But what are the privacy law requirements in different regions? Let's find out.
Privacy Laws Are Legally Required
Examples of personal information include names, email addresses, phone numbers, bank details, social security numbers, billing and shipping addresses, date of birth, etc.
The privacy policies cover the following areas:
- The type of information collected by the app or site
- Data storage, access, and security
- Details of data transfers
- The purpose of data collection
- Affiliated organizations and websites (including third-parties)
Privacy Laws in the US
In the United States, you'll find different types of laws, including state and federal laws that have provisions for personal information privacy.
The FTC (Federal Trade Commission) regulates data protection for all United States consumers. The following laws in the United States also have privacy implications:
- The Children's Online Privacy Protection Act (COPPA)
- The Computer Security Act of 1997
- The Consumer Credit Reporting Control Act
- The California Consumer Privacy Act (CCPA)
- The Computer Fraud and Abuse Act of 1986
- The Americans With Disability Act
- The Cable Communications Policy Act of 1984
- The California Online Privacy Protection Act (CaIOPPA)
CaIOPPA regulation offers protection for personal data that websites collect from California residents.
CaIOPPA is a state law and not federal law. However, it can affect your website no matter where you operate from, provided the website attracts California citizens.
The law also classifies "personally identifiable data" as:
- First and last names
- Physical addresses
- Social security numbers
- Telephone numbers
- Details of physical appearance, including weight, height, and hair colour
- Any other data shared online that can identify an individual
- Anu other contact information that you share with a business online or physically
Some laws require websites to include a "Do not track" clause. The clause is a setting that you can activate on some browsers to block behavioural tracking from third parties such as Adwords and Google.
CaIOPPA doesn't make it mandatory for your site or business to follow a DNT request. However, the law requires the website to inform its users whether it will follow a DNT request or not.
Privacy Policies in the EU
Since 1995, the European Union Data Protection Directive has been enforced. The directive was replaced on May 25, 2018, by the General Data Protection Regulation (GDPR).
The GDPR requires that:
- All the personal data should be handled in an ethical manner
- Data should only be collected for predetermined reasons, and the information should only be used for those reasons
- Data should be accurate and updated
- The company is responsible for its GDPR through the appointment of a Data Protection Officer
- The user should have the ability to reach the website collecting the data
- Users should be advised of their rights under the GDPR. These include the rights to access their personal data, update, and request the removal of their data
- There will exist a supervisory body to deal with users complaints from users, and the contact information of the supervisory body should be provided
- Users should be made aware of their personal data is to be shared with any affiliated organizations and third parties. The user should also be informed if their data is to be transferred outside of the EU
- The GDPR also requires the website to provide any other information the user requires to ensure fair processing of their personal information
The GDPR is a significant change in data protection for businesses based in the EU and foreign businesses that collect personal data from EU residents. The regulation is much stricter and carries greater penalties if you are not compliant.
Privacy Laws in Canada
Privacy Laws in Australia
The Australian Privacy Act, 1988 requires all websites collecting personal information in the country to have a data policy.
Privacy Laws in the UK
The Data Protection Act (DPA) protects personal data in the UK.
It features 8 core principles of data protection. All companies that collect personal data online in the UK should adhere to the 8 core principles.
Privacy Policies Required by Third-parties
Many websites use third-party service providers to enhance their performance. These include advertisement plug-ins, payment platforms, etc.
- The policy must state the use of Google Analytics to track user online behaviour
- It should explain how data is collected and processed
The policy should be put at a prominent location on the website, such as the main menu or web footer.
If you use Google Analytics advertising tools, you need to meet further requirements. The advertising features covered by the additional requirements include:
- Remarketing or retargeting
- Google Analytics Demographics and Interest Reporting
- Google Display Network Impression Reporting
- It should also include instructions on how users can use Google's Ad Settings to opt-out of the Google Analytics Advertising features
- The advertising tools you use in your business, including how and why you use the features
- Information on double-click cookies
- Information about third-parties using cookies to display ads depending on users previous growing behaviour
- Instructions on how users can use the Google AdSense settings to opt-out of the use of the double-click cookies