As a business owner, it's important to create transparency.
One of the best ways of doing this is by having a Privacy Policy with a "What are your private rights" or WAYPR clause. This clause clearly explains the privacy rights of users, what data you're collecting, and how you're storing this data.
This gives users peace of mind knowing their information is secure.
Also, depending on where you're based, laws like the GDPR and CCPA require you to notify users about their privacy rights.
In this article we'll talk about the importance of a "Your Privacy Rights" clause, what information to add to this clause, and show 7 examples to use as inspiration. Let's dive in!
A Privacy Policy is an agreement between your business and users about collecting and using their information. Many states and nations require you, by law, to have a Privacy Policy on your website if you're collecting personally identifiable information.
For example, if you're collecting users' information in California, you must abide by the California Online Privacy Protection Act of 2003 (COPPA).
However, if you're collecting information from EU citizens, you must comply with EU law. This set of rules are more detailed since the EU is serious about protecting consumers.
This makes Privacy Policies essential.
Some examples of personally identifiable information include:
Personally identifiable information can also be anything used to find someone online or in person.
If you're collecting sensitive data or information on users under the age of 13, then there are additional hoops you'll need to jump through.
For example, minors are less likely to read and understand your Privacy Policy. This is why your "Your Privacy Rights" clause should be clear and easy to understand.
Now that you understand why you need a Privacy Policy for your website, let's cover the importance of having a "Your Privacy Rights" clause within the policy.
Yes, your Privacy Policy should include a "What are your privacy rights" clause.
A "Your Privacy Rights" clause is a statement that discloses what information your business is collecting and how you're using that information. It also informs users about their rights and what to do if they disagree with your Privacy Policy.
Outbrain does a great job at this. It shows users how to opt-out and delete their information:
Even if you're operating in a city or state where it isn't required by law, you still want to be transparent and inform users about their rights. This creates trust and credibility.
Now let's look at important information you must include when creating a "Your Privacy Rights" clause.
When creating a "Your Privacy Rights" clause for your Privacy Policy, you must cover a minimum amount of topics. These topics include:
Many privacy laws require you to inform users about their rights.
For example, the GDPR or General Data Protection Regulation is a law that protects users and allows them to gain insight into how your company is collecting and storing their information.
Under the GDPR's rights, users can demand that you hand over and delete all information. Also, the GDPR states that if your website is hacked and users' data is stolen, you must notify them within three days.
When writing your "Your Privacy Rights" clause, inform users about these rights.
For example, Google published a video explaining these rights in a way that the average user can understand:
Another law that empowers users is the CCPA, or California Consumer Privacy Act. This law provides users with five fundamental privacy rights. These rights include the right to know, delete, opt-out, non-discrimination, and notice at collection.
The right to know allows users' to ask your business what information you're collecting and why.
The right to delete lets users ask your business to delete their information, while the right to opt-out allows users to opt-out of newsletters and notifications.
The right to non-discrimination protects users from companies discriminating against them because they exercised their CCPA rights.
Lastly, the right to notice at collection requires your business to inform users about your privacy practices.
When writing your "Your Privacy Rights" clause, it's essential to inform your users about these rights. A company that does this well is The Independent. It explains these five basic rights without having to read through walls of text:
Most websites use a series of cookies to track and store visitors' data. If you use cookies, notify your users. Users will want to know how these cookies function and what type of information is being collected.
The GDPR requires you to disclose important information like:
To comply with the GDPR, let users know that your website uses cookies and what information these cookies are collecting.
When addressing your use of cookies, talk about:
If you're looking for some inspiration, take a look at Insider's Cookie Policy:
Also, not all cookies are the same, so it's important to touch on what type of cookies you're using. For example, essential, performance, functional, or advertising cookies:
Your "Your Privacy Rights" clause must cover how you intend to use any information you get from users. For example, you may use visitors' email addresses to notify them about discounts and exclusive offers.
If you intend to share this information with others, add it to this clause.
You should also provide clear instructions on how users can opt out of email newsletters or any other method of communication.
Here's an example of Facebook informing users on what it does with their information:
Now that you know what information to include in your "Your Privacy Rights" clause, let's look at a few examples to use as inspiration and guidance.
Twitter lets users know that they can control how their information is shared, which is a key aspect of most rights granted by privacy laws.
Users are given a bulleted, easy-to-read list of what exactly they can control, and are also provided with links to two different additional resources where they can adjust privacy settings and make decisions regarding their personal information:
Google's Privacy Policy informs users that they can opt out of certain types of cookies and provides links to where these choices can be implemented. Users are also told that they can decline to submit personal information if they wish:
Uber's Privacy Policy is very easy to understand.
Uber includes a clause that describes what rights users have when it comes to controlling the use of their data:
The clause includes links to where users can make specific requests, contact the company, or take steps on their own such as downloading their data.
Outbrain's Privacy Policy has a specific section to address the rights of California residents. This section outlines all of the rights in a bullet list format that's easy to read:
It also includes information on how a user can exercise any of the rights, with multiple different methods for the user to contact the company:
Disney includes multiple different sections of its Privacy Policy to address different user rights including California, UK and the EU, and Brazil:
Each section can be expanded and includes a link to a separate page with more detailed information, relevant to each set of rights:
When a user navigates to the specific rights page, detailed information regarding the rights can be found, including what the rights are, how to contact Disney with issues, informational websites, and a link back to the main Privacy Policy:
The Guardian's Privacy Policy also includes a number of sections related to user privacy rights:
When you go to a specific section, you're given information about what specific rights are granted under each specific law:
As you can see, there are many different ways to create a clause in your Privacy Policy that breaks down what user privacy rights are. Through the use of formatting such as bullet points and lists, these sections can be made very easy for readers to understand.
Make sure you include information about rights provided by a variety of privacy laws, such as the GDPR, CPRA and others.
Let users know: