What Laws Regulate Online Privacy?
The US regulates children’s online data privacy through the Children’s Online Privacy Protection Act. Unlike Europe with its comprehensive data privacy law, the US does not have a national law. Instead, it is up to each state. Some, such as California, Nevada, Delaware, and Vermont enacted privacy laws, but they are considerably variable.
While they are not laws, don’t overlook platform requirements. Apple, Microsoft, Google, and others require app sellers to disclose your privacy practices before you are permitted to sell your app on their platforms.
Finally, there are special laws pertinent only to specific industries. The Health Insurance Portability and Accountability Act (HIPAA) regulates the privacy of some healthcare business websites and apps. The Gramm-Leach-Bailey Act applies to certain businesses in the financial industry.
While each policy depends upon how users interact with your website or app, there are some general terms all privacy policies should include.
• What personal information your company collects.
• How you collect the information.
• How you store personal information (your security practices).
• How you use the information (do you sell it, analyze user behavior, advertise, etc.?).
• How you share, distribute, or sell the personal information.
• How users can review the information you have collected about them.
• Whether and how users can opt-out of data collection.
• Whether and how users can delete the personal information you collected.
What is Personal Information?
Personal information typically collected by websites and apps include:
- Name, address, telephone number, e-mail address, date of birth, and social security number
- Biometric data (such as fingerprint, facial, and voice recognition)
- Internet Protocol (IP) address, device identification, and location data
- Mother’s maiden name
- Medical records
- Financial records
- Employment and education information
- Browsing habits
- and much, much more
How Do I Know If My Site Collects Personal Information?
In some instances, it is obvious. If you sell items or services, then you are collecting the user’s name, e-mail, telephone, and other related information.
If you use Google Analytics or similar services, you are collecting data (even though you might be unable to specifically identify a user, the analytics company can).
If you allow users to post content on your site (comments, images, videos, etc.), then you are collecting personal information.
When in doubt, your policy should simply state that your business “may” collect personal information. This allows you to increase or decrease data collection without having to amend your policy each time you do so.
Looking For Help?
Due to the variation between the laws, it is helpful to consult an attorney well-versed in online data privacy laws. The extent to which any data privacy law applies depends on how users interact with your website and app and the information you collect and share.
Luckily for you, Christine Kuntz with Concerto Law has drafted many privacy policies (and terms of service policies) for website owners and app sellers. Contact us today.