Does Your Website Need a Privacy Policy or Terms & Conditions?
Conversations about data privacy policies and website terms and conditions have become more common in recent months. Bigger companies like Facebook, Expedia, and Dick’s Sporting Goods have been involved in legal action regarding different privacy issues. The questions on most business owners’ minds are “What are these agreements?” and “Do I need them on my website?” Privacy policies and terms and conditions serve quite different purposes, but both are essential for any business that engages with customers online! So let’s dive in.
What Is a Privacy Policy?
A privacy policy is simply an agreement that outlines how and why a company collects, stores, uses, shares, and protects “personal date” from users and visitors on its websites or mobile apps. It can also cover interactions that involve personal information collected offline or in person. Regardless of how you collect data from your prospects or clients, the privacy policy is where consumers curious about your company’s data practices and procedures can find answers to all of their questions.
What Are Terms & Conditions?
Terms and conditions sometimes referred to as terms of use or terms of service, are agreements between a website’s owner and its visitors about the rules and expectations for using the website. These agreements protect business owners by allowing them to clearly dictate how activities on their website run and should be conducted. Terms may include age restrictions, intellectual property rights, permitted use provisions, disclaimers, and limitations of liability. For example, terms and conditions are often used to advise their visitors that using material discovered on the site may be considered copyright infringement and is prohibited.
Overall, terms and conditions are needed to define permissible and impermissible website activities by the consumer. For instance, a user may claim to be unaware of having engaged in wrongful conduct that triggered a termination of the user’s website account or access. However, if the terms and conditions set forth the website owner’s right to take such action, the owner has notified the consumers of permissible behavior and therefore the terms support the website owner’s ability to terminate access when violations occur.
Do I Need These Agreements?
You may be thinking, now do I really NEED these agreements? In most instances, privacy policies focus on proper disclosures or practices, whereas terms and conditions address the permissions granted between the user and the website. Businesses operating websites or mobile apps should consider having both a privacy policy and a terms and conditions. If legal issues arise regarding your data collection, these are two key documents courts will look at while they try to understand the nature of your relationship with your consumers.
Privacy policies are a must-have to comply with federal regulations and various state laws regarding data protection. These laws apply to the vast majority of websites because most websites collect personal information from users regardless of their geographic location. “Personal information” or “personal data” includes everything from users’ names and email addresses to their IP addresses and device types. In other words, data collection practices that do not overtly collect private data may still be collecting personal information from website visitors using various technologies. Additionally, laws like the General Data Protection Regulation (“GDPR”) and California Consumer Privacy Act (“CCPA”) broadly apply to business owners who collect data and profit by using the data in their marketing or selling the data. Have you ever gotten an email directed at you from a company you have never even heard of? That’s what the CCPA is about. These types of laws signal a push for legislation requiring transparency from businesses, and noncompliance could result in costly fines from local governments or even the Federal Trade Commission (“FTC”), the agency in charge of enforcing most consumer data protection compliance and the authority to seek civil monetary penalties for violations. Long story short, you do not want to get into a mess with the Federal Trade Commission, that’s for sure!
Does your Business Fall Under the CCPA?
The CCPA applies to businesses that fall into at least one of the following categories:
(1) Those that earn $25 million or more in annual revenue.
(2) Those that buy, receive, or sell the personal data of at least 50,000 consumers or households.
(3) Those that obtain at least half of their revenue selling the personal data of California residents.
Any business, including those located outside of the state of California, will be subject to the law, as long as it meets one of the three conditions mentioned above. It has been estimated that more than 500,000 U.S. businesses, including many small businesses, will be impacted. The law does not apply when a business’s commercial conduct “takes place wholly outside of California,” meaning:
(1) The business collected information while the consumer was outside of California.
(2) No part of a sale of the consumer’s personal information occurred in California.
(3) There was no sale of the personal information collected while the consumer was in California.
Koukol Johnson & Schmit, LLC Can Help!
Ensuring that your website has all of the legal agreements in place to protect your business should be one of your greatest priorities! We are here to help you understand exactly what agreements you need and how they can best be used in order to protect yourself and your business! Call us at (402) 934-9499 or click here to schedule a consultation with our Business and Employment Attorney Angela Schmit.
