Table of Contents
Failure to provide the required disclosures may result in being fined or even sued for privacy law non-compliance.
It is also important to understand that privacy laws do not care where your business is located. Rather, privacy laws are intended to protect the residents or citizens of a particular state, country or continent. So if your website collects personal information from people from various states or countries, you may need to comply with multiple privacy laws and provide the specific disclosures required under each one.
Simple Privacy Policies may leave the business looking less trustworthy. More and more consumers that have privacy rights are aware of their rights. If you fail to provide the disclosures under the privacy laws that give users these rights, this may discourage consumers in trusting the legitimacy and trustworthiness of your business.
Unfortunately, both of these assumptions are wrong and can lead to non-compliance related penalties.
Privacy laws from other states or countries can apply to your business regardless of your location. It is important to understand that governments create and enforce privacy laws to protect its people, and not a single privacy law cares about where your business is located. For example, if you are located in the US but use Google Analytics to track your website visitors, and you collect/track residents of the European Union, then the EU’s privacy law, GDPR, applies to you. This means that you need to provide specific disclosures required by that particular privacy law as well as all other laws that apply to you. Simply put, privacy laws are broad reaching in nature and may require you to make disclosures even if your business isn’t located in that state or country.
Just because you do business in California does not mean you are forced to comply with CCPA. California clearly laid out who CCPA applies to within their privacy law. If you do not meet these business requirements, then you are not required to comply with this privacy law.
2. Templates do not comply with all privacy laws.
4. Penalties for privacy non-compliance are large
Penalties for privacy law non-compliance are significant, whether you are a well established business or a brand new startup. And because a website may collect personal information from people all over the world, penalties could come from different jurisdictions.
Fines can exceed €20,000,000 euros for GDPR non-compliance. In the European Union, fines for collecting the personal information of residents of the EU without proper consent can go beyond €20,000,000 euros. You can review the GDPR Enforcement Tracker to see all fines being issued for GDPR non-compliance. Here, you will see how even one person companies are receiving 5-figure fines for not complying.
Chances are that a privacy attorney did not draft the template, as most privacy attorneys know that the first rule to comply with privacy laws is to identify what privacy laws apply to your business in the first place. In addition, because most privacy laws have ‘if this then that’ types of clauses, most privacy attorneys know that ‘filling in the blanks’ is not a secure way to ensure you have the proper disclosures you’re actually required to make.
When speaking with a privacy attorney, some key questions to get answered are:
- Helps you identify what privacy laws apply to your business;
- Provides notifications and automatic updates when new privacy laws pass or when existing privacy laws are amended;
- Provides detailed explanations as to what is specifically required under each privacy law;
- Was created and managed by someone experienced with privacy law.