7 Reasons Why You Need a Privacy Policy

If you collect any amount of personal information from your customers, whether it's their name, email address, or even IP address, your business should have a Privacy Policy.

Below, we consider how Privacy Policies work and seven key reasons why you should (and even must) have one on your website.

What is a Privacy Policy?

A Privacy Policy is a legal document that tells your website visitors if you collect their personal information and how it's used. "Personal information" means broadly the same thing, no matter which privacy laws apply. It's any data you can use to identify a specific person.

It should be easy for visitors to find your Privacy Policy before they share any personal information with you, for example by making a purchase or sign up for an account. As such, you normally find links to Privacy Policies in prominent places.

WebMD, for example, links to its Privacy Policy from its website footer:

And you can read Atlassian's Privacy Policy before signing up for an account:

If you're unfamiliar with how to draft a Privacy Policy, you can check out our Privacy Policy generator or our Privacy Policy template.

Reasons Why You Need a Privacy Policy

Chances are, you collect some personal data from your visitors, even if it's just an email address from newsletter subscribers. So, most if not all businesses will benefit from some form of Privacy Policy that tells people why you need this data and how it's processed.

Here are seven specific reasons why your business should have a Privacy Policy.

1. You'll Comply With Legal Obligations

From the EU's General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA/(CPRA)), there are multiple privacy laws around the world and they all have one thing in common: They give individuals more control over their personal data and how it's used.

What's more, these laws typically require businesses to:

• Tell people what data they collect and how they process this information, and
• Get a person's clear and informed consent before processing data in a certain way

The only way a person can offer this consent is if they have a chance to read your privacy terms i.e. a Privacy Policy.

Unless you truly collect no personal data, it's likely you will need a Privacy Policy to comply with at least one data privacy law. Here's a little more information on which laws might apply.

• General Data Protection Regulation (GDPR): Businesses must only collect the minimum amount of personal data necessary to complete an action e.g. a contract of sale. They must tell users what information they process and give people clear opportunities to opt-out of data processing.
• Personal Information Protection and Electronic Documents Act (PIPEDA): Businesses are expected to produce a document setting out their personal data management practices. The Office of the Privacy Commissioner of Canada (OPC) specifically recommends creating a Privacy Policy for this purpose.
• California Consumer Privacy Act (CCPA): Gives Californians the right to know what information is collected about them so they may object to businesses collecting or selling certain types of data. It was amended and expanded by the CPRA.

There are, of course, various other privacy laws which may require you to produce a written document setting out your data processing practices. If you're unsure which laws apply, it's best to seek legal advice.

2. Your Customers Will Stay Informed

People care about their privacy. They expect businesses to honor their concerns and take reasonable steps to protect their personal data. A Privacy Policy helps you meet these expectations and reassure customers that you take their privacy seriously. It allows you to set out:

• What personal information is and why you need it
• The different rights people have over their personal information
• How you can help them exercise those rights

The tone of your Privacy Policy depends on your audience; however, you can often make them very friendly and accessible.

Etsy, for example, uses very personable language to explain what their Privacy Policy means and how privacy fits into their brand ethos:

And Gymshark emphasizes its commitment to helping people exercise their privacy rights:

In short, you can use your Privacy Policy to build long-term relationships with your customers.

• Start by explaining what the document is (a Privacy Policy) and why it's important.
• Remind people that they're in control of the data they share with you and they can update their preferences at any time.
• Make your business accessible. Highlight your commitment to protecting privacy rights by explaining how people can contact you to exercise these rights.

3. Privacy Disputes Will More Easily Be Resolved

Privacy Policies help you avoid disputes in two key ways.

First, Privacy Policies reduce the risk of a customer suing you for failing to explain your privacy processes. Remember, by law, you are required to inform customers how you process their information, why you collect it, and how it's used. As we know, one of the main ways to communicate this information clearly and transparently is by writing a Privacy Policy.

If you fail to provide a Privacy Policy, or if it's not legally compliant, then you could face legal challenges from your customers or app users.

Secondly, Privacy Policies are, fundamentally, written agreements between your business and the other party. If there's ever a dispute e.g. someone claims you processed their data in a wrongful way, you can point to specific provisions within the Policy to settle the matter.

Tim Hortons, for example, shares customer data with certain third parties. Using language like "including" and "other parties when required" gives the company discretion to share data with third parties who are not listed in the Privacy Policy and reduces the chances of a dispute arising with their customers:

While you can't avoid every dispute, it's crucial to strike a balance between being too specific and too vague when drafting your Privacy Policy to minimize the risk of disputes arising.

4. You'll Comply With Third-Party App Requirements

Many popular third-party service providers, like Google, Apple, and Facebook, require developers and commercial users to have a Privacy Policy.

Here's an example from the Apple's App Store Review Guidelines. Every developer must include a clear and accessible link to their Privacy Policy:

This requirement is also set out in Apple's article about protecting user privacy:

And here's an example from Facebook's Platform Terms for Developers. If you're processing personal data through the platform, then you must provide a Privacy Policy that complies with applicable privacy laws. In the interest of transparency, you must also provide links for users to view this Privacy Policy:

If you don't have a Privacy Policy, you're violating the Service Agreement you have with whatever third-party service you're using, which could mean you lose access to the platform and all its features.

• You should check if any third-party service provider requires a Privacy Policy before signing up.
• It's your responsibility to ensure you comply with any Terms of Service. If in doubt, always get legal advice.

5. Your Marketing Efforts Will be Improved

Similarly, some companies, like ad sellers, won't run ads on your website if you don't have a Privacy Policy.

What's more, if you want to pay for ad space elsewhere, you might be rejected without a Privacy Policy since this could give the impression that you're inexperienced or you don't understand your compliance obligations, which could deter other businesses from working with you.

In other words, if you want to run paid ads or use ads as part of a wider marketing strategy, chances are you'll need a Privacy Policy, even if it's just to confirm you don't process any personal data.

6. You'll Help Boost Your SEO Score

Your Search Engine Optimization (SEO) score determines how high you rank on Google searches. There are many factors at play, such as domain authority, keyword usage, and so on; however, if you're trying to boost your search page rankings, a Privacy Policy could also help.

It all comes down to your company's "trust" rating. The more trustworthy your website, the more likely it is to rank well on Google. Adding a Privacy Policy can improve the "trust" signals your website gives out so it can indirectly help boost your SEO score.

Here's a point to bear in mind, though: Google treats your Privacy Policy page the same as any other page on your website. So, although it's unlikely to outrank your core content, you might consider using nofollow tags to tell Google to ignore certain links and sections within the page.

Check our guide to nofollow tags for more information.

7. Your Business Risks Will be Reduced

This last point is extremely important: Privacy laws are constantly evolving. Even if you think you don't need a Privacy Policy at the moment, there's always the chance you'll need one down the line.

If you spend some time creating a Privacy Policy right now, you won't accidentally put your business at risk by falling short of your compliance obligations in the future.

What's more, once you have a Privacy Policy template in place, it's easy enough to add, amend, or delete clauses depending on your business needs and compliance requirements.

Remember, if you don't have a Privacy Policy in place when you need one, or your notice isn't legally compliant, you face financial penalties and reputation damage. Don't put your business at risk. Create a Privacy Policy now.

What Should a Privacy Policy Include?

Every Privacy Policy should be informative but easy to understand. At a minimum, your Privacy Policy should include clauses explaining the following:

• What rights users have over personal data (and what "personal data" means)
• Whether you collect personal data (if you don't, then you should confirm this)
• What type of data you collect e.g. names, addresses, financial information
• Why you need this information e.g. to perform a contract
• Who you share the data with e.g. third party providers
• What technologies you use to collect the data e.g. cookies
• How people can access their privacy rights
• How they contact you to exercise these rights or to ask further questions (e.g. provide a company email address)

Always consider your audience when you're drafting a Privacy Policy. For example, a Privacy Policy aimed at a technical audience may be more complex than a retail store Privacy Notice.

Monday.com's Privacy Policy, for example, uses fairly sophisticated language:

In contrast, Etsy's Privacy Policy provides more details to help the target audience understand what's meant by personal data and how it is collected:

Summary

A Privacy Policy is a legal document used to explain your company's privacy practices in a simple, easily accessible format. There are seven key reasons why your business needs a Privacy Policy:

• Laws such as the GDPR and PIPEDA require you to provide a Privacy Policy to your customers.
• Privacy Policies tell your customers what rights they have and how to exercise these rights.
• A Privacy Policy gives customers confidence in your commitment to keeping their data safe.
• Since a Privacy Policy is a legal document, you can point to provisions in the document to help resolve legal disputes quickly and cost-effectively.
• You may need a Privacy Policy to comply with third party requirements.
• A Privacy Policy can, in some ways, help boost your marketing efforts.
• Your SEO score may improve if your website has a Privacy Policy. This is a great bonus if you're trying to boost your search engine rankings.
• As privacy laws evolve, it's easier to have a Privacy Policy in place which you can change as required than trying to draft one from scratch down the line.

And remember, even if you don't process any personal data from your customers, it's worth including a short Privacy Notice confirming this. You can always amend the Privacy Notice in the future if you start processing personal information.