Depending on where your website visitors live, your website may be subject to the privacy laws from multiple state, national or even international jurisdictions.
As is the case with all laws, ignorance is not an excuse. In the case of internet privacy laws, it's important to understand that where your business is located is not an indicator of which laws apply to you.
The laws in the jurisdictions where your website visitors live are the laws applicable to your website.
Knowing your legal responsibilities for handling private website visitor data is critical for protecting your business from legal liability.
What do Privacy Laws Cover
Privacy laws exist to educate and protect consumers in an increasingly internet-based economy. Data breaches, identity theft, computer hacks, concerns for the safety of children and other matters have inspired new and stronger privacy laws.
At the same time, consumers have lobbied for better protection of their private and personal information. Technology companies have responded with voluntary industry and individual standards for best privacy practices, as well as with smarter security settings on personal computers and mobile devices.
All of these laws and standards impact your website and your legal obligations.
The California Online Privacy Protection Act (CalOPPA) is a Privacy law from the state of California. While it's a state law, it applies globally. Regardless of where you're located, if you collect or use personal information from a resident of the state of California, you must comply.
The Attorney General of the State of California issued a special guide to educate website owners about their legal obligations under CalOPPA. The guide provides specific instructions for how to comply with the law, and offers best practices for doing so.
Topping the list of recommendations is "Readability:"
The EU's General Data Protection Regulation (GDPR) went into effect in May of 2018. If your website attracts visitors from the EU, the law applies to you. Similarly to CalOPPA, this law applies to you regardless of where in the world you're located.
The act includes 10 principles for protecting consumer privacy, including "consent" and "purpose." Both of these require website owners to clearly communicate to users in a way that is "reasonable to expect that individuals can understand."
The Privacy Commissioner of Canada released its Privacy Toolkit: A Guide for Businesses and Organizations to help businesses comply with PIPEDA.
From the section on consent:
From the section on purpose:
The official language in Quebec is French. French law protects French-speaking language rights by requiring the use of French in certain business situations. Certain exclusions exist, such as those in which all participating parties have agreed to another language.
Because PIPEDA requires privacy law and all other existing laws to be upheld, it is reasonable to assume that Privacy Policies must be written in French if any website visitors live in French-speaking Canada.
This is a seemingly straightforward requirement. However, considering the legalese of the past, it's a challenging standard to meet.
- Are your website visitors highly educated?
- Are they blue collar workers, or white collar professionals?
- Does your website attract minors?
Whatever your type of website, app or business, and whatever the demographic profile of your website visitors, it is a near certainty that you are attracting visitors from multiple countries who speak various languages.
It probably isn't possible.
Human translation services such as WorldLingo offer a safer alternative, a non-disclosure agreement and a transparent set of internal checks and balances to ensure quality:
Some websites use a selection tool with country flags to indicate available languages:
However, because a country flag is not necessarily an indicator of language (take Canada, for example), newer strategies are providing user-friendlier solutions.
Tesla solves this problem by presenting flags plus a separate language selector for Canada:
Another option is the use of a language selection button. This example below from USA.gov shows a simple button plainly presented in the top banner for easy switching from English to Spanish.
In the case of presenting many languages, this might not be as effective. A good idea in that case would be a language selector drop-down tool like this one:
An even simpler and more straight-forward approach is to allow your website visitors to type their preferred language into a text field:
Facebook offers a language preference selection tool in its footer, which is another good option:
If you aren't already using Google Analytics, here is a handy guide for getting started.