Internet privacy laws apply to companies operating out of the legal jurisdiction, but also to any website or app that collects data from users who reside within their jurisdiction.
Some of the main laws you may need to comply with are:
These laws all require websites to disclose information about the data they collect from users. Some aspects vary among them, so be sure you are compliant with all regulations that apply to you and your users.
CalOPPA is a good standard to follow as its guidelines have been a model for other internet privacy laws and there is a good chance that your app or website will serve users who reside in California.
Second to this, you should comply with GDPR regulations if you currently serve users in the EU or plan to in the future.
For example, there is a big difference between a website that has a sign-up form requesting first name and email address compared to a website that stores information about a user's IP address, location, search habits, or purchase history.
Here is an example from Disconnect.me:
By being transparent with this information you are not only complying with the law but also building trust with your customers or clients.
For example, if in part 1 you declared that you collect location data, some users may be uncomfortable with this.
If, however, you explain in part 2 that you simply collect location data in order to provide them with correct pricing ($ vs £, for example), this may reduce the concerns they have about the data you are collecting.
By letting your users know how you are using the data you collect, you have an opportunity to teach them about the functionality of your website or app and use that as a selling point.
Below is an excerpt from LukieGames.com explaining why they collect user data:
It is also important to let users know if you are sharing or selling their data to a third-party. Once again, this is about transparency and the rights of the user to know how their personal data is being used.
For example, a customer may not be comfortable storing their credit card information on most websites.
If, however, you explain how their personal data is kept safe using cutting-edge security with virtually no chance of being compromised, you may be able to alleviate concerns and allow them to utilize the full functionality of your website.
Below is an example from LukieGames.com:
It may be as simple as "if you don't agree to our policies, do not use our website," or as in-depth as showing them how to opt-out of certain services, cancel a mailing list, delete their account, or block cookies and location data in their browser.
Below is an example from Zappos.com:
Different users have different opinions on the collection and usage of their personal data. It is your responsibility to let them know what choices they have when it comes to the collection and usage of their personal data on your website or within your app.
Once again, this can be a great opportunity to be helpful and build trust with your user-base.
Depending on the functionality of your app or website, there may be other factors you wish to discuss with your users.
This may include details about making an online purchase, not sharing personal information with other users on a social website, or getting a parent's permission before using a gaming website for minors.
Below is an example of Amazon.com's policies regarding minors:
For example, if you begin using a new analytics software that collects new data from users, you may send out an email to your clients notifying them of this change and/or post on your website that policies have changed and when the changes went into effect.
Be sure to comply with any additional legislation as these types of information are considered to go above and beyond standard website and business functions and require additional protection.
Here's how it looks:
Here's the full text:
This website collects location data and requests name and email address upon registration, and uses third-party tracking software.
This website collects user data regarding their location and upon registering you will be asked to fill out information such as your name and email address.
Location data is used to provide you with accurate information depending on your state or country of residence. Your name and email address will only be used in the profile you create and for our mailing list.
We take great care to secure our user information by implementing advanced encryption technology and firewall security measures. Your privacy and security are important to us!
Users are able to turn off location services by choosing "Block" instead of "Allow" when prompted upon visiting our website. You may also turn off location services in your browser. Please note that by not allowing us to access your location services, the data provided may be less accurate or less specific than intended.
Users are able to block cookies via their browser settings. Please note that this may disrupt certain functionality on the website that could affect user experience. Blocking cookies will also disable the "recommended for you" features on the website.
This website uses third-party tracking software that may collect data about your habits on our website. You can find more information about this functionality on our Terms & Conditions page.
If you have any questions or concerns, please visit our FAQ or contact us at the email address on our Contact page.
Here's how it looks:
Here's the full text:
Effective as of July 2017
We care about your privacy! We promise not to misuse, exploit, or sell any of the information that you provide on our website. All of the information you provide to us is used to complete purchase orders. The information needed to process purchases is secured in our records and kept safe and confidential. We do not share user data with any third-party entities.
The information required to place a purchase order at checkout is as follows:
All of our records are protected by Secure Sockets Layer (SSL) software that encrypts information to prevent unauthorized access to your personal data.