What are Privacy Centers and Should You Have One?

by Jennifer L. Legal writer.
What are Privacy Centers and Should You Have One?

If you run a website or a mobile app, and you collect data from your users, then it's a good idea to create a Privacy Center. A Privacy Center lets your customers find everything they need to know about your Privacy Policies in one convenient location, and they're designed to make it easier for users to stay in control of their personal information.

Privacy Centers are becoming increasingly popular with businesses of all sizes, and it's not just because Privacy Policies and clear privacy practices are often required by laws such as the General Data Protection Regulations (GDPR) and the California Consumer Privacy Act (CCPA). It's because users care about what happens to their personal data and they want to control:

  • What personal data a company can access
  • How the company handles this data
  • Whether the company sends or sells the data to third parties
  • How easily a company can "forget" their personal data and unsubscribe them from company services
  • The marketing they receive from companies and the advertisements they see online

Privacy Centers make it much easier for companies to address all of these concerns and more, all from one single location on their website.

The typical Privacy Center contains the following:

Some Privacy Centers have links to more comprehensive information, but for now, just bear in mind that no two Privacy Centers look alike, and that's okay. There's no set formula.

Furthermore, a Privacy Center is not mandatory. Many businesses, such as very small businesses, do not use them. However, Privacy Centers are very straightforward to set up, and they demonstrate your commitment to data protection and legal compliance. As such, you should seriously consider implementing a Privacy Center.

So, if you're planning on setting up a Privacy Center, here's what you need to know.

What are Privacy Centers?

What are Privacy Centers?

Privacy Centers are essentially interactive support tools. They're a way for users to quickly and easily find whatever information they need about your Privacy Practices at any given time.

Put simply, Privacy Centers should be designed in such a way that users know where to find further information, and how to contact you for further support. They're a map of your Privacy and Data Protection Protocols, and they should be easy to read.

In some ways, you can look at a Privacy Center as a professional business tool. By looking through your Privacy Center, users should instantly feel like you take their personal information seriously, which makes them more likely to do business with you.

Above all, a Privacy Center is designed to be:

  • Easy to navigate
  • Visually appealing
  • Informative but easy to understand
  • Readable

We'll shortly take a look at how to design a Privacy Center in more detail, but first, it'll help to see what a Privacy Center looks like before going any further. Here are some examples of what good Privacy Centers look like at first glance.

EE's Privacy Center achieves two things: professionalism and clarity. From the Privacy Center homepage, you can easily jump to what you want more information about, be it Cookies or the Privacy Policy. Moreover, EE uses short, clear sentences with minimal jargon. Using clear language makes the Privacy Center accessible and user-friendly:

Screenshot of EE UK Privacy Center

Scroll further down the page and you'll find a rundown of the most frequently asked questions (FAQs) that EE customers have about EE's Privacy Practices. By clicking on the questions, customers can find the answers they're looking for, or they're shown where to go to find out more information:

EE UK Privacy Center: Your Questions Answered section

Tesco is another good example of a clear and user-friendly Privacy Center. The homepage is well-organized and designed to help users find the information they need as quickly as possible:

Screenshot of Tesco Privacy Center

The Privacy Center page also includes a direct link to Tesco's Cookie Policy and Privacy Policy so users don't need to go looking for these policies on their own:

Tesco Privacy Center: Privacy and Cookies Policy link

For even more ease of access, Tesco includes standard footer links to each of these policies as well as directly to the Privacy Center on every page of its website:

Tesco website footer with links

So, now we're a little clearer on what Privacy Centers look like and how they function, here is an overview of when you should seriously consider implementing one.

When Should You Have a Privacy Center?

When Should You Have a Privacy Center?

The most simple answer to the question of when you should have a Privacy Center is this - if you're a business that needs a Privacy Policy, then you should really organize all your Privacy Practices in one central location.

Privacy Centers are typically much easier to navigate than lengthy Privacy Policies because all the relevant information is broken down into clear subsections and subpages. Privacy Policies are often lengthy and detailed, and consumers don't always understand them fully.

Privacy Centers are designed to tackle this problem.

As a general rule, you need a Privacy Policy if you collect, handle, transfer, store, sell, or otherwise use consumer personal data. Personal data is anything that can be used to identify someone, be it their IP address, email address, name, or passport number.

If you fall into this category, let's take a closer look at why Privacy Centers are often better options than simply drafting a Privacy Policy on its own.

You Collect Sensitive User Data

Customers are often wary about giving sensitive information, such as medical or financial information, online. By creating a Privacy Center, you can quickly and clearly explain why you need this information, what happens to the data you collect, and how you properly safeguard this information. You'll also just appear more trustworthy and cautious.

Here's an example from Capital One Bank. The bank understands that protecting sensitive financial information is of the utmost importance to its customers. As such, it gears its Privacy Center towards explaining how it protects this data and how customers can take control of their financial information:

Screenshot of excerpt of Capital One Privacy Center

Note how Social Security numbers are given their own section here since they're such a sensitive piece of personal information and users will likely be very concerned about sharing this information without proper security assurances.

Sections are also prominent where users can view their rights, see what choices they have and manage their personal data.

You Collect High Volumes of Data

Depending on your business, you may collect various types of personal information and you may collect it for multiple purposes. You may also share it with multiple vendors and third parties.

Fully explaining these practices in a typical Privacy Policy is hard because the text ends up dense and difficult to read. A Privacy Center with various sections gets around this problem.

Here, for example, is how Facebook handles its high data collection volume. There's a Privacy Center homepage with multiple, clearly-defined sections explaining how users can control their Facebook experience and find out more information about specific aspects of data privacy:

Screenshot of Facebook's Manage Privacy and Account Security settings page

At the bottom of the page, there's a link to each of Facebook's legal policies for more detailed information on each topic, which is very useful:

Facebook Legal and Policies links list

When you click on one of these links, for example the Data Policy, you'll find a highly detailed but clear and concise page full of the information that Facebook users need to make decisions about their privacy:

Screenshot of Facebook Data Policy intro and menu

Since Facebook processes high volumes of data, it makes sense that it has such a comprehensive Privacy Center. Your business likely wouldn't need something quite as robust.

Now, let's look at how to design your own Privacy Center, and what the typical Privacy Center includes.

What to Include in a Privacy Center

What to Include in a Privacy Center

Although no two Privacy Centers look the same, they often have very similar features and components. As you'll see, the main aim is to make it easier for customers to take control, learn about your Privacy Practices, and adjust their privacy settings.

Privacy Policy

As we've mentioned, many companies break down their Privacy Policy into clear, concise sections through their Privacy Center.

When designing your Privacy Center, break down the key parts of your Privacy Policy into smaller subpages so customers can find out exactly what they need, when they need it, without feeling overwhelmed. Link to these pages somewhere central on your Privacy Center page.

Although you should break down your Privacy Policy in your Privacy Center, the Center is no substitute for giving customers access to your complete Privacy Policy. Always link to your full document somewhere within the Privacy Center so your users can get the full picture whenever they want to.

Cookies are small data files that are stored on someone's computer when they visit a website. They allow the website to remember the user and certain preferences, such as their password.

You can include your Cookie Policy as part of your Privacy Policy, however many companies have separate Cookie Policies so that customers don't have to wade through a long document.

Here's how EE (mentioned earlier) handles its Cookie Policy in its Privacy Policy.

EE links to its Cookie Policy from its Privacy Center homepage:

EE UK Privacy Center: All About Cookies section

From here, users go to a comprehensive yet very user-friendly page detailing EE's key Cookie Practices. EE begins by telling users why it collects cookies and links to its complete Cookie Policy:

EE UK Cookies Policy introduction page

This breakdown helps users navigate complicated sub-topics easier while still having full and easy access to the complete legal agreements.

Terms of Use

Some sites, such as Facebook, include links to their general Terms of Use in their Privacy Center. This is a great practice because it keeps all the company's relevant legal information in one place, making it easier for users to find what they need and stay informed.

Facebook includes a link to its Terms in a sidebar on its main Privacy page:

Facebook Data Policy: Resource links in sidebar

You'll notice that Facebook also uses bright colors and a clear layout to separate different sections from each other. This is very helpful for busy users who can see, at a glance, where to find relevant information. Always use clean, clear, engaging layouts in your Privacy Center.

Twitter also links directly to its Terms from its main Privacy Center. It sets out two main subsections - one where users can adjust their Twitter profile settings, and one where users can learn more about Twitter's various Privacy Practices. The Terms are part of these Practices:

Twitter Privacy Center: Rules and Policies links and Manage Settings

Top tip: Include links to full versions of all your Policies and legal agreements in your Privacy Center for ease of access.

FAQs

Customers often ask the same questions about Privacy Policies. To save them the trouble of contacting you or wading through lengthy Policies, leave answers to these questions in your Privacy Center. Include links to where users can find further information.

eBay, for example, sets out its common questions in a page helpfully located beside its main Privacy Notice in its Privacy Center:

eBay Privacy FAQ

The questions are clickable, meaning they quickly open without the hassle of leaving the main question page. This lets users easily browse as many questions as they need to without clicking back and forth between pages:

eBay Privacy FAQ: Disclose information section expanded

You'll note that the above question also includes a link to eBay's complete Privacy Notice, which consumers can view if required.

Support and Contact Information

No Privacy Center is complete without making it easy for customers to contact you for further information. Include clear links to your contact details, and where customers can get help and support if they need it.

Snap, for example, includes a link to both its full Privacy Policy and its support team at the end of its Privacy Center summaries:

Snap Privacy Center: Contact us section

And in Spotify's Privacy Center, there's a direct email link to the support team below the Cookie Policy and the Privacy Policy linked sections:

Spotify Privacy Center: Contact with questions section

Top tip: Make it easy for customers to exercise their right to contact you and discuss your Privacy Practices.

Conclusion

Although a Privacy Center isn't mandatory, you should seriously consider creating one for your website.

A Privacy Center helps your customers find direct answers to their questions in as little time as possible. It also clearly sets out the key points from your Privacy and Cookie Policies, which gives consumers trust in your organization and proves that you care about their personal data.

If you design a Privacy Center, always include:

  • Links to your complete legal agreements and policies, including your Privacy Policy - the Privacy Center isn't a substitute for a Privacy Policy!
  • FAQ section to summarize common questions
  • Your contact details

Choose a user-friendly layout and make proper use of subheadings, images, colors, and text boxes to enhance the consumer experience and present a professional front to your organization.

Remember, always keep things simple for your customers. Make it easy for them to change their settings and stay in control. Include multiple edit setting links such as the one above so customers are never far from an opportunity to adjust their settings.

You'll benefit from customers who have a clearer idea of how your company handles their data and a renewed confidence in your Privacy Practices, including how they can exercise their legal rights.

Last updated on 14 February 2020

Article categories

Jennifer L.

Legal writer.