Home / Articles / Blogging Tips / The Simple Privacy (and Cookie) Policy Guide for Website Owners

The Simple Privacy (and Cookie) Policy Guide for Website Owners

Earning an income from your blog is a much easier venture than starting a traditional business and you don’t have to check zoning laws or apply for building permits.

However, that doesn’t mean there aren’t legal requirements you need to comply with.

One of the most inconspicuous but necessary legal requirement is the privacy policy, and this applies to all websites, big or small. If you’re a small business or even just a blogger earning no income from your website and aren’t sure why on earth in the first place you’d need one, you might be surprised.

Chances are quite high that you might be (even if you’re not really aware of it) – collecting various forms of information from your visitors, tracking them with analytics, or displaying ads. For many of these activities, the chances are quite high that you’re required to have a privacy policy.

What Is a Privacy Policy?

A privacy policy is a document that details what personal information you collect from your users, how you use it, and how you keep it private.

The exact contents required will depend on the applicable laws or policies. Also, the definition of what constitutes “personal information” varies, but it often includes names and email addresses, and sometimes IP addresses and browser cookies.

Data = Money

In the information age, data is the new currency. Private information on individuals is very valuable to advertisers, businesses, and governments.

Today, many countries consider privacy to be a fundamental human right, and have passed legislation to protect individuals from their information being collected and used without their knowledge. Data privacy laws usually require that anyone collecting personal information via their website needs to have a statement on how and why they do so.

According to many privacy laws, you can be fined or even prosecuted if you collect personal information without informing your users, or if you violate your own privacy policy.

Privacy laws in different countries

  • Australia’s Privacy Principles (APPs) is a collection of 13 principles guiding the handling of personal information. According to these principles, you must manage personal information in an open and transparent way.
  • European Union Data Protection Directive of 1998 states that anyone processing personal data needs must do so in a fair and lawful manner. In order for the data collection to be considered lawful, data can only be collected for specified, explicit and legitimate purposes.
  • U.K. Privacy and Electronic Communications Regulations 2003 restricts the use of cookies and similar technologies on users' devices unless users  1) are clear about the purpose of the usage of cookies and 2) have given their consent.

Tip:  Wonder if this applies to your country? Information Shield is a great resource to find out more about your country's privacy laws, though the legalese can be difficult to interpret.

Updates: GDPR Compliances

GDPR stands for General Data Protection Regulation. At its most basic, it specifies how personal data should be lawfully collected, used, protected or interacted with.

Applications of GDPR include:

  • An entity’s base of operations is in the EU (this applies whether the processing takes place in the EU or not);
  • An entity not established in the EU offers goods or services (even if the offer is for free) to people in the EU. The entity can be government agencies, private/ public companies, individuals and non-profits;
  • An entity is not established in the EU but it monitors the behavior of people who are in the EU, provided that such behavior takes place in the EU.

In short, the GDPR applies to your organization whether you are based in the EU or not.

GDPR Fines

Businesses that are not in compliance with GDPR’s requirement can face large fines up to 4% of a company’s annual global revenue OR €20 million (whichever is greater).

While the authority can escalate the matter to high level of fines, it will start with a warning, then a reprimand, then a suspension of data processing, before a fine is imposed.

To understand this new regulation better, please refer to this infographic by European Commission.

When do you need a privacy policy?

Every now and then we get the “when” question.

When do you need a privacy policy?

Do All Websites and Mobile Apps Need a Privacy Policy?

Here are some possibilities on why you might need a privacy policy:

  1. It may be required by law. Dozens of countries around the world have laws requiring privacy policies if you live in their jurisdiction, or if you collect information from their citizens.
  2. You may be required to by a third-party service. Many services that collect information through your site, such as Google AdSense and Amazon Affiliates, require you to have a privacy policy as well.
  3. It’s the right thing to do. Being transparent and sharing honest information about what data you collect and how you use it goes a long way towards establishing trust with your users. Collecting and using their data in secret is deceitful and devious – which is why it’s illegal in many countries.

If you’re not sure whether or not you need a privacy policy, it’s better to be safe than sorry.

What Should Be Included in Your Privacy Policy?

When creating a privacy policy, the exact information required will depend on the applicable laws or policies.

In general, most privacy policy laws require you to inform your users of:

  • Your name (or business name), location, and contact information
  • What information you’re collecting from them (including names, email addresses, IP addresses, and any other information)
  • How you’re collecting their information, and what you’re going to use it for
  • How you’re keeping their information safe
  • Whether or not it’s optional for them to share that information, how they can opt-out, and the consequences of doing so
  • Any third-party services you’re using to collect, process, or store that information (such as an email newsletter service, or advertising network)

For Google Adsense, your policy needs to inform your users:

Required policy content for Google Adsense publisher (source).
  • Google and other third-party vendors use cookies to serve ads based on a user’s prior visits to your website.
  • Google’s use of the DoubleClick cookie (a cookie that is activated when users visit a partner’s website and view or click on an ad) enables Google and its partners to serve ads to your users based on their visit to your sites and/or other sites on the Internet.
  • Users can opt-out of the use of the DoubleClick cookie for interest-based advertising by visiting Google Ads Settings.
  • Inform them of any third-party vendors and ad networks serving ads on your site, and provide a link to them.
  • Inform your users that they may visit those websites to opt-out of the use of cookies for interest-based advertising (if the vendor or ad network offers this capability). Alternatively, you can direct users to opt-out of some third-party vendor’s use of cookies for interest-based advertising by visiting aboutads.info.

For Amazon Affiliates, you’ll need to inform your users:

Required policy content for Amazon Associates (source).
  • How you collect, use, store, and disclose data collected from users
  • That third parties (including Amazon or other advertisers) may serve content and advertisements, collect information directly from users, and place or recognize cookies on their browsers

Be sure to avoid complex writing, jargon, or legalese. While a privacy policy document is about protecting you, it’s also about informing the user. Try to keep your privacy policy short and concise, and easy to understand.

Tools for Creating Privacy Policies

While it would be ideal to hire a lawyer to make sure your privacy policy is compliant with all applicable laws, that’s not an expense every blogger can afford.

You can follow the bullet points above to write your own privacy policy in simple, easy to understand language. However, that won’t ensure that your policy follows all the applicable laws in your country.

Instead, here are some online tools and resources for you to create your own privacy policy.

1- iubenda Policy Generator

Site: https://www.iubenda.com/

iubena helps users generate privacy policy in three steps:

  1. Add your website name,
  2. Add the services (ie. Google Adsense) you are using and the type of data you are collecting,
  3. Embed your policy to site.

* Click image to enlarge.

Generate privacy policies in eight different languages for websites and mobile apps using Iubenda (see demo).

The best part of iubenda – your privacy policy is hosted on their servers. This means the system can automatically update the legal text when the law changes.

More than 600 services, including Facebook Like, Google Adsense, Google Analytics, LinkedIn button, Twitter, Alexa Metrics, Amazon Associates;  pre-configured in iubenda system.

Is Iubenda GDPR ready?

Short answer – Yes. Iubenda does provide complete solution to comply with GDPR.

At the price of $39/mo (ouch!), the system will help:

  1. Generate the right privacy and cookie policy,
  2. Display a cookie banner and release profiling cookies only when consent has been provided, and
  3. Track, record, and retrieve user consent with the Internal Privacy Management tool.

[icon exclamation-circle] Earning disclosures: WHSR is affiliated to Iubenda. Save 10% on your first year when you order iubenda via this link

2- Shopify Policy Generator

Site: www.shopify.com/tools/policy-generator

Shopify provides a simple tool where you can generate refund policy and terms of service policy for free.

Also – read our Shopify review.

You can simply click “Skip Shopify Trial” checkbox and create your privacy policy for free.

Put Your Privacy Policy Into Place Today

While it may seem like a hassle, putting off this important aspect of your blog could result in trouble down the line. You really don’t want to risk being banned from your affiliate ad networks or getting sued by a website visitor.

Protect yourself by using one of the tools above to create your privacy policy now, and you won’t have to worry! The process will also help you to familiarize yourself with useful details on user privacy.


Team WHSR and the writer of this article are not lawyers. Nothing on this website should be considered legal advice. When in doubt, it’s best to consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases.

Photo of author

Article by Keri Lynn Engel

Keep Reading