As a business owner, it's important to create transparency.
This gives users peace of mind knowing their information is secure.
Also, depending on where you're based, laws like the GDPR and CCPA require you to notify users about their privacy rights.
In this article we'll talk about the importance of a "Your Privacy Rights" clause, what information to add to this clause, and show 7 examples to use as inspiration. Let's dive in!
For example, if you're collecting users' information in California, you must abide by the California Online Privacy Protection Act of 2003 (COPPA).
However, if you're collecting information from EU citizens, you must comply with EU law. This set of rules are more detailed since the EU is serious about protecting consumers.
This makes Privacy Policies essential.
Some examples of personally identifiable information include:
Personally identifiable information can also be anything used to find someone online or in person.
If you're collecting sensitive data or information on users under the age of 13, then there are additional hoops you'll need to jump through.
Outbrain does a great job at this. It shows users how to opt-out and delete their information:
Even if you're operating in a city or state where it isn't required by law, you still want to be transparent and inform users about their rights. This creates trust and credibility.
Now let's look at important information you must include when creating a "Your Privacy Rights" clause.
Many privacy laws require you to inform users about their rights.
For example, the GDPR or General Data Protection Regulation is a law that protects users and allows them to gain insight into how your company is collecting and storing their information.
Under the GDPR's rights, users can demand that you hand over and delete all information. Also, the GDPR states that if your website is hacked and users' data is stolen, you must notify them within three days.
When writing your "Your Privacy Rights" clause, inform users about these rights.
For example, Google published a video explaining these rights in a way that the average user can understand:
Another law that empowers users is the CCPA, or California Consumer Privacy Act. This law provides users with five fundamental privacy rights. These rights include the right to know, delete, opt-out, non-discrimination, and notice at collection.
The right to know allows users' to ask your business what information you're collecting and why.
The right to delete lets users ask your business to delete their information, while the right to opt-out allows users to opt-out of newsletters and notifications.
The right to non-discrimination protects users from companies discriminating against them because they exercised their CCPA rights.
Lastly, the right to notice at collection requires your business to inform users about your privacy practices.
When writing your "Your Privacy Rights" clause, it's essential to inform your users about these rights. A company that does this well is The Independent. It explains these five basic rights without having to read through walls of text:
The GDPR requires you to disclose important information like:
Also, not all cookies are the same, so it's important to touch on what type of cookies you're using. For example, essential, performance, functional, or advertising cookies:
Your "Your Privacy Rights" clause must cover how you intend to use any information you get from users. For example, you may use visitors' email addresses to notify them about discounts and exclusive offers.
If you intend to share this information with others, add it to this clause.
You should also provide clear instructions on how users can opt out of email newsletters or any other method of communication.
Here's an example of Facebook informing users on what it does with their information:
Now that you know what information to include in your "Your Privacy Rights" clause, let's look at a few examples to use as inspiration and guidance.
Twitter lets users know that they can control how their information is shared, which is a key aspect of most rights granted by privacy laws.
Users are given a bulleted, easy-to-read list of what exactly they can control, and are also provided with links to two different additional resources where they can adjust privacy settings and make decisions regarding their personal information:
Uber includes a clause that describes what rights users have when it comes to controlling the use of their data:
The clause includes links to where users can make specific requests, contact the company, or take steps on their own such as downloading their data.
It also includes information on how a user can exercise any of the rights, with multiple different methods for the user to contact the company:
Each section can be expanded and includes a link to a separate page with more detailed information, relevant to each set of rights:
When you go to a specific section, you're given information about what specific rights are granted under each specific law:
Make sure you include information about rights provided by a variety of privacy laws, such as the GDPR, CPRA and others.
Let users know: