Where to Add Privacy Policies on Websites/Apps
- 1. Why are Privacy Policies Required?
- 3.1. Website Footers
- 3.2. Within Terms and Conditions or Other Agreements
- 3.3. Within a Cookie Consent Notice
- 3.4. At Account Sign-up
- 3.5. At Email Communications Sign-up
- 3.6. At Contact Us Form
- 3.7. At Checkout
- 3.8. Within App Store Listings
- 3.9. In-App Menus
- 5. Summary
Why are Privacy Policies Required?
- European Union (EU) - The General Data Protection Regulation (GDPR) covers the protection of personal data in the EU
- Canada - The Personal Information Protection and Electronic Documents Act (PIPEDA) outlines the rights of Canadian citizens
- Australia - the Privacy Act of 1988 protects the personal data of Australian citizens
While the definition of personal data varies, it generally includes personal identifiers like names, email addresses and phone numbers, but also biometric data and even things like religion and political affiliation.
Businesses have some leeway in regard to where and how they display Privacy Policies.
That said, far-reaching privacy laws like CalOPPA and the GDPR lay out a number of specific requirements.
- Be placed in a clear and conspicuous location
- Be displayed in such a way that a "reasonable person" is able to find it
Here are the most common placement locations.
Heavy-duty truck manufacturer Kenworth places its Privacy Statement under the Privacy heading at the bottom of its website:
Kenworth's placement meets the clear and conspicuous standard because the link to its Privacy Statement is prominently displayed with ample space between it and the other headings around it.
The Starbucks Privacy Notice has its own heading at the bottom of its website.
Within Terms and Conditions or Other Agreements
In addition to website footers, businesses often display Privacy Policies within their Terms and Conditions agreements or under more general headings like Legal.
Within a Cookie Consent Notice
At Account Sign-up
Here's how Amazon links to its Privacy Notice for brand new users:
At Email Communications Sign-up
Coupon provider Groupon also provides a link to its privacy statement within its signup form:
At Contact Us Form
This method works for all types of purchases, as the one above is for a paid subscription service. It can also work equally as well for the purchase of a product to be shipped to your home.
Within App Store Listings
For example, Apple's App Store Review Guidelines emphasize that iOS app providers must take care when handling personal data.
The guidelines state:
- Apps that collect user or usage data must secure consent for the collection
Google's Developer Distribution Agreement advises that user data must be handled with care and requires that developers:
- Protect the privacy and legal rights of users
- Make users aware that personal information will be available to your app
- Provide a legally adequate privacy notice and protection for users
Privacy Policies can be particularly difficult to find in mobile apps because phones have such small screens.
Next, they'll need to tap on the Info menu option:
Not only can this lack of display get you in legal trouble, but it can make your potential customers or users doubt your trustworthiness and level of transparency.
The clickwrap method requires that users actively click something to show they agree to something, such as by checking a box next to an "I Agree" statement.
Here's an example of this from online auction house Invaluable:
Display it whenever and wherever you're collecting personal information from people, and in places where they would intuitively expect to see the link, such as within other legal agreements.
- In website footers
- Within Terms and Conditions or other agreements
- Within a Cookie Consent notice
- At account sign-up
- At email communications sign-up
- Within a contact form
- At checkout for ecommerce platforms
- Within app store listings
- Within in-app menus