Privacy Policy for Individuals

New online platforms and the ease of app development makes market entry simple for even amateur developers.

If you perform app or website development outside of your regular day job or wish to test your market first before committing more time to development, it may not be on your immediate to-do list to incorporate.

Many people prefer to check the success of their ideas before taking the steps to officially starting a company.

Even as an individual developer, you still have legal requirements. You are not exempt from privacy laws just because you are a person rather than a company. These laws affect you and require that you draft a Privacy Policy if your app or website collects personal data.

The Typical Situation

If you review examples of Privacy Policies, you will see they reference a company, not an individual. Even individuals who perform business as sole proprietors often transact their business as an incorporated entity rather than using their own names.

This is due to the need to avoid personal liability.

Being personally connected to a business transaction or a privacy breach risks your personal assets. A successful lawsuit against you can attach your own real estate or bank accounts in addition to funds and property you hold exclusively for business purposes.

That is why you will not find Privacy Policies written for individuals. Tim Ferriss runs a blog that features his name prominently:

Main Image from Tim Ferriss Podcast

You would think Tim's Privacy Policy agreement connected to his name would work the same way. However, it places privacy burdens and responsibilities on a company name, not Tim Ferriss personally:

Tim Ferriss

Tim Ferriss is not alone in this practice. Ed Gandia sells products that teach copywriting and business writing. His website focuses more on his name rather than the name of his company. This changes when you go to his Privacy Policy:

Ed Gandia

This does not mean you can't develop and sell an app or website product without establishing a company first.

It's understandable and not unheard of to do so if you want to test the market without putting in a giant investment, or just want to see if you like developing and distributing apps in the first place. However, the decision to release an app or website as an individual rather than as a corporation does not relieve you of legal requirements.

Privacy Laws for Individuals

Privacy Policies are required anytime you collect personal data from users.

This is the case whether you run a large multinational company like Apple or if you create apps from your basement office.

Personal Data

Privacy protection laws address personal data. If you handle personal data, you must follow the requirements of these laws. Personal data for privacy law purposes is defined as any information that can be used to identify an individual. Some common examples of "personal data" include:

  • Full names
  • Home or email addresses
  • Date of birth
  • Identifying numbers, such as a driver's license or Social Security Number
  • Physical descriptions or ethnicity
  • Telephone numbers

Before you make an effort to draft a Privacy Policy, first assess whether you request personal data from your users. If you collect any of this information, ask yourself if it is truly necessary for the functioning of your app or website. The best way to protect privacy is to not request information in the first place.

If your service or product works fine without users revealing this information, consider never requesting it in the first place.

However, if you need personal data, being an individual does not exempt you from privacy protection laws.

Individuals as Operators

Laws concerning privacy typically refer to "organizations."

An organization for these purposes includes anyone who creates, runs, and manages an app or website that requests personal data.

While it's often assumed that these rules only apply to corporations, that is not the case.

In USA

The California Online Privacy Protection Act is the most extensive privacy act in the United States. Since California is a heavily populated state, it is impossible to run an app or website in the U.S. without engaging California citizens. You need to pay attention to this law as if it contained federal requirements.

The act applies to any person or entity that runs a commercial website or online service available to California residents.

In Canada

The Canadian law, Personal Information Protection and Electronic Documents Act (PIPEDA), applies to organizations:

Application clause of PIPEDA

Individuals are included in its definition of organizations:

Definition of organization from PIPEDA

In Australia

You will also find this in Australia with the Privacy Act 1988. Organizations also include individuals:

Definition of organisation from the Australian Privacy Act 1988

In the E.U.

The E.U. places strict privacy requirements on its member states. Individuals are also held to these laws, although it refers to "controllers" and "processors" rather than organizations:

E.U. Privacy Requirements mention controllers and processors instead of organizations

Finally, as an example of following the E.U. requirements, the U.K. passed an extensive privacy protection law called the Data Protection Act 1988. This law does not exempt individual developers if they collection personal information:

Definitions of a data controller and data processor from the E.U. Data Protection Act 1988

Knowing that individual developers are bound by privacy laws helps you make informed decisions. If you handle personal data within a website or app, you may want to consider incorporation.

Consider Incorporation

Privacy breaches are burdensome to all corporations, even the largest ones. If the data you store is compromised, you can face penalties which may include fines and civil liability.

However, rather than enjoying the protection of a corporate structure, users pursue you personally for damages when you aren't incorporated. This can leave you financially destitute in addition to undermining your business efforts.

That is why if you handle personal data, you should consider creating a company first. This offers advantages over doing this on your own, including:

  • Establish ownership: Running your app or website through a corporate entity gives you a stronger grip on intellectual property and asset ownership.This is especially important if you develop your service in partnership with another party who may claim a larger ownership interest than deserved or expected.
  • Tax consequences: In many jurisdictions, you enjoy greater tax benefits as a corporation than an individual.This can save you money and contribute to the long term success of your products and business.
  • Protection from personal liability: This is the theme throughout this discussion. Even if you do not feel you have anything to lose now, that can change later as your life evolves to home ownership and other milestones. You do not want these items attached to fulfill lawsuit or fine payments.By incorporating, you get more protection between your personal assets and any data breaches that may occur as you run your app or website.

If you decide to proceed with your plans in an individual capacity, that remains an option for you. Incorporation remains an option as your app or website expands. Just be aware that requirements for protecting data and drafting a complete Privacy Policy remain even though you do not operate through a company.