Privacy Policies are a requirement for websites or apps that collect personal information. One of the key parts of this policy is the "What Information Do We Collect" clause.
This clause is an essential part of the policy and is the best way to notify your users of what information you collect. It's not only a good way to keep goodwill with your customers, but it's also required by privacy laws.
Let's look more at this clause, why it's required, and how to draft your own.
Privacy laws around the world require that consumers know and are told what type of information is collected by websites and apps.
For example, under the EU's GDPR, it is requirement that consumers are made aware of what categories of their data are collected.
California's CCPA(CPRA) also requires this. It states that companies that handle their users' personal information must inform them of the information being collected.
Regarding privacy laws, it's important to remember that each of these laws apply to certain companies. For example, the CCPA (CPRA) applies to companies that collect the information of California residents and make more than $25 million a year. The GDPR applies to companies that collect data of EU citizens.
When drafting your Privacy Policy and your "What Information Do We Collect" clause, you should be aware of the laws that may apply specifically to your company.
Our Free Privacy Policy Generator helps you create a custom Privacy Policy for your website and mobile app. Just follow these few simple steps and your Privacy Policy will be ready to display in minutes.
- Click on the "Free Privacy Policy Generator" button, located at the top of the website.
- Select where your Privacy Policy will be used:
- Answer a few questions about your business:
- Enter the country and click on the "Next Step" button:
- Continue with building your Privacy Policy while answering on questions from our wizard:
-
Almost done. Now enter your email address where you'd like your new Privacy Policy sent and click on the "Generate" button and you're done.
That's it. Now you can copy and paste your Privacy Policy code into your website, or link to your hosted Privacy Policy.
Purpose of a "What Information Do We Collect" Clause
Including this clause in your Privacy Policy is a way to inform your users of what information you collect and where you collect it from.
A major point in modern privacy laws is that they are requiring companies to be transparent when it comes to data collection.
It's no longer acceptable to not clearly state what information is collected. This information needs to be made easily available to users.
While this requirement helps protect consumers' privacy information online, it can also be a way to help your website or app. Clearly stating what data is collected, where it is collected, and why you obtain the data can create goodwill with your users.
Users may be more inclined to return to your website if you are upfront with this information and this particular clause helps to create trust between your company and your consumers.
Including this clause can also protect your website from potential legal issues later. If an issue arises over whether a user was informed about the collection of their data and you don't have a "What Information Do We Collect" clause, it could leave your website open to liability.
How to Draft Your "What Information Do We Collect" Clause
There is no one blueprint for how to construct your clause. The exact wording and how you state it is entirely up to your company. However, there are some things that most of these clauses do include.
More often than not, this clause will show up early in a Privacy Policy, likely being one of the first clauses included. This makes it very easy for people to quickly find this key information. It should also be written with minimal, if any, legalese-type language.
Let's take a look at these aspects a bit deeper.
Styling of the Clause: Make it Easy to Read and Understand
Your "What Information Do We Collect" clause, along with the rest of your Privacy Policy, needs to be easy to read and understandable. If the clause is hard to comprehend, consumers may easily become confused and a potential misunderstanding may arise.
One of the main reasons for this is that your clause needs to be transparent. Modern privacy laws are requiring companies to be open about their data collection processes to protect the consumer's information online. Creating a clause that has jargon and isn't straightforward could mean your company may be violating multiple privacy laws.
When drafting your clause, it's a good idea to not be too wordy because it can make it confusing for the user. However, if you do use paragraphs, make sure to keep the language simple so the user doesn't get lost in the weeds of the clause.
Using bullet points is a good way to break up your information and the different sections of your clause because it's very easy to read:
See how IKEA does it here:
GLDN states the two different types of information it collects by using bullet points and extra space between the lists to make the clause easy to read:
Another good option is using a table to break down how the data is collected, examples of the information that is collected at that time, and why that information is collected.
Sephora used to do this with its older "What We Collect" clause, which has since been changed:
Patagonia uses a paragraph format, but it also uses clear, shorter sentences to help it be easy to read:
Another option is using graphics or videos to state what information your website collects. Graphics are a welcome surprise and are interactive.
Google includes videos throughout its Privacy Policy, one of which is about the information it collects and where it collects the information from:
Now that you have a better idea of some formatting and styling options, let's look more at the specific informational content to include in your "What Information Do We Collect" clause.
The Categories of Information You Collect
One of the requirements for this clause is that you need to state the data or the "categories" of data that you collect. Some clauses may simply state a list of each type of data that is collected, such as:
- Email address
- Name
- Phone number
Target's "Type of Information Collected" section is an example of this:
Other websites may decide to go a bit broader and offer the categories of data that are collected instead. These categories usually follow a grouping of how the information can identify a user or how the information is collected. Examples of these different types of categories can be:
- Personal identifiers
- Usage data
- Payment information
- Location data
You can see how Apple states the information it collects by categories. This is a good option if your website or app collects a large amount of data from its users and collects different types of data:
Regardless of how you draft your clause, it is necessary that you include the types of information collected.
Where the Information is Collected From
Another key section you should include in your clause is information detailing where the information is collected from. Some websites will have a separate section for this information, but you can include it in your "what information is collected" portion as well.
Privacy laws require that users must be notified of how and from where their information is collected. This can be whether your website collects it through cookies, sign-up forms, or third-parties. No matter where you collect the data from, it must be disclosed.
At the beginning of Apple's data collection clause, it includes a short statement of where and when the information may be collected before providing a list of the data.
Websites can go into further detail even more by stating how the information is collected, whether it is collected automatically, voluntarily given, or from other parties. The more specific you are, the more helpful and informative it will be for users who wish to know.
However, keep in mind that you need to always keep your Privacy Policy accurate, so the more specific you are, the more you need to keep up with any business operations changes and update your Privacy Policy to reflect them.
Mailchimp's old Privacy Policy had an example of how you can provide this information in a clear, categorized way. It included three different sections for how it collects information and offers in detail more about each collection:
Note that the format has changed since Mailchimp's Privacy Policy now falls under Intuit's Privacy Policy scope.
If your website or app offers different types of accounts, such as personal or professional, and if the information that is collected may be different between the two, you should state what those differences would be.
Since Twitter includes both personal and professional accounts, it states in its "Basic Account Information" that a personal account may collect a username and password, whereas a professional account may require a street address, cell phone, and even more information:
If your website will collect the information from third-parties, such as social media platforms, or cookies, make sure to include this in your clause as well.
Summary
Remember there is no one way to write a "What Information Do We Collect" clause. Tailor your clause to what information your website collects and what types of services you provide, and for your unique aesthetic.
Privacy laws vary and may require different things. However, most require that you state what types or categories of information that you collect, where it is collected from, and that you do this in clear and understandable language.
Remember to keep your clause updated. If you stop collecting a type of data, start collecting one, or change the method that you collect information by, make this change right away in your Privacy Policy.
Not only will consumers like to see this clause, thus increasing your trustworthiness, but it will also help you comply with privacy laws around the world that require that this information be disclosed.
