Privacy Policy Requirements

Do you want to create a website for your company? If yes, why do you need a privacy policy?

There are various reasons why you require to post a privacy policy. First, it gives the users the confidence to share their personally identifiable information as they believe it is secure.

You also need a privacy policy for your website as it is a requirement by law. Global privacy laws require you to collect personal information to have a privacy policy to enhance privacy protection.

But what are the privacy law requirements in different regions? Let's find out.

Privacy Laws Are Legally Required

Privacy laws ensure you have a privacy policy on your website before collecting personal information from visitors. If you have a mobile app, you should have a privacy policy for it as well.

Additionally, you may have third-party apps that help to enhance the performance of your website. Such third-party apps can include advertisement plug-ins, payment processing tools, and analytics suites. The apps also require you to have a privacy policy.

Examples of personal information include names, email addresses, phone numbers, bank details, social security numbers, billing and shipping addresses, date of birth, etc.


The privacy policies cover the following areas:

  • The type of information collected by the app or site

  • Data storage, access, and security

  • Details of data transfers

  • The purpose of data collection

  • Affiliated organizations and websites (including third-parties)

  • Use of cookies by the website

So, what are some of the global privacy policy laws?

Privacy Laws in the US

In the United States, you'll find different types of laws, including state and federal laws that have provisions for personal information privacy.

phone security on

The FTC (Federal Trade Commission) regulates data protection for all United States consumers. The following laws in the United States also have privacy implications:

  • The Children's Online Privacy Protection Act (COPPA)

  • The Computer Security Act of 1997

  • The Consumer Credit Reporting Control Act

  • The California Consumer Privacy Act (CCPA)

  • The Computer Fraud and Abuse Act of 1986

  • The Americans With Disability Act

  • The Cable Communications Policy Act of 1984

  • The California Online Privacy Protection Act (CaIOPPA)
books and a hammer


CaIOPPA regulation offers protection for personal data that websites collect from California residents.

CaIOPPA is a state law and not federal law. However, it can affect your website no matter where you operate from, provided the website attracts California citizens.

green checkbox

According to CalOPPA, a website should have a clearly visible and accessible privacy policy.

The law also classifies "personally identifiable data" as:

  • First and last names

  • Physical addresses

  • Social security numbers

  • Telephone numbers

  • Birthdates

  • Details of physical appearance, including weight, height, and hair colour

  • Any other data shared online that can identify an individual

  • Anu other contact information that you share with a business online or physically

Some laws require websites to include a "Do not track" clause. The clause is a setting that you can activate on some browsers to block behavioural tracking from third parties such as Adwords and Google.

CaIOPPA doesn't make it mandatory for your site or business to follow a DNT request. However, the law requires the website to inform its users whether it will follow a DNT request or not.

blue map

According to CaIOPPA, a compliant privacy policy should contain the word "privacy," It should be clearly visible and easily accessible by website or app users.

Privacy Policies in the EU

Since 1995, the European Union Data Protection Directive has been enforced. The directive was replaced on May 25, 2018, by the General Data Protection Regulation (GDPR).

The European Union Data Protection Directive was used to regulate how personal information was gathered and handled, and protected from being misused. It demanded all companies operating in the EU to have a privacy policy.

On the other hand, the GDPR requires all companies operating in the EU to have a GDPR compliant privacy policy. The requirement also includes foreign companies that handle the personal information of people that live in the EU.


The GDPR requires that:

  • All the personal data should be handled in an ethical manner

  • Data should only be collected for predetermined reasons, and the information should only be used for those reasons

  • Data should be accurate and updated

  • The company is responsible for its GDPR through the appointment of a Data Protection Officer

  • The user should have the ability to reach the website collecting the data

  • Users should be advised of their rights under the GDPR. These include the rights to access their personal data, update, and request the removal of their data

  • There will exist a supervisory body to deal with users complaints from users, and the contact information of the supervisory body should be provided

  • Users should be made aware of their personal data is to be shared with any affiliated organizations and third parties. The user should also be informed if their data is to be transferred outside of the EU

  • The GDPR also requires the website to provide any other information the user requires to ensure fair processing of their personal information

There are several factors to consider for your GDPR compliance plan. One of the essential factors to consider includes a GDPR compliant data privacy policy.

eu flag with padlock

You need to obtain active consent from users before using their personal data and other personal information, and the privacy policy should be easily accessible.

The GDPR is a significant change in data protection for businesses based in the EU and foreign businesses that collect personal data from EU residents. The regulation is much stricter and carries greater penalties if you are not compliant.

Privacy Laws in Canada

Canada also has a law that requires companies to have a data privacy policy. The Canada Personal Information Protection and Electronic Documents Act (PIPEDA) helps to protect personal data collected from Canadian citizens.

purple and gray

If your website operates under the scope of PIPEDA, you should be familiar with its requirements and ensure your privacy policy meets the standards.

Privacy Laws in Australia

The Australian Privacy Act, 1988 requires all websites collecting personal information in the country to have a data policy.

Of the privacy law's key features are the 13 privacy principles that govern how personal data is gathered and processed. All businesses are required to have an up-to-date privacy policy, and the business should open and transparent about their data collection activities.

laptop cyber security

Privacy Laws in the UK

The Data Protection Act (DPA) protects personal data in the UK.

It features 8 core principles of data protection. All companies that collect personal data online in the UK should adhere to the 8 core principles.

data shield

Privacy Policies Required by Third-parties

Many websites use third-party service providers to enhance their performance. These include advertisement plug-ins, payment platforms, etc.

Most third-party service providers require that the website they are working with provides a privacy policy.

If your website uses third-party services such as Google Analytics and Google AdSense to track user browsing behaviour and location data, you need to have a privacy policy.

new website

Google Analytics 

Google Analytics uses cookies to track user online behaviour and collect personal data. If you use Google Analytics, you should update your privacy policy to satisfy the Google Analytics terms of service.

Google Analytics Privacy Policy must:

  • The policy must state the use of Google Analytics to track user online behaviour

  • It should explain how data is collected and processed

  • Inform the user of the use of cookies

The policy should be put at a prominent location on the website, such as the main menu or web footer.


You should also have a banner or pop-up Cookie Consent Notice that will alert website visitors of the use of cookies on the website. It also allows the users to block the use of the cookies if they so wish.

If you use Google Analytics advertising tools, you need to meet further requirements. The advertising features covered by the additional requirements include:

  • Remarketing or retargeting

  • Google Analytics Demographics and Interest Reporting

  • Google Display Network Impression Reporting
allow cookies

If you use the Google Analytics tools in your website, you are required to inform your users and include the following in your privacy policy:

  • A notice that third-parties use cookies to display the relevant advertising to the user

  • It should also include instructions on how users can use Google's Ad Settings to opt-out of the Google Analytics Advertising features

  • The advertising tools you use in your business, including how and why you use the features

Although Google doesn't provide instructions on the exact language you should use in your privacy policy, you should avoid legal jargon. You should write the policy using plain language in a way that is easy to understand.


Google AdSense 

If your website uses Google AdSense, you should update your privacy policy to meet the terms and conditions of Google AdSense. The policy should contain:

  • Information on double-click cookies

  • Information about third-parties using cookies to display ads depending on users previous growing behaviour

  • Instructions on how users can use the Google AdSense settings to opt-out of the use of the double-click cookies
third party

Google requires you to use banners or pop-ups to alert users on the use of cookies on the website.


If you want to create a website, ensure you create a privacy page and understand all the privacy policy requirements in different regions to avoid non-compliance issues.

Leave a Comment