- Answer a few questions about your business:
- Enter the country and click on the "Next Step" button:
- 2.1. General Data Protection Regulation (GDPR)
- 2.2. Personal Information Protection and Electronic Documents Act (PIPEDA)
- 2.3. Children's Online Privacy Protection Act (COPPA)
- 2.4. California Online Privacy Protection Act (CalOPPA)
- 2.5. California Consumer Privacy Act (CCPA/CPRA)
- 3.1. App Platforms and App Stores
- 3.2. Analytics Services
- 3.3. Email Newsletter and Marketing or List Services
- 4. What if I Don't Collect Personal Information?
- 7. Summary
- What personal data you collect
- Why and how you use it
- What rights people have over their data
General Data Protection Regulation (GDPR)
Personal Information Protection and Electronic Documents Act (PIPEDA)
The Office of the Privacy Commissioner of Canada, which enforces PIPEDA, says this means "Your organization's detailed personal information management practices must be clear and easy to understand. They must be readily available."
Children's Online Privacy Protection Act (COPPA)
COPPA is a U.S. federal law that applies if you target your site at people aged under 13 in the U.S., or know for sure that such people use your site.
California Online Privacy Protection Act (CalOPPA)
California Consumer Privacy Act (CCPA/CPRA)
App Platforms and App Stores
The Monopoly Solitaire app listing shows the set question answers:
Email Newsletter and Marketing or List Services
What if I Don't Collect Personal Information?
- People may assume you have something to hide or have not paid attention to privacy laws and rules
- You may have to waste time and effort answering questions about your personal data use (or lack of it)
- You miss out on a chance to reassure customers and users that their data is safe when they use your business
As a general rule, covering the following points will help you comply with most rules as well as getting you in a good position if your position changes later on and you come under different rules:
- Your identity (business name, contact address and the details of whoever is responsible for data protection at your business).
- What personal data you collect. (You can break this down into general categories, though note some laws such as the CCPA (CPRA) require you to use specific categories.)
- Why and how you use this personal data. (Again, you can break it down into categories.)
- Whether you share or sell personal data and, if so, who gets it.
- How long you keep personal data (or how you decide when to get rid of it).
- How you keep personal data secure.
- Whether you rely on consent to process data and, if so, how people can withdraw this consent.
- The user's legal rights over their data and how they can exercise these rights. (This could include knowing what data you store, correcting errors and asking you to stop using data.)
- Whether you use personal data for automated decision making or profiling.
Make sure to review your policy regularly to make sure it's still accurate. Transport for All gives details of the last update to reassure customers it is still relevant:
You can comply with most laws and rules by doing the following:
- Make sure the page is always available and not hidden in a pop-up window or drop-down box.
- Use clear language and explain any legal terms.