Just to cover my butt – I am not a lawyer, and this is not legal advice.
Failing to Disclose All Data Collection
According to a survey by Pew Research Center, 79% of US adults are concerned about how companies are using their data, and 64% have experienced a major data breach.
Failing to add everything to the policy may not always be intentional. Sometimes the bloggers aren’t aware of all the data collection being done on their site, and sometimes the bloggers simply aren’t aware of the legal requirements.
For example, they may not realize that their social media sharing buttons are collecting data from their readers or that their analytics tool is collecting IP addresses.
In some cases, a blogger may intentionally omit disclosing certain data collection methods to avoid scaring off reasons. For example, they may not disclose that they are using cookies to track readers’ browsing behavior or that they are collecting email addresses for marketing purposes.
Although not usually a good enough excuse in court, I certainly understand how difficult these privacy laws are, and to make it more difficult they change on each country and every so often just for fun too. In some countries you have to get consent before collecting any non-essential data. In some countries you can get consent after the cookies are loaded, and in other countries, using the site implies consent!
Failing to disclose all data collection can erode reader trust and result in legal penalties.
Using unclear or overly complex language
A study by the Nielsen Norman Group found that web users only read 20-28% of the words on a page.
In the USA, legal documents are typically governed by the legal principle of “plain language,” which requires that legal documents be written in a way that is clear, concise, and easy to understand. The aim is to make legal documents accessible to the average reader and prevent misunderstandings.
While legal documents may contain technical terms (hello, Cookies), they should still be written in a way that a layperson can understand them. This is especially true for consumer-facing legal documents such as privacy policies and terms of service agreements, which are meant to inform users of their rights and obligations.
In addition to the principle of plain language, legal documents are also subject to state / province and federal laws. For example, the Federal Trade Commission (FTC) has issued guidelines on privacy policies, which require that they be “clear and conspicuous” and explain what data is being collected and how it is being used.
Not Including Specific Policies
Bloggers often do not take privacy seriously. So here’s a little nudge in that direction:
The Federal Trade Commission (FTC) brought charges against a blogger and her company for deceiving consumers with false endorsements and failing to disclose paid endorsements. The blogger agreed to a settlement that included a $40,000 fine and a requirement to clearly disclose any material connections between endorsers and advertisers in future endorsements. (Reference: FTC press release, “Fashion and Lifestyle Blogger Settles FTC Charges She Deceived Consumers With Paid Endorsements,” March 2016)
A Canadian blogger was fined $100,000 by the Canadian Radio-television and Telecommunications Commission (CRTC) for sending unsolicited commercial electronic messages in violation of Canada’s anti-spam legislation (CASL). The blogger had sent more than 600,000 commercial emails without consent, and the CRTC determined that the blogger had “flagrantly” violated the law. (Reference: CRTC news release, “Toronto-based business pays $100,000 under Canada’s anti-spam law,” December 2017)
According to a survey by the International Association of Privacy Professionals, 79% of consumers say they are more likely to do business with companies that take data protection seriously.
Not including specific policies, such as data retention or deletion policies, can lead to mistrust and loss of business, not to mention fines!
Failing to Update the Policy
- Adding or removing comments, plugins, (even if plugins don’t collect emails, they often use tracking)
- Changing the purposes for which data is collected or used, ie: you are adding retargeting ads to Facebook
- Changes to data retention practices, ie: when Google got rid of their ‘forever’ option
- Changes to data security practices, ie: cookie plugin
Not Providing a Way for Readers to Opt Out
According to the Pew Research Center survey mentioned above, 51% of US adults are not confident in their ability to manage their privacy online. Providing a clear way for readers to opt out of data collection can help build trust and compliance.
WordPress includes tools for exporting and erasing user data, which are required under some privacy regulations. You can easily export a user’s data upon request, and you can also erase a user’s data upon request. Both of these tools are under the Tools tab in your dashboard.
Our preferred service, Illow, offers a one-click control of cookies for your users as well.
By avoiding these mistakes and staying informed about changes to privacy laws and regulations, you can create clear and up-to-date privacy policies that protect your readers’ data and comply with legal requirements. And also you might just prevent fines, legal action, and damage to your reputation.
- Pew Research Center. (2021). Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information. Retrieved from https://www.pewresearch.org/internet/2021/01/26/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/
- Nielsen Norman Group. (2018). How Little Do Users Read? Retrieved from https://www.nngroup.com/articles/how-little-do-users-read/
- International Association of Privacy Professionals. (2020). IAPP-EY Annual Privacy Governance Report. Retrieved from https://iapp.org/resources/article/iapp-ey-annual-privacy-governance-report-2020/
- Pew Research Center. (2019). Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information. Retrieved from https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/
If you’re starting out, you’ll love our comprehensive 52 point checklist for your website! Read through once, and then work on items one at a time as it comes up!
Single Mom, Lifelong Learner, Jesus Follower, Founder and CEO at WPBarista.