Writing a privacy policy is an essential step for bloggers who collect emails, or allow commenting. Actually if bloggers allow visitors at all, a Privacy Policy is essential. It not only helps build trust but also ensures compliance with legal regulations. However, writing a privacy policy can be a tricky task, and many bloggers make common mistakes that can lead to legal issues and loss of trust with their readers. So we’ll explore the most common mistakes bloggers make and provide tips on how to avoid them.
Just to cover my butt – I am not a lawyer, and this is not legal advice.
Here are the five most common mistakes we see bloggers make with their privacy policy. Mistakes like these result in legal issues and loss of trust!
Related: The Complete Template for a Blogger’s Privacy Policy
Failing to Disclose All Data Collection
According to a survey by Pew Research Center, 79% of US adults are concerned about how companies are using their data, and 64% have experienced a major data breach.
Failing to add everything to the policy may not always be intentional. Sometimes the bloggers aren’t aware of all the data collection being done on their site, and sometimes the bloggers simply aren’t aware of the legal requirements.
For example, they may not realize that their social media sharing buttons are collecting data from their readers or that their analytics tool is collecting IP addresses.
In some cases, a blogger may intentionally omit disclosing certain data collection methods to avoid scaring off reasons. For example, they may not disclose that they are using cookies to track readers’ browsing behavior or that they are collecting email addresses for marketing purposes.
Although not usually a good enough excuse in court, I certainly understand how difficult these privacy laws are, and to make it more difficult they change on each country and every so often just for fun too. In some countries you have to get consent before collecting any non-essential data. In some countries you can get consent after the cookies are loaded, and in other countries, using the site implies consent!
Failing to disclose all data collection can erode reader trust and result in legal penalties.
Using unclear or overly complex language
A study by the Nielsen Norman Group found that web users only read 20-28% of the words on a page.
In the USA, legal documents are typically governed by the legal principle of “plain language,” which requires that legal documents be written in a way that is clear, concise, and easy to understand. The aim is to make legal documents accessible to the average reader and prevent misunderstandings.
While legal documents may contain technical terms (hello, Cookies), they should still be written in a way that a layperson can understand them. This is especially true for consumer-facing legal documents such as privacy policies and terms of service agreements, which are meant to inform users of their rights and obligations.
In addition to the principle of plain language, legal documents are also subject to state / province and federal laws. For example, the Federal Trade Commission (FTC) has issued guidelines on privacy policies, which require that they be “clear and conspicuous” and explain what data is being collected and how it is being used.
Using clear, conspicuous language can help readers understand your privacy policy and increase compliance.
Not Including Specific Policies
Bloggers often do not take privacy seriously. So here’s a little nudge in that direction:
The Federal Trade Commission (FTC) brought charges against a blogger and her company for deceiving consumers with false endorsements and failing to disclose paid endorsements. The blogger agreed to a settlement that included a $40,000 fine and a requirement to clearly disclose any material connections between endorsers and advertisers in future endorsements. (Reference: FTC press release, “Fashion and Lifestyle Blogger Settles FTC Charges She Deceived Consumers With Paid Endorsements,” March 2016)
A Canadian blogger was fined $100,000 by the Canadian Radio-television and Telecommunications Commission (CRTC) for sending unsolicited commercial electronic messages in violation of Canada’s anti-spam legislation (CASL). The blogger had sent more than 600,000 commercial emails without consent, and the CRTC determined that the blogger had “flagrantly” violated the law. (Reference: CRTC news release, “Toronto-based business pays $100,000 under Canada’s anti-spam law,” December 2017)
A website that published articles about children’s products was fined €50,000 by the French data protection authority (CNIL) for failing to obtain valid consent for the use of cookies and for failing to provide adequate information about data processing in its privacy policy. The CNIL also ordered the website to modify its cookie banner to obtain valid consent and to provide clear information to users about how their data is used. (Reference: CNIL press release, “Sanction of €50,000 against a company for failure to obtain valid consent to the use of cookies,” July 2019)
According to a survey by the International Association of Privacy Professionals, 79% of consumers say they are more likely to do business with companies that take data protection seriously.
Not including specific policies, such as data retention or deletion policies, can lead to mistrust and loss of business, not to mention fines!
Failing to Update the Policy
Laws and regulations related to data privacy change frequently. And if you make material changes to your website, you will need to update your policy. Some examples of material changes that would require an update to the privacy policy include:
- Adding or removing comments, plugins, (even if plugins don’t collect emails, they often use tracking)
- Changing the purposes for which data is collected or used, ie: you are adding retargeting ads to Facebook
- Changes to data retention practices, ie: when Google got rid of their ‘forever’ option
- Changes to data security practices, ie: cookie plugin
To stay informed quickly, of legal changes for the US & Canada, stay tuned to our Webmaster Weekly. Once updates are made, bloggers should notify their users of the changes and provide them with a copy of the updated privacy policy.
Not Providing a Way for Readers to Opt Out
According to the Pew Research Center survey mentioned above, 51% of US adults are not confident in their ability to manage their privacy online. Providing a clear way for readers to opt out of data collection can help build trust and compliance.
WordPress includes tools for exporting and erasing user data, which are required under some privacy regulations. You can easily export a user’s data upon request, and you can also erase a user’s data upon request. Both of these tools are under the Tools tab in your dashboard.
Our preferred service, Illow, offers a one-click control of cookies for your users as well.
Related
Conclusion
In conclusion, creating a privacy policy is an important step for anyone who collects user data on their website. However, it’s not enough to simply create a privacy policy and forget about it. As we’ve seen, there are several common, easy to make mistakes, including failing to disclose all data collection methods, using overly complex language, failing to update policies, and failing to include all necessary policies.
By avoiding these mistakes and staying informed about changes to privacy laws and regulations, you can create clear and up-to-date privacy policies that protect your readers’ data and comply with legal requirements. And also you might just prevent fines, legal action, and damage to your reputation.
Ultimately, a privacy policy is not only a legal requirement, but an important tool for building trust and demonstrating a commitment to protecting your users’ data. By taking the time to create a strong privacy policy and staying informed about best practices you can create a safer and more transparent online environment for everyone.
Sources:
- Pew Research Center. (2021). Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information. Retrieved from https://www.pewresearch.org/internet/2021/01/26/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/
- Nielsen Norman Group. (2018). How Little Do Users Read? Retrieved from https://www.nngroup.com/articles/how-little-do-users-read/
- International Association of Privacy Professionals. (2020). IAPP-EY Annual Privacy Governance Report. Retrieved from https://iapp.org/resources/article/iapp-ey-annual-privacy-governance-report-2020/
- Pew Research Center. (2019). Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information. Retrieved from https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/
Beginner Checklist
If you’re starting out, you’ll love our comprehensive 52 point checklist for your website! Read through once, and then work on items one at a time as it comes up!
Cathy Mitchell
Single Mom, Lifelong Learner, Jesus Follower, Founder and CEO at WPBarista.