Let’s Talk About Privacy Policies

What you need to know about requirements for website privacy policiesThere have been a lot of talks lately about online data protection and privacy. You may have noticed many of the online services you use, asking you to read and approve of new privacy policies and updates. While the main reason behind this relates to changes in EU laws, there are some reasons here at home you may want to consider this for your business.

Whether you have a current Privacy Policy that may be in need of updating, or you don’t have one at all, here are some hows and whys, and what we can do to help.

What’s Going on in the EU

Much of this is in response to the new EU law on data protection and privacy, known as the General Data Protection Regulation (GDPR). The purpose of the GDPR is to provide a set of standardized laws, to make it easier for EU citizens to understand how their data is being used, and how to file formal complaints, even if they are not in the country where a website or online service is located. While this regulation addresses individuals within the European Union (EU) and the European Economic Area (EEA), it matters to us websites owner here in the U.S., because there is no way to guarantee that a person from a European country will never use one of our websites. Every website is part of the world wide web, which means everyone, worldwide, is affected.

Many major online service providers are updating their policies in response to the requirements of the GDPR. Google especially, has made changes to their Privacy Policy and Terms of Service.

This makes sense because Google products can collect a surprising amount of information. Google Analytics, for example, uses a tracking cookie (a small data file downloaded to your device upon viewing a website), so your web browser automatically sends information such as the:

  • Internet domain through which you access the Internet (e.g., yourServiceProvider.com if you use a commercial Internet service provider, or yourSchool.edu if you use an Internet account from your school),
  • Internet Protocol address of the computer you are using,
  • type of browser software and operating system you are using,
  • date and time you access a site, and
  • the Internet address of the site from which you linked directly to a site.

In order for this type of data collection to be compliant with GPDR, a website must clearly state what information is being collected, how the information is being used, and so on.


“It is important to know, Google has passed this responsibility off to its users by requiring all users of Google products (like Google Analytics) to have their own Privacy Policies.”


The requirements of each Privacy Policy can vary depending on the Google products/services used. In regards to Google Analytics, for example, you can see the specifics outlined here in Google Analytics Terms of Service.

U.S. Federal and State Regulations

Outside of these new GDPR requirements, there isn’t one specific law here in the U.S. that explicitly requires Privacy Policies. However, there are enough various federal and state laws that suggest you need to have one. This is especially true for websites related to specific industries, such as:

  • Healthcare,
  • Financial services, and
  • Services that target children (under the age of 13).

The Federal Trade Commission, FTC, does enforce these laws and works to protect consumer privacy.

In the state of California, this includes any websites or online services that collect information from residents of California. This is regardless of whether or not a business is physically located in the state, under Section 22575 of the California Business Code. Under this law, a website is required to have privacy policies if it:

  • Collects any type of personally identifiable information.

Personally, identifiable information is any information that can be used to contact or identify a person directly (like first name, last name, email address, phone number, and so on). Most often, this is collected through contact forms and email newsletter sign-up forms on a website.

Good Business Practice

Whether or not it is required by law, it is good business practice to have Privacy Policies on your website. Letting your customers know how and why you use their information builds trust and transparency. It also helps you, as a business, be protected from legal liability. Furthermore, it is becoming the standard for websites on the internet. Many customers expect this now. In every sector of the internet, there is an ever-increasing demand for transparency in regards to information collection and security. Privacy policies are here to stay.

Do you have a privacy policy on your website?

If you don’t, this may be the right time. You may need one because the law requires it, Google requires it (if you have Google Analytics or another Google service active on your site), or because it is simply good business practice.

Write or Update Your Privacy Policy

Here are a few tips for writing your policy:

  1. Be honest. Your privacy policy needs to reflect your business’ actual practices. Taking a policy from another website, or using a policy generating service, may not accurately represent the protection practices of your business. Be sure that what you include, reflects the guidelines your company follows.
  2. Be clear. Use language your customer’s can understand. It is unfortunate, but many companies resort to complicated legalese, to be as vague and flexible with wording as possible, an effort to reduce legal liability.
  3. Be thorough. There are some basic elements that every privacy policy should include, such as:
    • What information is being collected,
    • What options a customer has about how the data is being collected and used,
    • How a customer can see/request a correction or change to their information,
    • How the data is protected, and
    • How a customer can contact you for questions or issues, especially in the event a Privacy Policy is not met.

The Better Business Bureau has a great sample policy you may want to use as a guide.

It is recommended to put a link to your Privacy Policy on every page of your website, in an easy to access location, such as in the footer.

Thrive Can Help

If you don’t feel comfortable writing your own Privacy Policy, we can help.

The Thrive team can review your website, and make recommendations on what needs to be included based on the specific requirements of your website. We can work with you to discuss your unique internal business practices, and together, draft a custom Privacy Policy for your website. We can add the page to your website, add the appropriate links to your new Privacy Policy page, and add a custom site notification banner to let your visitors know about your new policy.


Click here to get started »

Posted In: News