Why do you need a Privacy Policy and Terms of Use?

If you have an online presence or offer a mobile application (app), you should have an effective Privacy Policy and Terms of Use in place to protect your rights and comply with applicable privacy and consumer protection laws.

A Privacy Policy and Terms of Use provides appropriate flexibility for your operations, limits the risks relating to your operations, and increases customer and stakeholder confidence. A failure to have an appropriate Privacy Policy and Terms of Use can lead to significant financial and reputational consequences including fines, penalties, complaints and other legal actions. Here is a blog about a specific Terms of Use case in the U.S.

This blog outlines some of the key considerations that apply to websites and mobile apps.  A well-crafted document package can apply to both your website(s) and app(s) – we will call this your “platform” in this blog.

What is a Privacy Policy?

A Privacy Policy is a legal requirement for most organizations and explains the organization’s privacy practices. Typically, this includes:

  • what personal information is collected,
  • why it is being collected,
  • how the information will be used,
  • how it will be protected, and
  • who it will be shared with.

An effective Privacy Policy demonstrates to customers and visitors of your platform that you are accountable, transparent and respect the privacy of customers and/or stakeholders.

Tips for an effective Privacy Policy

Privacy Policies must be appropriately customized to the organization. Depending on the nature of your operations including how and in what jurisdictions the platform is operated, the applicable laws, requirements, and best practices for the Privacy Policy will vary. We see many situations where platforms have simply copied and pasted a policy from various sources. This is not sufficient and is often not compliant with applicable laws. It may also create additional unintended consequences (for example, copyright infringement claims from competitors). Instead, we recommend that you conduct a careful review to ensure that your Privacy Policy satisfies applicable laws and best practices, it may save you significant costs later.

Individuals should be aware of key privacy practices and know how to access and control their personal information. The type of information will depend on your practices but the policy should be transparent about what you do with information and why, how individuals can access and update their information, who to contact regarding privacy inquiries and complaints, and explain how updates to the policy will be managed.

You should regularly review and update Privacy Policies to reflect changes in privacy laws and best practices. Updating a Privacy Policy when changes in laws and operations occur is critical to being transparent and obtaining meaningful consent for the collection of personal information.

Privacy Policies must reflect your platform functions. If your platform includes analytics, cookies, e-commerce or other functions, there are often specific requirements for wording to be included for users and visitors based on contractual or statutory requirements – these need to be reviewed on a case-by-case basis.

Privacy Policies should be user-friendly. They should be easy to understand and navigate and readily accessible to users and visitors. The information contained in a Privacy Policy should be specific to your operations and easy to understand. The policy should make clear what type of information is collected, the purpose it is used for, and who the information may be disclosed to.

You should appropriately implement your Privacy Policy. Having a Privacy Policy is not sufficient in and of itself; implementing the policy appropriately is critical. Individuals should be clearly aware of and be required to acknowledge or consent to the Privacy Policy wherever possible. Internally, you must also have a good privacy compliance program to support your privacy practices including, for example, staff and contractor confidentiality agreements, employee training, etc. Your privacy compliance program will depend on your operations, and a review should be conducted to assess what is required for your operations.

What are Terms of Use?

Terms of Use set out the terms, conditions, requirements, and rules regarding the use of a platform. An organization’s Terms of Use serves an important function – including to protect you from abuses of the platform and to limit your liability. Essentially, the Terms of Use lay out the ground rules for dealing with issues that may arise with a user or visitor of the platform. These are particularly crucial if you have important intellectual property on your platform (which is most platforms!).

Tips for an effective Terms of Use

Terms of Use should establish customized rules or limits of use for the platform. Terms of Use can lay out prohibited conduct and establish the obligations of the user or visitor. Typically, this would include terms regarding abiding by applicable laws, terms relating to cybersecurity, unauthorized use of materials, and other terms unique to the platform.

Terms of Use should appropriately assign risks. Terms of Use should clearly specify who will be responsible for risks relating to use of the platform and contain clear contractual terms in order to be enforceable.

Terms of Use should outline notice of platform interruptions and updates. Platforms periodically incur shutdowns, whether intentional or not. Terms of Use should give the user notice of these possibilities and outline a policy to notify the user of outages. Including contact information for technical support may be useful in the event that the user needs to report an issue with the platform.

Terms of Use should include information on intellectual property. Rules regarding intellectual property protect the content of the platform from wrongful use and put you in control of how your content can be reproduced and used.

Individuals should explicitly agree to the Terms of Use. Terms of Use should require a positive action, such as checking a box or clicking “I agree.” Organizations should always require individuals to positively consent to the Terms of Use.

Conclusion

When it comes to Privacy Policies and Terms of Use, you need a customized document that addresses your unique platform and operations. You should continue to update your Privacy Policy and Terms of Use to reflect changing business practices, laws, and expectations from customers.

MLT Aikins offers fixed-price packages, including discounts for non-profit organizations, for developing a Privacy Policy and Terms of Use. If you require assistance with creating or reviewing your Privacy Policy or Terms of Use, please contact us for more information.

Note: This article is of a general nature only. Laws and government programs may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.