Privacy Law: A quick look at the major online privacy laws (part 1)

Online privacy laws regulate and standardize the storing and using of personally identifiable information of individuals. This information is usually collected by entities like governments, big businesses, organizations or other individuals operating as contractors of sole traders.

Let’s take a look at some of the major privacy laws around the globe.


…be mindful of these laws when while drafting your privacy policy statement.

Three privacy laws We’re reviewing:

  1. GDPR
  2. CaLOPPA
  3. CCPA

GDPR (General Data Protection Regulation)

The General Data Protection Regulation is an European Union (EU) privacy law on data protection and privacy for all individual citizens of the EU and the European Economic Area (EEA). This privacy law aims to protect the privacy and use of the EEA resident’s personal data in an increasingly digital world. 

The GDPR states that companies/websites need to comply with the following in relation to their users personal information:

  • the right to information
  • the right to access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • rights to automated decision making including profiling

For further information check out :

CalOPPA (California Privacy Rights)

The California Civil Code permits residents of California to request information regarding the disclosure of their personal information to third parties for direct marketing purposes. It also permits requests from residents, who are users of your site, under the age of 18 years, to and have content or information they have posted publicly removed.

For further information check out:

CCPA (California Consumer Privacy Act)

CCPA applies to your business if one or more of these apply to your business:

  • Has an annual gross revenues in excess of $25 million;
  • Buys, receives, or sells the personal information of $50,000 or more consumers or households; or
  • Derives more than half of its annual revenue by selling consumers’ personal information.

This privacy law intends to strengthen the privacy of California residents by providing them with a right to:

  • Know what personal data is being collected about them.
  • Know whether their personal data is sold or disclosed and to whom.
  • Say no to the sale of personal data.
  • Access their personal data.
  • Request a business to delete any personal information about a consumer collected from that consumer.
  • Not be discriminated against for exercising their privacy rights.

For more information, see the official fact sheet:

How to be compliant with privacy laws

A great solution to have your business compliant with the global privacy laws is to have a privacy policy statement on your website. The Privacy Policy should declare your businesses’ policy on how it deals with the data collected from users.

A privacy policy is a legal document which outlines the data you collect from your users, what this data is used for, where it is stored and what third parties it is shared with, if at all. 

More specifically it should include the following:

  • the personally-Identifying information (PII) that you collect
  • the non personally-identifying information you collect
  • where you share the PII (if at all)
  • what information you gather by the use of cookies
  • what type of cookies you use and options for you to opt out of cookie tracking.
  • contact information so you can answer any queries and your users can request their information if desired.

Personal information that may be collected:

  • Full Name
  • Residential and Mailing Address
  • Date of Birth
  • Phone Number
  • Email address
  • Passport Number
  • Drivers License
  • Bank Account Details

Write in as basic language as possible, so that it can be easily understood by your users.

Why you should have a privacy policy

Your website needs a Privacy Policy as required by law. When you collect personal information from your users, in any manner through your website, then you must have a Privacy Policy agreement.

Each country has its own laws regarding privacy policies. But with the far reaching spread of the internet, it is very likely some of your customers or users will be from countries outside your own. For this reason make a privacy policy needs to contains information on the GDPR (General Data Protection Regulation) and CalOPPA (California Privacy Rights)

A well written privacy policy is important for your website. Be prepared to stand by your agreement and have measures in place to protect your users confidential information.

Your Legal Toolkit

Latest Articles

What is the Data Protection Act 2018?

The Data Protection Act (DPA) 2018 is the UK’s updated data protection law which became effective on 25th May 2018 and was recently amended on the 1st January 2021 to reflect the United Kingdom’s exit from the EU. It sits alongside the UK GDPR and replaces the Data Protection Act 1998. The United Kingdom is […]

Where to put a Privacy Policy on your Website?

A Privacy Policy is a legal requirement for any business or website, but where should you put your Privacy Policy on your website? To be compliant with a number of International laws, including GDPR, CalOPPA and Australian Privacy Act 1988, your privacy policy is required to be in a prominent, easily located place on your […]

3 Reasons Your Website Needs a Privacy Policy

Whether you own a website, blog or eCommerce store you may find yourself wondering, do I need a privacy policy? The short answer is, if you collect personal data from your readers or users in any form, then yes you do need a privacy policy. The three most important reasons you will require a privacy […]