Recent Answers to Privacy Policy Law Questions

Danny J.

Answered Dec 14, 2024

Website owners can indeed change their privacy policy, but the legality and best practices surrounding such changes are nuanced and depend on several factors: 1. Material Changes: If the changes are substantial, such as altering how personal information is collected, used, or shared, website owners are generally required to notify users and, in some cases, obtain consent. 2. Legal Requirements: Various laws and regulations, such as the CCPA (California Consumer Privacy Act) and GDPR (General Data Protection Regulation), mandate specific notification procedures for privacy policy updates. 3. User Expectations: Even when not legally required, notifying users of changes is considered a best practice to maintain transparency and trust. 4. Methods of Notification: Common notification methods include: - Email notifications - Website banners or pop-ups - Blog posts or news updates on the website 5. Timing and Consent: For material changes, it's often advisable to provide advance notice and, in some cases, obtain user consent before the new policy takes effect. While it's concerning that the website you've been using made changes without notification, the legality of their action depends on various factors, including the nature of the changes, applicable laws in your jurisdiction, and the website's previous commitments in their policy. Given the complexity of privacy laws and the potential legal implications of improper policy changes, it would be prudent to have an expert review your specific situation. A legal professional could: 1. Assess the materiality of the changes made 2. Determine if any laws were violated 3. Advise on potential recourse if your rights were infringed 4. Help you understand your options as a user Would you like to discuss this matter further and explore how we can protect your privacy rights in this situation?

Russell M.

Answered Apr 28, 2023

There are myriad laws that govern privacy. In the U.S. there are the U.S. Privacy Act, HIPPA for health info, GLBA for financial, COPPA protecting children, and now more States are adding privacy laws. In 2023 alone, new consumer privacy laws will be effective in California, Colorado, Connecticut, Utah, and Virginia. Doing business internationally? The GDPR in the EU is recognized as something of a gold standard for individual privacy. The GDPR created ongoing obligations for maintains and updating privacy implementation. Companies located anywhere, not just the EU, must appoint a Data Protection Officer (“DPO”) if they have to carry out large scale, regular and systematic monitoring of people, for example online behavior tracking or large scale processing of sensitive (special category) data or data relating to crimes and criminal convictions.

Paul S.

Answered Apr 7, 2023

There are three main parts of a privacy policy. One, you should be disclosing the kinds of information you collect from website visitors. For example: name, address, phone, email, credit card number, drivers license number, etc. Two, you should be disclosing how you use that information inside your organization. For example, for fulfilling purchases, providing customer service, processing payments, product improvement, marketing analytics, etc. Third, you should be disclosing how you share information with parties outside your organization. For example, you might use contractors and vendors to process payments, analyze website traffic, provide marketing analytics, etc. Another useful topic is how you protect information. You don't want to get so detailed that you give hackers a road map, but you can make general statements about using encryption, etc. And depending on the nature of your website and business, you may need to address GDPR or collecting information from children.

Ema T.

Answered Apr 21, 2021

If you are planning to operate in Europe you will need to address the GDPR. The GDPR is a EU regulation that addresses data protection and privacy of EU residents. It provides specific rights for users located in the EU. These rights should be addressed in your privacy policy and contain additional sections and information laid out for EU residents. Any information provided as an answer to these questions does not constitute legal advice and does not create an attorney-client relationship between the attorney and anyone in relation to any information provided under the Q & A section of this website.

Ema T.

Answered Apr 21, 2021

The Privacy Policy should be located on your website from the moment your website is "up in the air" therefore it is recommended to contact a lawyer to draft it at least 2 weeks prior to the launching of the website. The privacy policy provides information to visitors of the website on the operators of the website collect, use, store and protect the personal data of the visitors. Personal data can be information provided by the users (personal and financial is most common) or information collected automatically such as IP. Each privacy policy should be tailored to the specific website or app. Any information provided as an answer to these questions does not constitute legal advice and does not create an attorney-client relationship between the attorney and anyone in relation to any information provided under the Q & A section of this website. it is being used because the exact content of the privacy policy is dependent upon the function of the site that it relates to, the information it gathered, and how it is being used. An important note about PP is that certain countries and states have specific rules regarding the use of their residence data and those should be addressed in your PP if you are planning to operate in these areas.

Ema T.

Answered Apr 21, 2021

If you are planning to operate in California, USA it is recomended to address the CCPA. California is the first state in the US to enact a state statute addressing the privacy rights of the state residents (but it is estimated that other states will follow). The CCPA provides specific rights for users located in CA, those include the right to know what personal data is being collected, whether this data is disclosed or sold to any 3rd party, (and to disagree to the sale), the right to access their personal data, request a deletion of their information, and more. These rights should be addressed in your privacy policy and contain additional sections and information laid out for CA residents. Any information provided as an answer to these questions does not constitute legal advice and does not create an attorney-client relationship between the attorney and anyone in relation to any information provided under the Q & A section of this website.