Costs can vary greatly depending on the nature of your business, the demographics of users, and the laws governing the private information you collect.
- Add information about your business: your website and/or app.
- Select the country:
- Answer the questions from our wizard relating to what type of information you collect from your users.
Failure to fully and accurately disclose your policies and procedures for handling private user data could lead to steep fines and in some jurisdictions, criminal enforcement.
Some online sources promise free Privacy Policies but beware of this because some free resources cut corners and may not give you a fully compliant end result.
Why Such a Big Price Difference for Privacy Policies?
Unique Business Practices
Let's compare two popular and similar US businesses: Target and Walmart. Both are brick and mortar retailers with national websites serving a US audience.
However, their Privacy Policies are different.
Both Target and Walmart have clauses pertaining to California privacy laws, protection of children, and information sharing with third parties. They also include clauses for company contacts and consumer rights to control the information they collect and share. However, Walmart includes additional clauses for policy changes.
Regardless of the specific reasons for the differences in these two companies' approaches to their Privacy Policies, the basic reason is that no two businesses are the same.
Your Unique Customers
Not only is each business unique, but your site visitors are also unique.
If you have customers in California, your website must adhere to California privacy laws like CalOPPA and the CCPA. If you have website visitors who live in Europe, you are subject to EU privacy laws like the GDPR.
In this clause, eBay simply and succinctly communicates its policy to standardize its privacy procedures in compliance with the EU's directive on privacy, widely considered the strictest in the world.
The GDPR requires very specific procedures for handling private consumer information. It also requires specific methods for advising consumers of the data being collected about them, and how that data is handled.
EU privacy law also requires a separate Cookies Policy for websites using cookies to collect personal consumer data.
You will recall from the examples above that Target and Walmart do not post a Cookies Policy. This is because those websites does not serve EU residents.
The EU's GDPR includes a number of other requirements you'll need to become familiar with if it applies to you.
Additionally, if your website attracts visitors from California, you also need to comply with California's Online Privacy Protection Act (CalOPPA).
Both Target and Walmart provide separate links specifically addressing CalOPPA.
While Target abbreviates California to "CA," Walmart writes out the state's full name in its link. While this makes it more clear for users, it's not required and either way will be successful.
Like the EU's GDPR, CalOPPA is considered to be the most stringent set of privacy guidelines in the US.
The state of California enacted the CalOPPA to ensure that website owners would protect the personally identifiable information being collected from California residents.
Here is how Target discloses its policies pertaining to CalOPPA:
It's rather generic, but still meets the legal obligations.
Walmart's is slightly more specific:
Unique Third Parties
The combination of third-party technology partners you use are unique.
Nearly every website utilizes powerful third-party tools to attract, engage, convert and retain a growing list of loyal customers.
In order for those third parties to function, they collect visitor data from and through your site, and might even transfer that data to their own third parties to perform various functions. Google Analytics, AdWords, AdSense, social platforms, blog comment forums, email clients and payment processors are examples.
Mobile App or Not?
Do you have a mobile app?
Additional privacy laws apply to content your users might generate in a mobile app, as well as to your handling of in-app payments. If you have a mobile app, your legal obligations are broader than if you have a website alone.
The app platform(s) you use also will impose their unique rules for how you handle private customer data.
Apple's App Store Review Guidelines for app developers states:
"You agree that if You make Your Products available through Google Play, You will protect the privacy and legal rights of users. If the users provide You with, or Your Product accesses or uses, usernames, passwords, or other login information or personal information, You agree to make the users aware that the information will be available to Your Product, and You agree to provide legally adequate privacy notice and protection for those users. "