"What are Your Privacy Rights" Clause in Privacy Policy

As a business owner, it's important to create transparency.

One of the best ways of doing this is by having a Privacy Policy with a "What are your private rights" or WAYPR clause. This clause clearly explains the privacy rights of users, what data you're collecting, and how you're storing this data.

This gives users peace of mind knowing their information is secure.

Also, depending on where you're based, laws like the GDPR and CCPA require you to notify users about their privacy rights.

In this article we'll talk about the importance of a "Your Privacy Rights" clause, what information to add to this clause, and show 7 examples to use as inspiration. Let's dive in!

Do You Need a Privacy Policy For Your Business?

A Privacy Policy is an agreement between your business and users about collecting and using their information. Many states and nations require you, by law, to have a Privacy Policy on your website if you're collecting personally identifiable information.

For example, if you're collecting users' information in California, you must abide by the California Online Privacy Protection Act of 2003 (COPPA).

However, if you're collecting information from EU citizens, you must comply with EU law. This set of rules are more detailed since the EU is serious about protecting consumers.

This makes Privacy Policies essential.

Some examples of personally identifiable information include:

  • Names
  • Email addresses
  • Phone numbers
  • Physical addresses
  • Social security numbers
  • Medical history

Personally identifiable information can also be anything used to find someone online or in person.

If you're collecting sensitive data or information on users under the age of 13, then there are additional hoops you'll need to jump through.

For example, minors are less likely to read and understand your Privacy Policy. This is why your "Your Privacy Rights" clause should be clear and easy to understand.

Now that you understand why you need a Privacy Policy for your website, let's cover the importance of having a "Your Privacy Rights" clause within the policy.

Should Your Privacy Policy Include a "Your Privacy Rights" Clause?

Yes, your Privacy Policy should include a "What are your privacy rights" clause.

A "Your Privacy Rights" clause is a statement that discloses what information your business is collecting and how you're using that information. It also informs users about their rights and what to do if they disagree with your Privacy Policy.

Outbrain does a great job at this. It shows users how to opt-out and delete their information:

Outbrain Trust Center: Opting out section

Even if you're operating in a city or state where it isn't required by law, you still want to be transparent and inform users about their rights. This creates trust and credibility.

Now let's look at important information you must include when creating a "Your Privacy Rights" clause.

What Information Should a "Your Privacy Rights" Clause Include?

When creating a "Your Privacy Rights" clause for your Privacy Policy, you must cover a minimum amount of topics. These topics include:

  • Personal information privacy
  • Cookie data
  • Collected information
  • Informational usage
  • Age-related issues

Personal Information Privacy

Many privacy laws require you to inform users about their rights.

For example, the GDPR or General Data Protection Regulation is a law that protects users and allows them to gain insight into how your company is collecting and storing their information.

Under the GDPR's rights, users can demand that you hand over and delete all information. Also, the GDPR states that if your website is hacked and users' data is stolen, you must notify them within three days.

When writing your "Your Privacy Rights" clause, inform users about these rights.

For example, Google published a video explaining these rights in a way that the average user can understand:

Google Privacy and Terms: Your Privacy Controls clause with video section highlighted

Another law that empowers users is the CCPA, or California Consumer Privacy Act. This law provides users with five fundamental privacy rights. These rights include the right to know, delete, opt-out, non-discrimination, and notice at collection.

The right to know allows users' to ask your business what information you're collecting and why.

The right to delete lets users ask your business to delete their information, while the right to opt-out allows users to opt-out of newsletters and notifications.

The right to non-discrimination protects users from companies discriminating against them because they exercised their CCPA rights.

Lastly, the right to notice at collection requires your business to inform users about your privacy practices.

When writing your "Your Privacy Rights" clause, it's essential to inform your users about these rights. A company that does this well is The Independent. It explains these five basic rights without having to read through walls of text:

The Independent Privacy Notice: Your Rights section

Cookie Data

Most websites use a series of cookies to track and store visitors' data. If you use cookies, notify your users. Users will want to know how these cookies function and what type of information is being collected.

The GDPR requires you to disclose important information like:

  • What personal data do you collect
  • How do you manage it
  • How can users have control over it

To comply with the GDPR, let users know that your website uses cookies and what information these cookies are collecting.

When addressing your use of cookies, talk about:

  • What cookies are
  • What they do
  • Why they're needed
  • How they help the user's experience

If you're looking for some inspiration, take a look at Insider's Cookie Policy:

Insider Cookies Policy intro clause

Also, not all cookies are the same, so it's important to touch on what type of cookies you're using. For example, essential, performance, functional, or advertising cookies:

Insider Cookies Policy: Categories of cookies we use clause excerpt

Informational Usage

Your "Your Privacy Rights" clause must cover how you intend to use any information you get from users. For example, you may use visitors' email addresses to notify them about discounts and exclusive offers.

If you intend to share this information with others, add it to this clause.

You should also provide clear instructions on how users can opt out of email newsletters or any other method of communication.

Here's an example of Facebook informing users on what it does with their information:

Facebook Data Policy: How do we use this information clause excerpt

Now that you know what information to include in your "Your Privacy Rights" clause, let's look at a few examples to use as inspiration and guidance.

Examples of "What are Your Privacy Rights: Clauses


Twitter lets users know that they can control how their information is shared, which is a key aspect of most rights granted by privacy laws.

Users are given a bulleted, easy-to-read list of what exactly they can control, and are also provided with links to two different additional resources where they can adjust privacy settings and make decisions regarding their personal information:

Twitter Privacy Policy: How You Control the Information You Share with Us clause


Google's Privacy Policy informs users that they can opt out of certain types of cookies and provides links to where these choices can be implemented. Users are also told that they can decline to submit personal information if they wish:

Google Security and Privacy: The right to opt out of ad serving cookies section highlighted


Uber's Privacy Policy is very easy to understand.

Uber includes a clause that describes what rights users have when it comes to controlling the use of their data:

Uber Privacy Notice: User Personal Data Requests clause

The clause includes links to where users can make specific requests, contact the company, or take steps on their own such as downloading their data.


Outbrain's Privacy Policy has a specific section to address the rights of California residents. This section outlines all of the rights in a bullet list format that's easy to read:

Outbrain Privacy Policy: California Privacy Rights clause excerpt

It also includes information on how a user can exercise any of the rights, with multiple different methods for the user to contact the company:

Outbrain Privacy Policy: California Privacy Rights clause - How to exercise the rights section


Disney includes multiple different sections of its Privacy Policy to address different user rights including California, UK and the EU, and Brazil:

Disney Privacy Policy: Table of contents - User rights sections

Each section can be expanded and includes a link to a separate page with more detailed information, relevant to each set of rights:

Disney Privacy Policy: UK and EU Residents Rights section highlighted

When a user navigates to the specific rights page, detailed information regarding the rights can be found, including what the rights are, how to contact Disney with issues, informational websites, and a link back to the main Privacy Policy:

Disney UK and EU Privacy Rights page excerpt

The Guardian

The Guardian's Privacy Policy also includes a number of sections related to user privacy rights:

The Guardian Privacy Policy table of contents: Privacy rights sections highlighted

When you go to a specific section, you're given information about what specific rights are granted under each specific law:

The Guardian Privacy Policy: Your Australian Privacy Rights section


As you can see, there are many different ways to create a clause in your Privacy Policy that breaks down what user privacy rights are. Through the use of formatting such as bullet points and lists, these sections can be made very easy for readers to understand.

Make sure you include information about rights provided by a variety of privacy laws, such as the GDPR, CPRA and others.

Let users know:

  • What their rights are
  • How they can exercise them
  • How to contact you with any questions or concerns