed to generate privacy policies or any other forms, you’ll only pay a one-time fee for any premium services you request. You won’t have to worry about any ongoing charges, which makes TermsFeed significantly more convenient than providers that charge recurring fees.
How and Why Data Is Collected
If you give users the option to create an account with an email or phone number, for example, it should be clear that they only need to provide one. For anything other than login credentials, make sure to include a short note of what each data point is used for and how sharing their information helps improve the user experience.
Data Sharing Practices
In addition to your own data collection and usage, your users want to know who else could end up with access to their information after they give it to you. There are several good reasons to share customer data with third parties, including product recommendations, marketing analytics, and more effective service from any providers you partner with.
Generally, websites that are bound by privacy laws should include targeted clauses to stay in compliance with all relevant regulations. Some providers offer preset clauses for common regulations like CalOPPA, GDPR, and COPPA, making it easy to avoid regulatory penalties without writing the policy yourself.
Finally, make sure to explain what rights your users have over their personal information and highlight any exceptions or restrictions that they should be aware of. GDPR, for example, generally requires websites to give users the right to be forgotten and have their data removed without undue delay, which typically means about one month.