If it seems that everyone is updating their privacy policies, it’s because they are. Companies update their privacy policies in order to be compliant with the data protection laws and to inform users of their rights and how their data is collected, stored and used. Among the latest are GDPR and CCPA, both laws increase […]
If it seems that everyone is updating their privacy policies, it’s because they are. Companies update their privacy policies in order to be compliant with the data protection laws and to inform users of their rights and how their data is collected, stored and used. Among the latest are GDPR and CCPA, both laws increase the need for transparency surrounding personal data and ensuring users are aware of their rights.
On this page
- The name of the website or company
- the types of personal data that is collected
- how this personal data is collected and stored
- the reason for the collection of personal data
- how the website or company will use personal data
- how the user can access their personal data or ask for a correction
- how the user can lodge a complaint
- the users rights
Let’s take a brief look at each of these data protection laws. For more detailed information please follow the links to individual articles which will go into further detail.
GDPR stands for General Data Protection Regulation. It is an European Union privacy law which protects the personal data of residents of the EU. Companies and websites privacy policies need to include the following to be GDPR compliant:
- your company contact details contact details of your data protection officer if you have one
- a list of data protection rights of your users
- the right for your user to withdraw consent at any time
- the right for your user to lodge a complaint with a supervisory authority if required
- if you have an automated decision making system implemented, then details about how the system is set up and what the consequences of this system are.
- what personal data is collected
- your companies reason for processing personal data
- the length of time that personal data is retained
- who personal data is shared with, if any other party
CCPA stands for the California Consumer Privacy Act. It is a privacy law which protects the rights and personal data of the residents of California. Companies and websites who collect personal data from the residents of California will need to include the following privacy rights in their privacy policies :
- the right to know
- the right to delete
- the right to opt out
- the right to non discrimination
CalOPPA stands for California Online Privacy Protection Act, a privacy law which made posting privacy policies online mandatory.
- easy to read format
- disclose personal data that you collect
- provide links to privacy policies of third parties that you share personal information with
- inform users of their rights and choices
- provide contact details
- explain how you respond to “Do Not Track” signals
- clearly label your stance on online tracking, for example “California Do Not Track Disclosures”
- list any third parties that may collect personal information while on your site.
COPPA stands for Children’s Online Privacy Protection Rule, which is a privacy act which the primary goal protecting the personal information of children under the age of 13.
If your website is directed at children 3 years or younger then the following applies:
- outline what personal information is collected
- outline why the personal information is collected and what it is used for
- explain how you maintain the confidentiality, security, and integrity of information you collect from children
PIPEDA stands for Personal Information Protection and Electronic Documents Act. It is a privacy law which apples to private sector businesses in Canada.
- what personal data you collect
- the purpose for the collection of personal data
- explain how the personal data has been used
- what are the risks of harm or other consequences of collecting the personal data
- what third parties, if any, the personal data is shared with
Australian Privacy Act 1988
The Australian Privacy Act of 1988 is a privacy law which help to protect the privacy of Australian residents and their personal data.
- your business name and contact details
- what personal data you collect
- how you collect personal data
- why you collect personal data
- how you use the personal data you collect
- disclose if you share personal data with a third party
- if so what third parties
- disclose any parties outside of Australia that you share personal data with
- how can your users access their personal data
- how can your users lodge a complaint if they think you have mishandled their personal data