Privacy Law: A quick look at the major online privacy laws (part 1)

Online privacy laws regulate and standardize the storing and using of personally identifiable information of individuals. This information is usually collected by entities like governments, big businesses, organizations or other individuals operating as contractors of sole traders.

Let’s take a look at some of the major privacy laws around the globe.


…be mindful of these laws when while drafting your privacy policy statement.

Three privacy laws We’re reviewing:

  1. GDPR
  2. CaLOPPA
  3. CCPA

GDPR (General Data Protection Regulation)

The General Data Protection Regulation is an European Union (EU) privacy law on data protection and privacy for all individual citizens of the EU and the European Economic Area (EEA). This privacy law aims to protect the privacy and use of the EEA resident’s personal data in an increasingly digital world. 

The GDPR states that companies/websites need to comply with the following in relation to their users personal information:

  • the right to information
  • the right to access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • rights to automated decision making including profiling

For further information check out :

CalOPPA (California Privacy Rights)

The California Civil Code permits residents of California to request information regarding the disclosure of their personal information to third parties for direct marketing purposes. It also permits requests from residents, who are users of your site, under the age of 18 years, to and have content or information they have posted publicly removed.

For further information check out:

CCPA (California Consumer Privacy Act)

CCPA applies to your business if one or more of these apply to your business:

  • Has an annual gross revenues in excess of $25 million;
  • Buys, receives, or sells the personal information of $50,000 or more consumers or households; or
  • Derives more than half of its annual revenue by selling consumers’ personal information.

This privacy law intends to strengthen the privacy of California residents by providing them with a right to:

  • Know what personal data is being collected about them.
  • Know whether their personal data is sold or disclosed and to whom.
  • Say no to the sale of personal data.
  • Access their personal data.
  • Request a business to delete any personal information about a consumer collected from that consumer.
  • Not be discriminated against for exercising their privacy rights.

For more information, see the official fact sheet:

How to be compliant with privacy laws

A great solution to have your business compliant with the global privacy laws is to have a privacy policy statement on your website. The Privacy Policy should declare your businesses’ policy on how it deals with the data collected from users.

A privacy policy is a legal document which outlines the data you collect from your users, what this data is used for, where it is stored and what third parties it is shared with, if at all. 

More specifically it should include the following:

  • the personally-Identifying information (PII) that you collect
  • the non personally-identifying information you collect
  • where you share the PII (if at all)
  • what information you gather by the use of cookies
  • what type of cookies you use and options for you to opt out of cookie tracking.
  • contact information so you can answer any queries and your users can request their information if desired.

Personal information that may be collected:

  • Full Name
  • Residential and Mailing Address
  • Date of Birth
  • Phone Number
  • Email address
  • Passport Number
  • Drivers License
  • Bank Account Details

Write in as basic language as possible, so that it can be easily understood by your users.

Why you should have a privacy policy

Your website needs a Privacy Policy as required by law. When you collect personal information from your users, in any manner through your website, then you must have a Privacy Policy agreement.

Each country has its own laws regarding privacy policies. But with the far reaching spread of the internet, it is very likely some of your customers or users will be from countries outside your own. For this reason make a privacy policy needs to contains information on the GDPR (General Data Protection Regulation) and CalOPPA (California Privacy Rights)

A well written privacy policy is important for your website. Be prepared to stand by your agreement and have measures in place to protect your users confidential information.

Disclaimer: This article is not a substitute for legal advice, nor does it attempt to offer legal advice, it is for information purposes only. 

Your Legal Toolkit

Latest Articles

Privacy Policy for Google Adsense

How does a Privacy Policy meet the requirements for Google Adsense? If you wish to use Google Adsense on your website, you need to comply with Google’s Privacy and Security required content as set out below. “Your privacy policy should include the following information: Third party vendors, including Google, use cookies to serve ads based […]


The California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA) are both California state laws. Both of these acts are in place to protect the personal information of residents of California. Let’s take a look at the similarities and differences between these two acts. Listen to this article in audio format […]

Why is Everybody Updating Their Privacy Policy?

If it seems that everyone is updating their privacy policies, it’s because they are. Companies update their privacy policies in order to be compliant with the data protection laws and to inform users of their rights and how their data is collected, stored and used. Among the latest are GDPR and CCPA, both laws increase […]