Online business owners are the architects of the internet. Particularly following a year of many businesses moving to online models, it’s not only critical that a business have an attractive, engaging, and accessible online home: a website must comply with all required online privacy laws.
After all, what good is a website, if it just invites liability to your doorstep? It is important for businesses of all sizes to understand how to refrain from violating privacy laws in order to protect their investment.
Generally speaking, a website must contain three things to be as legally protected as possible:
All website documents, such as a privacy policy, and terms and conditions, may be found at the Creative Law Shop®.
One note before diving in: the legal nuances of these laws? They regulate laws regarding the users of your website. IE, the GDPR regulates how EU citizens’ information must be protected on websites. The obvious secondary question this brings up: how can you regulate who accesses your website?
You can’t. Therefore, your website’s privacy policy and terms must comply with all relevant online privacy laws.
The three most important privacy laws are the General Data Protection Regulations (GDPR), which originate in Europe, the California Consumer Privacy Act (CCPA) and the Children’s Online Privacy Protection Act (COPPA). While only COPPA is United States Federal Law, each of these regulatory bodies are looked too as reference points for existing state law requirements. Likewise, these are not the only regulations, statutes, or requirements but rather they are the broadest and most referenced. Note: for an in-depth examination of everything business owners need to know regarding the GDPR and other online privacy laws, head to shopcreativelaw.com.
Business owners may want to consider that many consumers are demanding increased privacy protections. Likewise, hefty fees and fines, as well as legal ramifications, are all considerations when creating, building, or establishing an online presence.
An overview of what the GDPR suggests including in a privacy policy:
The GDPR has clearly put an emphasis on rebuilding trust with online users in regards to their data. By minimizing the amount and type of data collected- focusing on only collecting the information necessary to accomplish business related tasks- online businesses are able to navigate the constantly evolving demands of online privacy protection.
Like the GDPR, the CCPA has established the seriousness of data minimization. The CCPA requires businesses to not only disclose any personal information that is taken, but requires website owners to detail why the information was taken and how the information will be used. The CCPA also requires privacy policies and notices to be updated on an annual basis.
Some considerations to keep in mind are:
COPPA, on the other hand, deals mostly with compliance in regard to children under the age of 13. It is important for websites whose primary targeted audience is children or websites who have actual knowledge that children are using the website, to know and understand their responsibilities as outlined by COPPA. Of note: you may not be “targeting” children under 13 to your site, but that does not mean that children WON’t be accessing your website. So, best practices are to ensure you’re compliant.
With the world rapidly changing however, these vague and general guidelines may soon phase into stricter and more precise rules and regulations. An example of this can be seen in the Online Accessibility Act (H.R. 8478), a proposed amendment to the Americans with Disabilities Act of 1990. If this act were to pass into law, it would require all consumer facing websites and mobile applications to provide accessibility to all persons, regardless of disability. The act allows for a transitionary period as well as flexibility for small businesses; however, it would require major adjustments in regards to how website and mobile application content is accessed.
Most importantly, the new Biden administration, spearheaded by Vice President Kamala Harris who has her own track record in requiring enhanced online data protection, will most likely have upgraded online data requirements. Whether that will be in continuance with Obama’s “Consumer Privacy Bill of Rights” or the passing of one of the many bills already being pushed from both democrats and republicans, privacy laws and regulations are certainly something online business owners are required to stay ahead of.
For lawyer-drafted website templates (including lifetime updates, as new laws are passed), head to the Creative Law Shop®.
LEAVE A COMMENT
View Comments