Privacy Policy Requirements for a Blog

Last updated on 19 September 2019
Privacy Policy Requirements for a Blog

If you own or operate a blog, it is critical that you post a Privacy Policy on your site that meets the regulations of every jurisdiction where your blog readers reside. This protects your readers from any potential privacy breaches and protects you from legal liability.

Blogs have become a popular and powerful way to create an online following from anywhere in the world. Wikipedia reports there are more than 152 million active blogs, with a new blog launching every half second. That's 172,800 new blogs every day.

While a blog might not seem like a place where personal information is being collected, the fact is that almost every online site does collect personal information either directly or indirectly. Not only does the browser your blog readers use collect information from your audience, but so does your blog.

At minimum, your blog likely collects the following types of personal information:

  • First and last name
  • Email address
  • Social media profiles and information
  • Reader comments
  • Reader actions (browse time, links followed, ads viewed, etc.)

All personal information collected online is subject to global privacy regulations.

This article addresses the privacy concerns and requirements for blog sites. It serves as a guide to understanding the complex laws governing consumer privacy rights globally and provides ideas for creating your own sound Privacy Policy for your blog.

When and Why Blogs Collect Personal Information

Blogs, like other websites, deploy multiple technologies to attract, engage, convert and serve their audiences. Some blogs are monetized with ecommerce features, and many blogs present readers with display ads.

The list of potential ways a blog directly and indirectly collects personal information is long. Let's take a look at some of the most common ways your blog might be collecting personal information from your readers.

List Sign-up

Main Street ROI email newsletter signup form

Small business SEO consultant Main Street ROI uses multiple tools to grow its email list, encourage referrals and convert blog readers to paying customers. This simple email list sign-up tool pictured above appears at the end of every blog post. It includes one personally identifiable data point -- the reader's email address.

This single information capturing tool is enough to require a Privacy Policy on the site. However, like most blogs, this tool is one of only many tools deployed on the site to grow the audience.

Screenshot of the homepage of the Main Street ROI blog

Communications and Contact

The right sidebar on every page of the Main Street ROI site, including blog pages, encourages readers to schedule a call. The call is free, but several data points are required to get it:

  • First Name
  • Last Name
  • Email
  • Phone
  • Website

Main Street ROI's information request form for scheduling a consult

Not only is all of this information legally protected personal information, but by providing the website address, the reader is essentially inviting Main Street ROI to collect even more information than contact data.

Content Upgrades

Another engagement tool in the blog's right sidebar is an increasingly common tool called a content upgrade.

Content upgrades offer information considered more valuable than the blog itself or other enticements offered on the site. If a site visitor isn't enticed to join the email list or schedule a call, an exciting content upgrade might be the best next option to convert the reader to a blog follower.

Main Street ROI's Marketing Survival Guide as content upgrade feature

In order to get the content upgrade - in this case, The Internet Marketing Survival Guide - the reader needs to enter a valid email address.

Main Street ROI's email submit form for its Marketing Survival Guide

Chat Tools

Another tool Main Street ROI and other blog sites use to provide value to readers in exchange for personal information is a chat tool.

Leave a message icon for the Main Street ROI chat tool

In order to use the tool, the reader must enter personal information. In this case, the required information is an email address. However, the reader also may enter information into a text box, which likely could include personal information, such as other contact information, their website URL or even payment information.

Main Street ROI contact us form

Social Sharing

Another popular blog engagement tool is a social sharing tool. When a reader clicks to share a blog post, the blog receives additional personal information about the reader through integration with the chosen social platform.

Here is the sharing tool Main Street ROI uses:

Main Street ROI social platform sharing tool

Commenting

Many blogs also invite reader comments, which serves two purposes: increasing blog SEO and increasing engagement. In the process, the blog enjoys another opportunity to directly collect personal information.

Island Jane requires anyone who wishes to leave a comment to provide a name and email address, both of which are personally trackable. Additionally, the reader has the option to provide her website and leave a comment, which also may include personally identifiable information.

Island Jane comment posting form

Ecommerce

In addition, the Island Jane blog includes an integrated ecommerce store in which direct and indirect personal information is collected. In order to process an order, the reader must provide a name, shipping address, email address and phone number.

The store also utilizes third party vendors to process payments. In this way, Island Jane is collecting information to share with those third parties.

Island Jane ecommerce shipping address form

Cookies

In reading Main Street ROI's Privacy Policy, we learn they are indirectly collecting personal data from their readers through Google cookies.

Main Street ROI Privacy Policy: Cookies clause

Third Party Services

In addition to indirectly collecting information through cookies, the site discloses they also may share information with third parties who they choose to help operate the site, conduct business and manage services:

Main Street ROI Privacy Policy: third party information sharing clause

If your blog utilizes even one of the described reader engagement tools, as it very likely does, then you are collecting personally identifiable information and you must create a unique Privacy Policy for your site.

What is a Blog Privacy Policy?

A unique Privacy Policy written specifically for your blog is necessary to comply with state, federal and global laws protecting consumer privacy rights in every jurisdiction where your readers reside. As the web helps your blog reach more and more people from all corners of the earth, your legal liability increases. Ensuring your Privacy Policy meets all possible legal regulations is critical to your success.

Your Privacy Policy should be written so that it comprehensively identifies all current and possible ways your blog might be collecting personally identifiable information from your readers. This includes information you collect directly, such as through sign-up or through an ecommerce store, or indirectly through third parties such as payments processors, online advertisers, social platforms and analytics tools.

Additionally, your Privacy Policy should be written in a way that your typical blog reader can clearly understand.

It also should acknowledge your respect for, and adherence to, all applicable laws.

If your blog attracts minors, you assume additional privacy obligations that must be addressed in your procedures and in your Privacy Policy.

How to Create Your Privacy Policy

PrivacyPolicies.com: Privacy Policy Generator - How to Create your Privacy Policy

Need a Privacy Policy? Our Privacy Policy Generator will help you create a custom policy that you can use on your website and mobile app. Just follow these few easy steps:

  1. Click on "Start creating your Privacy Policy."
  2. Select the platform/s where your Privacy Policy will be used.
  3. PrivacyPolicies.com: Privacy Policy Generator - Create your Privacy Policy - Step 1

  4. Answer the questions related to your entity type and location.
  5. PrivacyPolicies.com: Privacy Policy Generator - Answer questions - Step 2

  6. Answer the questions relating to what type of information you collect from your users.
  7. PrivacyPolicies.com: Privacy Policy Generator - Answer questions about type of information you collect - Step 3

  8. Select all the ways you wish to allow your users to contact you with questions regarding your Privacy Policy.
  9. PrivacyPolicies.com: Privacy Policy Generator - Select ways you wish to allow your users to contact you - Step 4

  10. Select what kind of Privacy Policy you want to create.
  11. PrivacyPolicies.com: Privacy Policy Generator - What kind of Privacy Policy you want - Step 5

  12. Enter your email address where you'd like your Privacy Policy sent and click Create Privacy Policy.
  13. PrivacyPolicies.com: Privacy Policy Generator - Enter your email address - Step 6

  14. Now you can copy or link to your hosted Privacy Policy.
  15. PrivacyPolicies.com: Privacy Policy Generator - Copy or link to your hosted Privacy Policy - Step 7

Privacy Laws Affecting Your Blog

Privacy laws are written to protect the residents in the jurisdiction where the law applies. If there is any chance that your blog might attract a reader from jurisdictions where privacy laws exist, then you are required to comply with those laws.

Let's take a look at some privacy laws that are likely to affect your blog.

CalOPPA Privacy Policy Regulations

CalOPPA: California Online Privacy Protection Act

The state of California enacted the nation's most stringent set of privacy regulations in 2003 and strengthened the rules further in 2014. The California Online Privacy Protection Act, also known as CalOPPA, was the first state law requiring websites, including blogs, to post a Privacy Policy.

CalOPPA also includes specific rules for website and blog privacy procedures, and rules mandating how to present those procedures in the Privacy Policy.

General Data Protection Regulation of the EU

Flag of EU

Beginning in May of 2018, an even broader set of online privacy regulations will go into effect in the EU. The General Data Protection Regulation (GDPR) creates strict regulations mandating how websites and blogs must protect personal data collected from EU residents.

As is the case with CalOPPA and virtually every other legal privacy requirement, GDPR applies to blogs attracting visitors who live in the jurisdiction, whether or not the blog itself is located in the EU.

An interesting component of the GDPR is a requirement for blogs to obtain informed consent from readers before collecting personal information from them. In other words, previous privacy protection standards which put the burden of knowing privacy rights onto the reader are now clearly placed on the blog owner.

Article 5(3) of GDPR requires website owners, which includes blogs, to properly inform readers of the actual and potential information that may be collected through the site, both directly and indirectly, and give the reader options for preventing or limiting the information they provide:

Article 5(3) of the GDPR

Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)

Flag of CA

In 2000, Canada introduced the Personal Information Protection Electronic Documents Act, also called PIPEDA, or PIPED. The law was created to address privacy concerns relating to the commercial collection and management of personally identifiable information of Canadian citizens.

The act defines commercial activity as:

"Any transaction, act, or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists."

If your blog attracts readers from Canada, then your Privacy Policy must also include provisions that meet the PIPEDA requirements.

Third Party Privacy Policy Requirements for Blogs

In addition to government laws and regulations, third party blog services often have Privacy Policy requirements for those using their services. This is because the third party has its own legal obligations when it comes to protecting consumer information.

Google Analytics

It is very likely your blog is interacting with one or more Google platforms such as Google Analytics.

If so, your Privacy Policy must meet Google's data handling requirements as well as local, state, federal and global requirements.

This is because, as spelled out clearly at the top of its Policy Requirement, Google uses technology tools such as cookies to collect information about your blog's readers and their browsing patterns:

Google's Policy Requirement for Analytics mentioning data collection

Google's policy then clearly states that in doing this, your site must post a Privacy Policy fully disclosing all such instances of data collection and sharing between your blog site and the Google platform:

Google's Policy Requirement for Analytics mentioning a privacy policy and notification requirement

Since it's highly likely your blog does or might attract readers from the EU, your Privacy Policy also must include special provisions to meet GDPR requirements:

Google Policy Requirement for Analytics: European Union user consent policy clause

Your Blog Platform

Blog platforms such as WordPress, Reddit and others include built-in features to help you grow your blog traffic. To do this, they automatically collect information about your readers such as browsing patterns and IP addresses, which locate your readers' device.

User comments, which are an effective and popular way to increase blog SEO, also collect protected data such as reader name, email address, social platforms and in many cases, a photograph.

In the example below, the comment submitted by a WordPress blog reader includes his IP address:

Wordpress dashboard showing user's personal information collected when commenting

The public view of most blogs displays the reader's photograph with comments. See this example from a reader comment at Island Jane, where we see publicly the reader's first and last name, as well as his photograph:

Island Jane blog comment example

The WordPress Privacy Policy spells out the personally identifiable information it collects from blogs using the platform:

wordpress-privacy-policy-gathering-personal-identifying-information-clause

Reddit's Privacy Policy distinguishes between information the platform collects automatically such as usage data and location information, and information the platform collects from other sources, such as device IDs.

Reddit Privacy Policy: Information We Collect Automatically clause

It does this in two separate clauses.

Reddit Privacy Policy: Information We Collect clause

All of that information is protected by various privacy laws and must be disclosed in your privacy policy.

How Social Platforms Affect Your Blog's Privacy Policy

An increasingly popular method for gaining blog followers is the use of social sign-up buttons. These allow your readers to quickly sign up for your blog through a platform in which they are already logged in.

Facebook and Twitter are examples.

Storify Sign up Screen with I Agree to Terms of Service clickwrap

By providing quick social sign-up, you get the benefit of not only a new reader, but also access to data from the reader's social site used for sign-up.

Klout sign-in with Facebook: Information Klout receives

In doing this, however, you also accept the privacy laws governing that exchange of data, as well as each platform's requirements to ensure you comply with not only applicable laws, but also their unique Privacy Policies.

Online public forums such as Disqus offer opportunities for your blog to gain a global following. You'll also increase your privacy protection obligations. If you choose to integrate with the Disqus platform, you must comply with their terms, which includes a requirement to comply with all privacy laws:

Disqus Terms of Service: Publisher Responsibility and Content Guidelines clause

With ever-increasing enthusiasm to connect a worldwide audience with great content and exciting new technologies to make that happen, privacy risks and legal obligations also increase. Creating a unique, bulletproof Privacy Policy for your blog is an absolute must to protect your readers and your blog.

Article categories