All About Privacy Policy and Why it is Essential for your Business

Innovacion Legal Services > Brand  > All About Privacy Policy and Why it is Essential for your Business

All About Privacy Policy and Why it is Essential for your Business

UNDERSTANDING PRIVACY POLICY

To understand privacy laws or why privacy policy is important for your business’s digital imprint, you need to understand that every website and mobile application collects information from its users otherwise known as data. For example, if you run an E-Commerce business whereby you sell a service or a product over the internet you will be obtaining certain information from your customers such as their name, email address, mailing address (which is your delivery or shipping address) phone number and in some cases user credit card details. All of this information constitutes as Data (more aptly Personally Identifiable Data (PII) which we shall circle back to in due course). Similarly there is also Data of generic nature which is extracted and collected in form of Cookies with your business, usually automatically, when a user visits your website/app.

Now what is PII ? PII is any data that can potentially identify a specific individual and can be used to distinguish one person from another (such as name or email address of a person). This data is of sensitive nature and legally cannot be collected by or shared by anyone without adequate checks and balances. Hence, before collecting such user information, it is essential for your business to obtain your visitors/customers permission to go ahead. Since it is not commercially viable to individually obtain consent from every customer and/or visitor of the website for either sets of data collection, businesses usually upload a legal document, customized to their specific website, entailing details about the collection, storage, usage and sharing of their user data. This document is known as the Privacy Policy.

Every website/mobile app has a privacy policy customized to its specific data collection requirements which operates as a legal protection against any potential claims regarding unauthorized and illegal data collection and usage.

Here are a few reasons and benefits for having a privacy policy uploaded on your digital imprint.

Legal Coverage

As mentioned above, every website which collects PII for commercial or otherwise purposes needs to give a general disclosure to its users that it is in fact collecting information for so and so reasons and (where applicable) may share with such and such individuals, businesses or partners (for example, logistic partners like DHL or TCS for E-Commerce businesses). This disclosure in turn acts as an implied permission from the user as the policy also states that continued usage of the website shall establish consent from the user against data collection. It also guides the user what to do in case they do not wish to share their information and thereby operates as an absolute defense from any potential claim or resulting liability that could be brought against your business by any of its visitors.

Its simple, short of a privacy policy your collection of data is illegal to begin with and your website remains exposed and vulnerable to legal claims and government inquiries.

Compliance with Google

Google Analytics is a service offered by Google which tracks and reports website traffic and in turn helps websites with their user experience. It is automatically operative on websites (esp. E-Commerce websites). Google Analytics clearly establishes that any website so to feature on Google platform needs to have a privacy policy in place which informs its visitors about the collection of data as well as use of cookies while visiting that website. Hence, non-availability of a privacy policy on your website is a contractual breach with Google and could result in significant backlash.

Permission for use of Cookies

To understand why you need this permission you first need to be understand what cookies are. Cookies is data sent from a website and stored on the website user’s computer by such user’s web browser while they are browsing. Cookies operate as a mechanism for websites to remember information or to record the user’s browsing activity to enhance user experience in future. Ever wondered how the ads you see on your browser are specific to what you may have previously browsed or ordered online? That’s because all websites use cookies when you visit them in order to be able to market their products to you. In a nutshell, cookies are a kind of short term memory for the web. 

It is undeniable that websites cannot really operate without its appearance on Google. This brings us to the fact that Google is pretty invasive with its cookie collection and usage meaning while the cookies are being used by Google, it is your responsibility to inform your users that cookies are being used. This is primarily because Google Analytics requires you to inform users beforehand these cookies get installed. Again, by not doing so your website is directly and/or indirectly using cookies illegally. However this can be prevented by uploading a cookie policy on the website which is a supporting document to the privacy policy itself.

Right of the Visitor to Refuse Disclosure of Information or Use of Cookies

As mentioned earlier, every website is legally bound to provide its users an option to decline the collection of their information. The policy also provides for this right to refusal and in some cases the option to request the website to return/delete such user’s information. These options and how to use them are detailed in the privacy and cookie policies respectively.

GDPR Compliance

General Data Protection Regulation (GDPR) is a regulation that requires businesses to protect the personal data and privacy of primarily European Union (EU) citizens for transactions that occur within EU member states. However, the GDPR not only applies to businesses located within the EU but also applies to businesses located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. This means that any company that stores or processes personal information of EU citizens must comply with the GDPR even if they do not have a business presence within the EU which effectively translates into a worldwide applicability. For example, if someone from Germany visits your website then by default you are subject to the GDPR. Hence, no matter the geographical location almost all businesses, as long as they have an online presence, have to comply with the GDPR otherwise they are subject to hefty fines and penalties as well as a grave hit to their brand reputation.

THE LEGALITY OF IT

The big question remains, is it mandatory to have a privacy policy uploaded on your website? The answer is Yes. Privacy policy is a legal requirement for all websites since each website directly or indirectly collects data. Privacy laws around the world direct that if you collect personal information from your website visitors then you need to have a Privacy Policy posted to your site and available with your mobile application.

If your website collects data, you need a privacy policy to :

a) establish that you are authorized to collect data and b) protect you from any and all claims against data collection.

DOWNSIDE OF NON COMPLIANCE

If your website does not have a privacy policy in place then it is operating illegally which means not only is it open to inspection and inquiry by government regulators such as in Pakistan, the Ministry of Information Technology and the FIA Cybercrime Wing but also it is open to multiple legal claims from the visitors and users of your website since you are collecting their data without their knowledge or consent. For example, tomorrow anyone can make a complaint to the FIA in regards to your website and your business will be open to government scrutiny. In many scenarios such unauthorized collection of data results in government inquiries, court cases, heavy fines and penalties, bad publicity for your business, loss of goodwill and brand name and in some cases could go to the extent of shutting down of the business altogether.

Since every business’s data collection requirements are unique, you must always consult with an expert to know what best works for your business. We provide all the documentation you need to legally protect your interests and rights as well as guidance and support to mitigate the possibility for any potential claims coming your way. Contact ILS today and get the needful support for your growth!

× How can I help you?