What’s With All The Privacy Policy Updates

Have you ever received an email notification informing you about an update of the terms of a website that you frequent? The emails may come from different sites informing you of their intention to update their terms of use or privacy policy.

If you've received such emails or update notices, it's helpful to understand what it means and the reason for updating their privacy.

Well, privacy policy updates are to protect your data. The General Data Protection Regulation (GDPR), developed in 2018 requires online service providers to have more transparency as they deal with consumers.

The GDPR wishes to upgrade the standards on how your information and privacy are handled.

man with tablet

Companies operating in various regions, including the EU, the United States, Australia, Brazil, etc., have improved their standards of protecting user privacy.

But what does a privacy policy refer to, and how is it updated? Will you be affected by the updates as a user?

What Is a Privacy Policy?

If you use the internet or visit websites, you must have come across a request from a website asking you to agree to their terms of service. Whether you agree or disagree with the terms, you’ll get a button that allows you to click depending on your decision. 

So, what do the terms of service or the privacy policy mean?

A privacy policy is a legal document that outlines the methods that a company intends to employ to protect its client, consumer, or employee. The policy should explain the type of information the company wants to collect, how they intend to use it, and how they share it.


The policy dictates everything from the collection of user data, its storage, use, and sharing.

Most websites make terms of service easily accessible to users. As such, the user is fully aware of the type of data the company intends to collect all through to how they'll share it with other third-parties.

You must read and understand the terms before you sign up for the terms of service.

According to a 2017 Deloitte survey, an alarming 91% of Americans agree to terms of use, legal terms, and privacy policies without reading them. The details are more shocking in young users in the 18-34 years age group, with 97% accepting the terms and conditions without reading.

woman and laptop

The policy should outline in detail what it intends to do with your confidential information. The terms and conditions should be written in an easy-to-understand language and avoid legal jargons that the user may not be familiar with.

The privacy policy should make it easy to understand what you are about to accept or consent to. It is also crucial that you be notified when there are a privacy policy update and an updated privacy policy.

 Why Is Every Website Doing a Privacy Policy Update?

Websites updates their terms and conditions or privacy policies to comply with data protection laws. They also inform users of their rights and how the company intends to collect data, store it and use it.


Among the latest data protection regulations include California Consumer Privacy Act (CCPA) and GDPR.

The laws require websites that collect user data to be transparent about collecting, storing, and sharing the data and making users aware of their rights.

What Is General Data Protection Regulation?

In 2016, the European Parliament came up with a registration where they age website users more control over their personal information and data. According to the legislation, it was a law requiring all companies to protect the confidential data and privacy of European Union citizens for all transactions based in the European Union.

two iphones

The GDPR gave the organizations two years to comply with the registration. The new law went into effect on May 25, 2018. If you received privacy policy updates around that time, it was due to the companies trying to comply with the registration.

Some of the most significant changes regarding how companies and organizations deal with personal information and data include:

  • Data portability

  • Right to be forgotten

  • Breach notification

  • Privacy by design

  • Right to access

security in europe

Breach of Notification

According to article 33 of the GDPR, a company or organization should report a data breach to a supervisory authority in a span of 72 hours of noticing it. The process requires data controllers to determine who is affected by the data breach and the type of information that has been compromised.

If the company deals with large-scale and high-risk data that risks the user's financial, identity, and other data, the company should inform them.


The regulation also requires the organization to be clear and comprehensive when communicating an active situation to the users. In some countries, the companies may be required to provide proof of communication to the relevant supervisory authorities.

Right to Access

According to chapter 15 of the privacy policies regulation, the customers have the right to access the following information:

  • Purpose of the processing of personal data

  • Categories of the specific data

  • The right to file a complaint with the necessary supervisory authority

  • Envisioned duration for which the personal information will be stored

  • Existence of automated decision making and profiling

  • The right to request erasure or ratification of personal data from the controller

click on access

Data Protection by Design

Article 25 of the regulation states that user privacy and security shouldn't be an afterthought. Controllers responsible for creating websites should prioritize data protection.

Data Portability 

Article 20 allows users to transfer personal data from one controller to another.

Right to be Forgotten

This right is also referred to as the right to erasure. It is not an absolute right, and it is only applicable in certain circumstances. The new law gives the user the right to have personal information permanently erased.

delete button

From the above regulations, we can tell that many privacy policies are a critical part of your business. If you make any online privacy policy changes, you should update the terms to reflect the change.

Additionally, if you updated privacy policies, you should inform the users before the changes are effected. Providing an update notice for the changes in your privacy policy is a requirement of law, and it is also a good business practice.

When Should you Update your Terms?

Your Privacy policy is not a one-off document that you are done with, and you forget about it. On the contrary, it is a living document that requires constant reviews and updates.

As websites are updating privacy policy, they comply with the latest lay requirements. The new privacy policy should be in line with your current data practices.


You should also review and update your privacy policy if a function of your website changes. For instance, if you intend to launch a newsletter or start using PayPal, the changes should reflect in your privacy policy.

Note, apart from making the privacy policy changes, you also need a record of the changes. As such, you should keep the outdated version of the privacy policy for safekeeping.

What Should I Look for within the Updates?

How Data Is Collected and Shared

When you receive a privacy policy change notification email, one of the things you should look for is how they collect information. Also, it should indicate how the data collected is shared.

For example, if you want to sign up for Facebook, you must provide various details, including your name, birth date, mobile phone number, email, etc.

globe information

However, Facebook also tracks your online behaviour.

When you are logged in, Facebook will collect data about:

  • The IP address you use to log in to your account

  • All third-party apps that you link to your account

  • All connected devices you have used to log into your account, etc

In their privacy policy, Facebook just states that they won't sell your information to anyone, they are responsible for keeping the data safe and secure and that they share the data with the following:

  • Researchers and academics

  • Advertisers

  • Legal requests and law enforcement

  • Third-party apps and apps with Facebook integration

Giving User Control Over Advertising

Although you won't absolutely get rid of advertisements on your timeline, Facebook has given you the ability to control the information that is used to target you.

Before the privacy protection regulations, Facebook would use all the information you provided to generate targeted ads.

After the regulations, the company will prompt you to disable or enable targeted ads based on the religious, relationship, and political information you provide.

Company Transparency

Facebook has boosted its transparency and made its privacy policy easily accessible to users. They have also come up with privacy shortcuts that make it easy for you to delete or modify your information.

multiple phones

As you look at a new privacy policy, you should look at how the company will collect and use your data, and how transparent the policy is.


Websites will have privacy policy updates to comply with the latest regulations. That explains why you keep receiving numerous emails informing you about the updates. 

Leave a Comment