Privacy Policies are a requirement for websites or apps that collect personal information. One of the key parts of this policy is the "What Information Do We Collect" clause.
This clause is an essential part of the policy and is the best way to notify your users of what information you collect. It's not only a good way to keep goodwill with your customers, but it's also required by privacy laws.
Let's look more at this clause, why it's required, and how to draft your own.
Privacy laws around the world require that consumers know and are told what type of information is collected by websites and apps.
California's CCPA(CPRA) also requires this. It states that companies that handle their users' personal information must inform them of the information being collected.
Regarding privacy laws, it's important to remember that each of these laws apply to certain companies. For example, the CCPA (CPRA) applies to companies that collect the information of California residents and make more than $25 million a year. The GDPR applies to companies that collect data of EU citizens.
- Answer a few questions about your business:
- Enter the country and click on the "Next Step" button:
Purpose of a "What Information Do We Collect" Clause
A major point in modern privacy laws is that they are requiring companies to be transparent when it comes to data collection.
It's no longer acceptable to not clearly state what information is collected. This information needs to be made easily available to users.
While this requirement helps protect consumers' privacy information online, it can also be a way to help your website or app. Clearly stating what data is collected, where it is collected, and why you obtain the data can create goodwill with your users.
Users may be more inclined to return to your website if you are upfront with this information and this particular clause helps to create trust between your company and your consumers.
Including this clause can also protect your website from potential legal issues later. If an issue arises over whether a user was informed about the collection of their data and you don't have a "What Information Do We Collect" clause, it could leave your website open to liability.
How to Draft Your "What Information Do We Collect" Clause
There is no one blueprint for how to construct your clause. The exact wording and how you state it is entirely up to your company. However, there are some things that most of these clauses do include.
Let's take a look at these aspects a bit deeper.
Styling of the Clause: Make it Easy to Read and Understand
One of the main reasons for this is that your clause needs to be transparent. Modern privacy laws are requiring companies to be open about their data collection processes to protect the consumer's information online. Creating a clause that has jargon and isn't straightforward could mean your company may be violating multiple privacy laws.
When drafting your clause, it's a good idea to not be too wordy because it can make it confusing for the user. However, if you do use paragraphs, make sure to keep the language simple so the user doesn't get lost in the weeds of the clause.
Using bullet points is a good way to break up your information and the different sections of your clause because it's very easy to read:
See how IKEA does it here:
GLDN states the two different types of information it collects by using bullet points and extra space between the lists to make the clause easy to read:
Another good option is using a table to break down how the data is collected, examples of the information that is collected at that time, and why that information is collected.
Sephora used to do this with its older "What We Collect" clause, which has since been changed:
Patagonia uses a paragraph format, but it also uses clear, shorter sentences to help it be easy to read:
Another option is using graphics or videos to state what information your website collects. Graphics are a welcome surprise and are interactive.
Now that you have a better idea of some formatting and styling options, let's look more at the specific informational content to include in your "What Information Do We Collect" clause.
The Categories of Information You Collect
One of the requirements for this clause is that you need to state the data or the "categories" of data that you collect. Some clauses may simply state a list of each type of data that is collected, such as:
- Email address
- Phone number
Target's "Type of Information Collected" section is an example of this:
Other websites may decide to go a bit broader and offer the categories of data that are collected instead. These categories usually follow a grouping of how the information can identify a user or how the information is collected. Examples of these different types of categories can be:
- Personal identifiers
- Usage data
- Payment information
- Location data
You can see how Apple states the information it collects by categories. This is a good option if your website or app collects a large amount of data from its users and collects different types of data:
Regardless of how you draft your clause, it is necessary that you include the types of information collected.
Where the Information is Collected From
Another key section you should include in your clause is information detailing where the information is collected from. Some websites will have a separate section for this information, but you can include it in your "what information is collected" portion as well.
Privacy laws require that users must be notified of how and from where their information is collected. This can be whether your website collects it through cookies, sign-up forms, or third-parties. No matter where you collect the data from, it must be disclosed.
At the beginning of Apple's data collection clause, it includes a short statement of where and when the information may be collected before providing a list of the data.
Websites can go into further detail even more by stating how the information is collected, whether it is collected automatically, voluntarily given, or from other parties. The more specific you are, the more helpful and informative it will be for users who wish to know.
If your website or app offers different types of accounts, such as personal or professional, and if the information that is collected may be different between the two, you should state what those differences would be.
Since Twitter includes both personal and professional accounts, it states in its "Basic Account Information" that a personal account may collect a username and password, whereas a professional account may require a street address, cell phone, and even more information:
If your website will collect the information from third-parties, such as social media platforms, or cookies, make sure to include this in your clause as well.
Remember there is no one way to write a "What Information Do We Collect" clause. Tailor your clause to what information your website collects and what types of services you provide, and for your unique aesthetic.
Privacy laws vary and may require different things. However, most require that you state what types or categories of information that you collect, where it is collected from, and that you do this in clear and understandable language.
Not only will consumers like to see this clause, thus increasing your trustworthiness, but it will also help you comply with privacy laws around the world that require that this information be disclosed.