If you have made any major changes to your policy, you may wish to obtain renewed consent from your website or app users.
This article will cover why you need an update notice, what to include in one and how to send the update.
- 1. Why Do You Need to Send an Update Notice?
- 1.1. To Comply with the Law
- 1.2. To Meet User Expectations
- 1.3. To Avoid Misunderstandings and Disputes
- 1.4. Children Under 13
- 2. What Should You Include in an Update Notice?
- 3. How Should You Send The Update Notice?
- 3.1. Different Methods of Sending an Update Notice
- 3.1.1. Email Notice
- 3.1.2. Pop-up Notice
- 3.2. News Page or Blogpost
- 4. Summary
Why Do You Need to Send an Update Notice?
Let's consider these reasons in more detail:
To Comply with the Law
Not only is it good business practice to provide users with an update notice, but it's often a legal requirement.
For example, if your business has customers within the European Union (EU) it will be subject to the General Data Protection Regulation (GDPR), which requires companies to inform users of updates to their legal agreements.
The GDPR came into effect on May 25, 2018 and the regulation applies to any business that allows EU citizens to use their products or services, even if the business is not based in the EU.
Depending on which state your business operates from, there may be state laws that demand users receive an update notification.
To Meet User Expectations
People are becoming increasingly concerned with the safety of their data when accessing websites and apps. Privacy is paramount to users, as is a company's transparency about their privacy practices.
Update notices make your business seem more trustworthy and enables you to build a better relationship with your customers.
To Avoid Misunderstandings and Disputes
A customer has the power to take a business to court for failing to follow its own policy. Not only would this be costly, but it could damage the company's reputation.
You can avoid this happening to your business by providing users with update notices. If you've notified your users, they cannot say they haven't been informed of the changes or say it's not what they agreed to.
An update notice also gives users the chance to opt-out or to close their account if they're dissatisfied with the changes.
Children Under 13
CBS Interactive states that parents will be notified of material changes and requests parents keep their contact information up to date for this reason:
Additionally, Article 12 of the GDPR states that a privacy notice should be written in clear and simple language - particularly when the notice is addressed to children.
What Should You Include in an Update Notice?
Users will appreciate a paragraph which states how the changes will affect them. If you've made a change which enhances the privacy of the user this is a great opportunity to build trust.
You may also wish to include why you've made the changes. Is it due to changes in the way your company operates or has a new law come into effect?
You should also state the date the changes come into effect. Ideally you should give users at least 2 weeks notice. If this is not possible, you can give a shorter notice period or state that the change has already come into effect.
Lastly, follow the GDPR guidance when writing your notice. Article 12 states that privacy notices must be 'concise, transparent, intelligible, easily accessible and free of charge.'
Include as much information as possible and as clearly as possible so your users are able to see exactly what's changing and get a general overview of how it will affect them.
How Should You Send The Update Notice?
The company states that it will inform users of changes via email or via a website update. The policy makes it clear that changes take effect 7 days from the email or website notification. If users do not agree they must notify the company and stop using their services:
Different Methods of Sending an Update Notice
Let's review some of the methods:
An email could be sent at the same time the change comes into effect, or prior to the change coming into effect.
It's best to send the email before the change and to advise users of the date the updated policy comes into effect. This gives users a chance to review the changes to see if they're happy with them prior to them taking effect.
An advantage of emailing your update notice to users is that it makes your business seem open and proactive. Another advantage is that the email provides you with an opportunity to include a concise summary of the changes you've made.
A disadvantage is that in order to send an email update, you'll need a list of your users' email addresses.
YouTube recently sent an email to announce changes to its Terms of Service. The subject line makes it clear that the email contains important information:
The content of the email included a summary of key changes with a link to the full updated policy:
The email also advised users when the changes would come into effect:
As a consequence of the GDPR coming into effect, website and app users were inundated with emails update notices in May of 2018. Many of these emails offered customers the chance to opt-in or out after reviewing the updated Privacy Policies.
Retailer Collectif sent users an email explaining why it had updated its policies, when the changes would take effect and advising users to unsubscribe if they were unhappy with the changes:
The main advantage is that the notice will be the first thing users see when arriving at your site. This gives them the chance to leave the site or close the app if they're unhappy with the policy revision.
Make sure you include a link to your full policy in the pop-up. You may wish to add an 'accept' button or a tick box so there can be no doubt that users have consented to your policy and its updates.
News Page or Blogpost
The advantages of this is there will be space to include a summary of key changes and it doesn't require you to know user's email addresses.
A disadvantage is that users might not check your blog or news page regularly. A user could come across an old blogpost about a previous update and mistakenly believe the post related to a current update. To avoid this, make sure you clearly mark the date on the blogpost.
Alternatively, add a pop-up notice to your website. If you want to make sure users agree to the updated policy, a pop-up coupled with an 'Accept' button is the way to go.
For a small update you may wish to add a short blogpost to your website.
It's advisable to combine methods to ensure you have done everything you can to notify users of your update. This will help to prevent user grievances. Plus, if a user did bring a lawsuit, you would be able to show the court that your users weren't just informed of the updates, but that you also made them as accessible as possible.
If your business serves customers within the EU it's essential to send update notices as the GDPR applies to your business. Even if the GDPR doesn't apply, you need to make sure that you don't fall foul of federal or state law.
When sending an update notice it's good practice to include a short summary of the changes you've made and advise users of the date the new policy will take effect. You may also wish to include how the changes will affect users and why you've made the changes.
Ideally, you should give users at least two weeks notice of the updates taking effect. You may wish to shorten this notice period, or not give any notice, if the change is smaller.
You can get renewed consent through a tick box or 'Accept' button on a pop-up notice. You could also advise users to unsubscribe, opt-out or contact your company if they're dissatisfied with any changes.