You may have read or been advised that you should put nofollow tags on links to your Privacy Policy and related documents. While there are technical arguments behind this advice, not everyone agrees.
From a legal and user perspective, using nofollow is unlikely to break the letter of privacy laws, but it is not really in the spirit of the rules and will arguably undermine the purpose of Privacy Policies.
Let's take a deeper look at this topic and what you should do.
Use FreePrivacyPolicy.com to generate the necessary legal agreements for your website/app:
- Free Privacy Policy Generator
- Free Terms and Conditions Generator
- Free Cookies Policy Generator
- Free Disclaimer Generator
- Free EULA Generator
- Free Return & Refund Policy Generator
You check our Free Cookie Consent to start making your business legally compliant with the Cookies Directive in the EU.
- 1. What is a nofollow Link?
- 1.1. The Role of Links
- 1.2. The nofollow Link
- 1.3. The Purpose of a nofollow Tag
- 2. Using a Nofollow Tag For a Privacy Policy: The Technical Perspective
- 2.1. Site Rankings
- 2.2. Duplicate Content
- 3. Using a Nofollow Tag For a Privacy Policy: The User Perspective
- 3.1. General Data Protection Regulation (GDPR)
- 3.2. California Consumer Privacy Act (CCPA)
- 3.3. Personal Information Protection and Electronic Documents Act (PIPEDA)
- 4. Summary
What is a nofollow Link?
If you are considering whether to add a nofollow link to a Privacy Policy, you may already understand what they do and how they work.
Just in case, here's a brief primer.
The Role of Links
Besides their value to humans browsing websites, links have two key roles for search engines such as Google. The first is that they help the search engine find web pages to analyze and add to its search database, a process known as "indexing." Once a search engine has finished indexing a page, it will usually follow each of the links and index the pages it accesses through the links. From each of these pages it will follow the links, and so on.
Search engines also use links as a way to rate the importance of sites. Unlike in the early days of the web, search engines today do not simply look for whether a page mentions the term for which a user is searching. Search engines such as Google also take into account the authority of a website, based partly on how many pages link to a particular page or site.
They also take into account the authority of the sites from which the links originate. For example, one link from a government agency website will often have a bigger influence on search rankings than several links from personal blogs with a small following.
The nofollow Link
Website owners can choose between two options when adding a link to a page.
The first is a dofollow link. Although it has a fancy name, this is simply the default way of doing a link. For example, you could link to this website with the code:
The second option is a nofollow link. This adds an extra piece of code, so the link code in our example would read:
The addition of the nofollow tag doesn't affect the way the page appears or the way readers use the link. Instead, it's simply a signal to search engines to effectively ignore the link.
How different search engines respond to a nofollow tag can vary, but as a general rule they will not count the link when deciding where pages appear in search rankings. Usually they won't follow the link when finding pages to index and add to their search database.
The Daily Echo includes links to businesses in its local directory. Users can click on the "Website" icon to follow the link as normal:
However, the source code for the page shows the link carries the nofollow tag. That means the newspaper's authority doesn't count towards Google's ranking of the bathroom showroom company:
In contrast, Tipped has listings for home renovators:
The source code shows it does not use a nofollow tag for the links:
The Purpose of a nofollow Tag
Using a nofollow tag serves several purposes:
- It's a requirement of Google to tell it when you are including a link in return for payment. A nofollow tag is one way to do this, though it prefers the "rel=sponsored" tag.
- It's a way to stop people taking advantage of your site's authority when posting a link, for example in a comments section.
- It lets you link to a site (including embedding images from other sites) without search engines treating you as endorsing the site. In the examples above, the newspaper may want to do this to avoid any conflict between its editorial and advertising activities.
- Some people argue it reduces the risk of Google incorrectly thinking you are using links to try to manipulate search results.
However, none of these should be relevant for a Privacy Policy.
Using a Nofollow Tag For a Privacy Policy: The Technical Perspective
Most of the specific arguments for using a nofollow tag for links to Privacy Policies are based on supposed technical reasons. These don't always hold up.
Site Rankings
One argument is that having links to your Privacy Policy can harm your overall site rankings, either by reducing the supposed value to readers of your overall set of indexed pages, or by potentially having your Privacy Policy appear higher in the rankings than pages which you are more interested in having users visit, for example those directly selling goods.
In practice there's little or no evidence to support these arguments. Modern search engines are sophisticated enough to understand the different elements of a website and will expect to see some pages which contain legal material such as a Privacy Policy.
Meanwhile, search rankings are generated for specific searches, so you don't have to worry about people seeing the "wrong" pages from your site in the results.
Duplicate Content
Another argument is that a nofollow tag will reduce the risk of search engines penalizing your site because they detect duplicate content, for example where your Privacy Policy contains similar wording to privacy pages on other websites.
Again, this underestimates the sophistication of search engines, which can and do distinguish between plagiarism and duplication which is unavoidable or has a reasonable explanation. The Yoast site quotes Google as saying:
"Duplicate content on a site is not grounds for action on that site unless it appears that the intent of the duplicate content is to be deceptive and manipulate search engine results."
Search engine algorithms take account of the fact that some similar pages on different websites, such as Privacy Policies, will often use the same phrasing at some point. This could be because the law sets out specific wording to use, or simply because both policies cover the same concept and use the most straightforward and understandable way to express it.
Because a Privacy Policy is important legal information, it's better to be as clear as possible rather than try to find creative and original wording. This is particularly important for non-native speakers and people with literacy problems as they will often assume that if you use an unusual word or phrasing, it must have a special meaning that is different from the more common and straightforward way of saying the same thing.
Using a Nofollow Tag For a Privacy Policy: The User Perspective
Rankings aside, the biggest reason not to use nofollow tags on links to your Privacy Policy is the effect on users. By definition, a nofollow tag reduces the likelihood of a page appearing in search results and in turn reduces the likelihood of a user viewing the page. (The effect does depend on how well organized the navigation and menus on your site are.)
Although no major privacy laws cover the use of nofollow tags, making your Privacy Policy less prominent in this way certainly goes against both the aims and the general principles of most laws. The whole point of a written Privacy Policy is to make it easier for users to understand your privacy practices and make a genuinely informed decision about what data to provide.
Here are some examples of the ways different privacy laws require or suggest that you make privacy information prominent.
General Data Protection Regulation (GDPR)
The GDPR covers personal data use involving processors, processing or data subjects in European Union countries. It not only lists information that you must provide when collecting data (most commonly through a Privacy Policy) but states in Article 12 that this information must be "in a concise, transparent, intelligible and easily accessible form."
California Consumer Privacy Act (CCPA)
The CCPA covers the use of data about Californians by large businesses and those which buy or sell personal data as a key business activity. It requires businesses to provide several details about the ways it gathers and uses personal data.
Most notably, it specifies that businesses must have a dedicated page for users to exercise their right to opt out of their data being sold to third parties. The CCPA specifically says businesses must include a link to this page from their home page, using the wording "Do Not Sell My Personal Information."
T-Mobile does this as part of its footer that appears on every page:
The ethos of the law is clearly that privacy information should be more prominent.
Personal Information Protection and Electronic Documents Act (PIPEDA)
This affects most for-profit organizations in Canada that aren't already subject to a local law covering similar issues. PIPEDA is based on 10 "fair information principles." Number 8 is "openness" and the official guidance states that your "detailed personal information management practices must be clear and easy to understand. They must be readily available."
Again, whether or not you use nofollow tags on links to your Privacy Policy will make little if any difference to your legal compliance with privacy laws. However, having a Privacy Policy isn't just about meeting the letter of the law, but also about building trust with consumers and in maximizing your peace of mind in knowing they have genuinely understood and consented to your data handling.
With this in mind, it makes little sense to do anything that makes your Privacy Policy less visible or accessible in any way, including using nofollow tags.
Summary
Let's recap what you need to know about nofollow tags and Privacy Policies:
- Search engines use links both to find pages on your site to analyze and to help work out which pages have more authority on a particular topic.
- You can add a nofollow tag to a link to effectively tell a search engine to ignore the link for both indexing and ranking purposes.
- Most reasons for using nofollow tags involve not wanting to lend your authority/credibility to the linked content.
- Some people say to use nofollow tags on Privacy Policies to avoid harming your overall site rankings. There's very little evidence for this argument.
- Other people say to use nofollow tags on Privacy Policies to avoid being penalized for duplicate content if you use similar wording to other Privacy Policies. This is unnecessary as search engines can distinguish between apparent duplication that has a reasonable explanation and cases involving plagiarism or attempts to manipulate search rankings.
- Using a nofollow tag will make it slightly harder for people to find and access your Privacy Policy. This doesn't break the letter of most privacy laws but does breach the spirit. Several laws specifically refer to you making your Privacy Policy prominent and easy to access.
- Whatever the precise wording of applicable privacy laws, making your Privacy Policy as prominent and accessible as possible is good public relations and means you can rely on consumers having made informed choices about the way you handle their personal data.