Do you need a privacy policy - Bite-Sized Legal #2

The Bite-Sized Legal Newsletter




Subscribe to our newsletter

By subscribing, you agree with Revue’s Terms of Service and Privacy Policy and understand that The Bite-Sized Legal Newsletter will receive your email address.

Do you need a privacy policy - Bite-Sized Legal #2
By Bite-Sized Legal • Issue #2 • View online
You have started a project and built a website. Now you wonder if you need a privacy policy for the website.
Yes, you do need a privacy policy. The days when some websites or apps could get by without one are long gone. No website or app should appear on the internet without a privacy policy.
Yes, you do need a privacy policy for every single website you’ll put on the internet. And that is just one element of compliance with data protection laws.
The privacy policy is a document that describes your data privacy practices to users. You need to be transparent with them and this is how you provide such transparency.
Some laws explicitly require privacy policy, while others require transparency where having a privacy policy is the most practical way to be transparent.
To sum it up, you need a privacy policy for your website or app as soon as they get to the internet.

But that's not enough for compliance
Having some text named privacy policy on your website is not enough for compliance.
There are two things you have to keep in mind:
  1. The privacy policy has to contain a minimum set of elements to be compliant with the relevant data protection laws. At a minimum, in most cases you’ll need to tell users what data you process, why and how you collect it, with whom you share it, and what are the users’ rights in relation to their data. These elements are beyond the subject of this newsletter issue. I will write more about it in the next weeks.
  2. You need to obtain user’s explicit consent where the relevant law (such as the GDPR) requires so. Having a privacy policy doesn’t make you compliant with the GDPR if your website uses cookies without asking users for consent.
A privacy policy is not all you need for compliance with the relevant data protection laws. It almost never is.
The only exception is if you are based in the United States and all your users come from the United States or another country with non-comprehensive or non-existent data protection law. In any other case, having a privacy policy is not enough.
If you have any questions, reply to this email and I’ll be happy to respond.
Also, if you anyone who would benefit from a newsletter like this, forward them this issue and this link.
Stay safe,
Did you enjoy this issue?
Bite-Sized Legal

Legal for makers and freelancers, weekly, for free.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue