Earning an income from your blog is a much easier venture than starting a traditional business and you don’t have to check zoning laws or apply for building permits.
However, that doesn’t mean there aren’t legal requirements you need to comply with.
The exact contents required will depend on the applicable laws or policies. Also, the definition of what constitutes “personal information” varies, but it often includes names and email addresses, and sometimes IP addresses and browser cookies.
Data = Money
In the information age, data is the new currency. Private information on individuals is very valuable to advertisers, businesses, and governments.
Today, many countries consider privacy to be a fundamental human right, and have passed legislation to protect individuals from their information being collected and used without their knowledge. Data privacy laws usually require that anyone collecting personal information via their website needs to have a statement on how and why they do so.
Privacy laws in different countries
- Australia’s Privacy Principles (APPs) is a collection of 13 principles guiding the handling of personal information. According to these principles, you must manage personal information in an open and transparent way.
- European Union Data Protection Directive of 1998 states that anyone processing personal data needs must do so in a fair and lawful manner. In order for the data collection to be considered lawful, data can only be collected for specified, explicit and legitimate purposes.
Tip: Wonder if this applies to your country? Information Shield is a great resource to find out more about your country's privacy laws, though the legalese can be difficult to interpret.
Updates: GDPR Compliances
GDPR stands for General Data Protection Regulation. At its most basic, it specifies how personal data should be lawfully collected, used, protected or interacted with.
Applications of GDPR include:
- An entity’s base of operations is in the EU (this applies whether the processing takes place in the EU or not);
- An entity not established in the EU offers goods or services (even if the offer is for free) to people in the EU. The entity can be government agencies, private/ public companies, individuals and non-profits;
- An entity is not established in the EU but it monitors the behavior of people who are in the EU, provided that such behavior takes place in the EU.
In short, the GDPR applies to your organization whether you are based in the EU or not.
Businesses that are not in compliance with GDPR’s requirement can face large fines up to 4% of a company’s annual global revenue OR €20 million (whichever is greater).
To understand this new regulation better, please refer to this infographic by European Commission.
Every now and then we get the “when” question.
- It may be required by law. Dozens of countries around the world have laws requiring privacy policies if you live in their jurisdiction, or if you collect information from their citizens.
- It’s the right thing to do. Being transparent and sharing honest information about what data you collect and how you use it goes a long way towards establishing trust with your users. Collecting and using their data in secret is deceitful and devious – which is why it’s illegal in many countries.
- Your name (or business name), location, and contact information
- What information you’re collecting from them (including names, email addresses, IP addresses, and any other information)
- How you’re collecting their information, and what you’re going to use it for
- How you’re keeping their information safe
- Whether or not it’s optional for them to share that information, how they can opt-out, and the consequences of doing so
- Any third-party services you’re using to collect, process, or store that information (such as an email newsletter service, or advertising network)
For Google Adsense, your policy needs to inform your users:
- Google’s use of the DoubleClick cookie (a cookie that is activated when users visit a partner’s website and view or click on an ad) enables Google and its partners to serve ads to your users based on their visit to your sites and/or other sites on the Internet.
- Users can opt-out of the use of the DoubleClick cookie for interest-based advertising by visiting Google Ads Settings.
- Inform them of any third-party vendors and ad networks serving ads on your site, and provide a link to them.
For Amazon Affiliates, you’ll need to inform your users:
- How you collect, use, store, and disclose data collected from users
- That third parties (including Amazon or other advertisers) may serve content and advertisements, collect information directly from users, and place or recognize cookies on their browsers
Tools for Creating Privacy Policies
1- iubenda Policy Generator
- Add your website name,
- Add the services (ie. Google Adsense) you are using and the type of data you are collecting,
- Embed your policy to site.
* Click image to enlarge.
Is Iubenda GDPR ready?
Short answer – Yes. Iubenda does provide complete solution to comply with GDPR.
At the price of $39/mo (ouch!), the system will help:
- Display a cookie banner and release profiling cookies only when consent has been provided, and
- Track, record, and retrieve user consent with the Internal Privacy Management tool.
[icon exclamation-circle] Earning disclosures: WHSR is affiliated to Iubenda. Save 10% on your first year when you order iubenda via this link.
2- Shopify Policy Generator
Shopify provides a simple tool where you can generate refund policy and terms of service policy for free.
Also – read our Shopify review.
While it may seem like a hassle, putting off this important aspect of your blog could result in trouble down the line. You really don’t want to risk being banned from your affiliate ad networks or getting sued by a website visitor.
Team WHSR and the writer of this article are not lawyers. Nothing on this website should be considered legal advice. When in doubt, it’s best to consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases.