The Data Protection Act (DPA) 2018 is the UK’s updated data protection law which became effective on 25th May 2018 and was recently amended on the 1st January 2021 to reflect the United Kingdom’s exit from the EU. It sits alongside the UK GDPR and replaces the Data Protection Act 1998. The United Kingdom is […]
Even though it is a legal requirement, a privacy notice also demonstrates to your users that you have a transparent process of handling their data and, therefore, worthy of their trust.
The General Data Protection Regulation (GDPR) is the primary privacy law regulating how entities manage user data. In this article, you will learn:
- What is GDPR?
- What are the privacy requirements in the EU, Australia, and Canada?
On this page
What is GDPR?
It safeguards the rights of EU citizens concerning use and control over their data, notwithstanding the entity collecting their data is outside the Union. It provides what these entities must do to safeguard the interests of EU users.
Besides the GDPR, the Organization for Economic Cooperation and Development (OECD) provides guidelines for protecting the privacy and trans border flows of personal data.
The 2013 OECD guidelines guide its 37 member countries on the development of data protection laws and touch on among other areas issues of private data storage, abuse, and unauthorized disclosure of such data. The guidelines also note the importance of supporting the free flow of data for sectors such as banking and insurance.
Both the GDPR and the OECD privacy guidelines work in a complementary function, and more or less have similar provisions. The only difference is that the OECD guides member country laws while the GDPR is more for website/ application owners. Although both are global efforts, the GDPR protects EU residents, while OECD guidelines are cross-cutting as the institution has members from all eight continents.
What Are the Privacy Requirements in Australia, Canada, and the United States?
In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) is the law that protects Canadians against institutions abusing data collected from them. The law requires web and application owners to get users to agree to their data being collected, used, and disclosed.
Institutions collecting data are also required to state how the data will be used and use it according to the stated purpose. The Canadian law establishes the office of a Privacy Commissioner to handle complaints against institutions that misuse personal data.
Yes. Google requires you to have a privacy notice if you’re to access free tools such as Google Analytics, AdWords, and AdSense.
Since you built your web/application for people, you will undoubtedly find analytics useful in helping you organize your online presence. Furthermore, you may also want to promote your website on Google, to expand its reach.
Analytics provides insights on who your users are, what sections of your site they find most useful, where they come from (geography), and your sources of traffic.
You need the privacy notice because to use these tools, as Google needs to monitor and monetize the behaviors of the people who use your platform.
- Explain you do not collect data
- Indicate if you share data with a third parties
Explain That You Do Not Collect User Data
Ecquire does not collect or store any data or messages on their platform. They use their privacy notice to explain how they can stay away from collecting user data.
Indicate If You Share Data With Third Parties
Even though Ecquire doesn’t collect data, they use a third-party analytics tool, which does. In their privacy notice, they indicate the data the third party collects and how they use it.