Privacy Policies for Individuals
You may already know that registered companies that collect personal information from their clients must have a Privacy Policy posted conspicuously on their websites and in their apps.
But what about individuals who run personal websites? Or, what if you have an app that you run on your own and not as part of a registered or incorporated company? Do you still need a Privacy Policy?
The question to ask yourself first is whether or not your website or app collects personal data.
This can be something as simple as collecting email addresses to send newsletter updates out, or allowing readers to comment on your blog posts.
If the answer to this question is yes, you will likely need a Privacy Policy and will need to learn more about which regulations apply to your situation.
Most websites and apps are owned and operated through some kind of company or incorporated entity.
Let's take a moment to briefly review the meanings of "corporation," "limited liability company," "partnership," and "sole proprietorship."
Corporation
A corporation is a group of human beings legally authorized to act as one person. Under law, a corporation is seen as one person that can be taxed and even sued. The revenues come directly to the corporation and the board members then decide what to do with it. If one or all members of the corporation die or go bankrupt, the corporation still exists as a legal entity.
In the case of privacy law, a corporation's members are responsible for compliance with the law because they're the ones who control and/or process clients' personal or private information.
Limited Liability Company
You can think of an LLC as a compromise between a corporation and a business partnership (or sole proprietorship), chosen for its advantages over both.
In an LLC, you get more legal protection (in the event of bankruptcy, for example) than you would in a simple partnership or sole proprietorship without the effort, time and expense of setting up a corporation. The owners get the revenue and also pay the taxes. Unlike a corporation, if a member dies or goes bankrupt, the LLC must be dissolved.
In the context of privacy protection, an LLC's owners are responsible to see that the company complies with the law.
Partnership
A business partnership is an agreement between two people to share the ownership, responsibility, and profits of an enterprise. Revenue is shared as are duties such as tax obligations and compliance with privacy laws.
Sole Proprietorship
In a sole proprietorship, one individual owns the business and is thus responsible for it and receives all of the profits. This one individual is also obliged to have a Privacy Policy under certain conditions.
Privacy Regulations Determine Who Needs a Privacy Policy
According to most international laws, you need a Privacy Policy if you're collecting personally identifying information from citizens of countries covered by privacy protection regulations.
Personally identifying information includes but isn't limited to the following:
- Email addresses
- First/last names
- Phone numbers
- IP addresses
- Mailing addresses
- Financial information
As a rule of thumb, if you're marketing products or services online it's best to be at least generally aware of the main international regulations, because of the difficulty (if not impossibility) of restricting your digital marketplace to one country.
Here are a few of the main privacy regulations that may affect you.
PIPEDA
The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada's privacy protection law.
The text of PIPEDA is clear as to what constitutes an organization, and includes an individual person in the the official definition:
In Part 4 we learn that PIPEDA applies to every organization that collects, uses or discloses personal information in the course of commercial activity:
To further clarify, the Limit section outlines who the act doesn't apply to, including individuals who collect, use or disclose personal information solely for personal or domestic purposes and nothing else:
CalOPPA
The California Online Privacy Protection Act (CalOPPA) affects people far outside of the California state border. Here's how the Education Foundation of the Consumer Federation of California outlines who CalOPPA applies to:
So, it does apply to individuals if the individual owns or operates a commercial website or online service, and that commercial website or service collects and maintains personally identifying information from customers who reside in California.
Australia's Privacy Act
This act only applies to:
- Some government agencies
- Privacy sector organizations and not-for-profits that make over $3 million annually
- All private health service providers
- Some small businesses
GDPR
The GDPR goes about things a bit differently and uses the terms "data controller" and "data processor" throughout the legislation.
Either of these roles can be an individual, which means the majority of the law must be followed when applicable, regardless of whether you're an individual with a website or a large company with one.
Here's how Article 4 defines these terms:
Example Scenarios
Here are just a few possible scenarios that might require an individual to post a Privacy Policy:
-
You run a blog that invites readers to submit recipes to you through email, so you'll have their email addresses and probably their real names.
Unless you have software that collects and contacts email addresses anonymously, you'll need to have a Privacy Policy.
-
You sell products from your website or app and have shipping addresses, mailing lists, and financial information at your disposal.
You need a prominently posted Privacy Policy that complies with regulations.
Some third party ecommerce platforms require users to have a Privacy Policy, so make sure to check the Terms of Use if you're selling through one of these platforms.
-
You don't sell anything from your website, but you use Google AdSense and are an Amazon affiliate.
You need to have a Privacy Policy where you explain your use of cookies to your clients.
- Your blog sends out a monthly newsletter to an email mailing list.
As in number 1, unless you have software that doesn't show your clients' email addresses to you, you need a Privacy Policy. Even if you use a third party such as Mailchimp to manage your newsletter, you should have a Privacy Policy that discloses that a third party is collecting information through your blog.
If you aren't sure whether you need a Privacy Policy or not, consider whether you collect or use any personal information from your users. If you do, you should have a Privacy Policy.
How to Create a Privacy Policy for Your Website
Need a Privacy Policy? Our Privacy Policy Generator will help you create a custom policy that you can use on your website and mobile app. Just follow these few easy steps:
- Click on "Start creating your Privacy Policy" on our website.
- Select the platforms where your Privacy Policy will be used and go to the next step.
- Add information about your business: your website and/or app.
- Select the country:
- Answer the questions from our wizard relating to what type of information you collect from your users.
-
Enter your email address where you'd like your Privacy Policy sent and click "Generate".
And you're done! Now you can copy or link to your hosted Privacy Policy.
