Last Updated: June 17, 2021
This website does not collect, share, or store your personal information. The content of this website is purely informative, and as such, it doesn’t interfere with your private data.
At times, you can use the terms and conditions agreement to regulate your users’ activities and set their expectations. Additionally, this agreement can cover some of your company’s legal requirements.
Terms of service are legally little, or not at all, dissimilar to terms and conditions. The only difference may be in the area of coverage. While terms and conditions cover the rights and responsibilities of the whole website, terms of services can apply more specifically.
In other words, terms of service usually apply to rules and regulations of specific services or goods that the website is offering. However, these two terms often overlap to the extent they can be used interchangeably.
Websites that collect user data
Websites that use payment processing tools
Analytics suites employing websites
If your website uses advertising plug-ins
A website that exceeds a certain number of users or amount of earnings
- Your business has more than 50,000 customers.
- More than half of your annual revenue comes from selling personal data.
- Your business has more than $25 million in annual earnings.
The two main principles under which CalOPPA operates are transparency about the PII (personally identifiable information) and implementation of DTR (do not track requests) options.
- Full name
- Email addresses
- Telephone numbers
- Social security number
- Personal descriptions such as height, eye color, hair color, and similar,
- IP addresses
- Any other personal data that someone can use along with the above-mentioned details for individual identification
In other words, for your website to comply with CalOPPA, you need to make clear to your customers which PII exactly your website collects. As well as, what are their DTR options, in case they don’t agree on their personal browsing activities being tracked.
CCPA introduced new digital consumers’ rights, brought higher standards for data collections, and new penalties came into force.
The good news is this new privacy act applies only to “businesses” that collect “consumer” data. But, let’s first learn more about these two terms.
- Business, in this case, is considered to be only a profit-gaining entity that either earns $25 million yearly, has over 50,000 consumers each year, or earns at least half of its annual revenue by selling personal data.
- Consumer, by CCPA standards, refers to a person that is a California resident.
Nonetheless, if you are just starting a small business that doesn’t yet reach the above-mentioned numbers, you are good, as far as the CCPA is concerned.
- The law is equal throughout the EU.
- The integrity of users has to be respected — the personal data can be collected only if it is immediately necessary, and never just in case or for later actions. The process must run securely. And, the individual has to be informed about the data collecting activities.
- All the data collecting and using activities must be legal — a contract, consent, or any authorized alternative legal bond has to be signed.
- Any data breach has to be reported within the next 72h — new to GDPR.
These are just GDPR requirements in a nutshell. The regulation is on since 2016, and since then, it has constantly been updating. The fines for non-compliance are very high. They can go up to 4% of the company’s global sales (of the last 12 months) or €20 million (over $24 million).
The Data Protection Act requirements
Every person or business that operates with personal data must follow strict rules ( termed data protection principles). They must ensure all the data is:
- Used in a fair, lawful, and honest manner
- Employed for named and explicit purposes
- Used adequately and to relevant purposes
- Kept for only as long as it is necessary — no longer than that
- Accurate and kept up to date ( whenever this is applicable)
- Fully secured, including protection against unlawful or unauthorized access, processing, loss, or damage
Sensitive personal information, such as ethnic background, political views, religious beliefs, etc., is treated as sensitive information and has even stricter legal protection.
PIPEDA — Canada privacy protection requirements
Organizations that PIPEDA covers must possess an individual’s consent for any collection, usage, or disclosure of that individual’s private data. Furthermore, their customers have the right to access their information files at all times and to check their accuracy.
Users’ age, first and last name, ID numbers, incomes, blood type, opinions, evaluations, beliefs, financial records, and more all fall under the personal information category. Under PIPEDA, every organization needs to protect personal information from the moment it gets access to it.
Australia privacy protection requirements
So far, there are 13 Australian Privacy Principles (APPs) that set up standards, rights, and responsibilities regarding:
- The collection, usage, and disclosure of personal information
- An organization or agency’s administration and accountability
- Integrity and alteration of personal information
- The individuals’ rights to access their data
If you need to familiarize yourself with APPs in detail, the full document of Privacy Act 1988 is available online.
- A statement that you use Google Analytics to track user activities and behavior
- An explanation of how you collect and use the data
- Information for the users about the usage of cookies
- Hire a professional agency or a lawyer to help you.
Next, you should check other examples and templates on other websites to get an idea of
Be transparent about the personal data collected and the purpose behind it. Inform your customers of how your service can be conducted, with different levels of personal data accessibility. Mention how they can protect their personal information. Finally, make sure to highlight all the plug-ins that your website is using.
Should I hire an attorney to help me?
Keep in mind that you don’t have to have a lawyer for this. However, depending on the complexity of your website, the amount of personal information it operates with, and the different client backgrounds and countries involved, it can be advisable. The more intricate your situation, the better chances for some unwanted lapse.
You can avoid all these by getting legal help. However, that help is often pricey, so make sure you budget for that in advance.
To Sum up
Websites can collect all kinds of personal information. The first and last name, home address, email address, bank account number, social security number are among the most common ones. Of course, that’s not a complete list. In some cases, even your political and religious choices can be tracked.
Yes, definitely. An email address is considered a piece of personal information.