When Multiple Languages are Needed for a Privacy Policy
If you attract website visitors from all parts of the world, you need to consider providing multiple translations of your Privacy Policy to meet your legal obligations and limit your liability. Many privacy laws require you to clearly communicate your data handling procedures to your audience in a way they can understand.
This article discusses the important laws requiring a Privacy Policy for your website and the things you need to consider to lawfully serve a global audience.
Need a Privacy Policy? Our Privacy Policy Generator will help you create a custom policy that you can use on your website and mobile app. Just follow these few easy steps:
- Click on "Start creating your Privacy Policy" on our website.
- Select the platforms where your Privacy Policy will be used and go to the next step.
- Add information about your business: your website and/or app.
- Select the country:
- Answer the questions from our wizard relating to what type of information you collect from your users.
-
Enter your email address where you'd like your Privacy Policy sent and click "Generate".
And you're done! Now you can copy or link to your hosted Privacy Policy.
What is a Privacy Policy
A Privacy Policy is a legally required document that clearly and succinctly informs your website visitors about your policies and procedures for handling their personal data. It also stipulates that your procedures adhere to requirements of privacy laws.
Depending on where your website visitors live, your website may be subject to the privacy laws from multiple state, national or even international jurisdictions.
As is the case with all laws, ignorance is not an excuse. In the case of internet privacy laws, it's important to understand that where your business is located is not an indicator of which laws apply to you.
The laws in the jurisdictions where your website visitors live are the laws applicable to your website.
Knowing your legal responsibilities for handling private website visitor data is critical for protecting your business from legal liability.
What do Privacy Laws Cover
Privacy laws exist to educate and protect consumers in an increasingly internet-based economy. Data breaches, identity theft, computer hacks, concerns for the safety of children and other matters have inspired new and stronger privacy laws.
At the same time, consumers have lobbied for better protection of their private and personal information. Technology companies have responded with voluntary industry and individual standards for best privacy practices, as well as with smarter security settings on personal computers and mobile devices.
All of these laws and standards impact your website and your legal obligations.
Let's take a look at some of the specific laws that affect your Privacy Policy obligations.
The California Online Privacy Protection Act (CalOPPA) is a Privacy law from the state of California. While it's a state law, it applies globally. Regardless of where you're located, if you collect or use personal information from a resident of the state of California, you must comply.
The Attorney General of the State of California issued a special guide to educate website owners about their legal obligations under CalOPPA. The guide provides specific instructions for how to comply with the law, and offers best practices for doing so.
Topping the list of recommendations is "Readability:"
Other laws also mandate the use of clear, simple, straightforward and easy to understand language in your Privacy Policy.
The EU's General Data Protection Regulation (GDPR) went into effect in May of 2018. If your website attracts visitors from the EU, the law applies to you. Similarly to CalOPPA, this law applies to you regardless of where in the world you're located.
Also like CalOPPA, the GDPR requires that you write your Privacy Policy in clear and plain language that's easy to understand. This is discussed in the text of Recital 58.
In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) also includes mandates for how your Privacy Policy must be written.
The act includes 10 principles for protecting consumer privacy, including "consent" and "purpose." Both of these require website owners to clearly communicate to users in a way that is "reasonable to expect that individuals can understand."
The Privacy Commissioner of Canada released its Privacy Toolkit: A Guide for Businesses and Organizations to help businesses comply with PIPEDA.
From the section on consent:
From the section on purpose:
The official language in Quebec is French. French law protects French-speaking language rights by requiring the use of French in certain business situations. Certain exclusions exist, such as those in which all participating parties have agreed to another language.
Because PIPEDA requires privacy law and all other existing laws to be upheld, it is reasonable to assume that Privacy Policies must be written in French if any website visitors live in French-speaking Canada.
As you can see from the examples above, virtually all privacy laws require you to write your Privacy Policy in a way your typical website or app user can understand. Users also must be able to easily access the information they need or want to know.
This is a seemingly straightforward requirement. However, considering the legalese of the past, it's a challenging standard to meet.
Establishing a thorough understanding of your site's typical visitors is important in order to write a Privacy Policy that meets legal requirements:
- Are your website visitors highly educated?
- Are they blue collar workers, or white collar professionals?
- Does your website attract minors?
Whatever the educational background of your typical website visitors, you should write your Privacy Policy in a way that the least educated and least informed user can understand it.
Why You May Need Multiple Versions of Your Privacy Policy
Whatever your type of website, app or business, and whatever the demographic profile of your website visitors, it is a near certainty that you are attracting visitors from multiple countries who speak various languages.
With the burden on you to ensure all of your website visitors can understand your Privacy Policy, it is a good idea to produce your Privacy Policy in multiple languages in order to limit your legal liability.
With over 7,000 languages spoken in the world, how can it be possible to provide a Privacy Policy in every language?
It probably isn't possible.
For practical reasons, a common school of thought is to provide a translated copy of your Privacy Policy for each language your website is written in. This is a conservative and easily managed approach.
How to Create Multiple Versions of Your Privacy Policy
Human and computerized translation services exist that can translate your final Privacy Policy into multiple languages. Google, Bing and Babylon are popular online options, though still somewhat flawed in accuracy, particularly when used to translate more complex sentences.
Human translation services such as WorldLingo offer a safer alternative, a non-disclosure agreement and a transparent set of internal checks and balances to ensure quality:
Making Your Privacy Policy Easily Accessible
Once you translate your website and Privacy Policy into multiple languages, you'll need to comply with the GDPR, CalOPPA and other laws that require your Privacy Policy to be easily accessible.
If your website users have to look extensively to find your Privacy Policy in the languages they can understand, then you have probably failed in your efforts to comply with applicable laws.
The state of California Attorney General's recommendations for making your Privacy Policy "available" includes a recommendation to make your Privacy Policy accessible by a link. The recommendation includes an instruction to display the link in a contrasting color or with symbols to draw attention to it:
Making it equally clear that your website and Privacy Policy may be viewed in another language is just as important.
Some websites use a selection tool with country flags to indicate available languages:
However, because a country flag is not necessarily an indicator of language (take Canada, for example), newer strategies are providing user-friendlier solutions.
Tesla solves this problem by presenting flags plus a separate language selector for Canada:
Another option is the use of a language selection button. This example below from USA.gov shows a simple button plainly presented in the top banner for easy switching from English to Spanish.
In the case of presenting many languages, this might not be as effective. A good idea in that case would be a language selector drop-down tool like this one:
An even simpler and more straight-forward approach is to allow your website visitors to type their preferred language into a text field:
Facebook offers a language preference selection tool in its footer, which is another good option:
In order to begin to determine whether to translate your website and Privacy Policy into multiple languages, start with Google Analytics.
Google Analytics helps you track a host of helpful information about your website visitors, including their location and language preferences. Once you know where the majority of your users are located you can decide which versions of your Privacy Policy you should make available.
If you aren't already using Google Analytics, here is a handy guide for getting started.
One of the primary goals of nearly every privacy law around the world is to improve consumer understanding of their privacy rights. Specifically, websites need to post an easy to find and easy to understand Privacy Policy.
If you attract visitors of multiple languages or from multiple countries, you should give very special consideration to offering your Privacy Policy in multiple languages. Doing this will help you limit your liability and meet legal requirements.