Common Misconceptions

I created my Privacy Policy, so I’m now good to go.

Privacy Policies change as privacy laws change. There are several privacy laws scheduled to go into effect in 2024 and 2025. Websites will need to adjust their Privacy Policies in order to keep compliant with these new laws. There are also dozens of privacy bills in the US alone that, if passed, will require new disclosures by applicable website owners who would otherwise face the risk of non-compliant fines or even lawsuits.

My business is small so I don’t have to worry about Privacy Policies

Privacy laws do not care about the size of your business or, in many cases, where your business is physically located. Privacy laws are designed to help individuals protect their information and privacy.

So, if your website is collecting the data of website users located in other states or even countries, you may be required to comply with that area’s particular privacy laws. Plus, more states are currently working on their own privacy laws that will likely require their own unique set of disclosures.

By violating the privacy rights of individuals from these areas, businesses – no matter the size – could be held accountable. Fines start at $2,500 per website user, meaning small businesses could be more vulnerable to quickly-escalating fines.

I’ll just copy and paste someone else’s Privacy Policy or use a free template online

Once upon a time you’d likely be ok doing this (though it was still illegal due to copyright laws). However, today’s world takes privacy far more seriously. Fines are being issued at an ever-increasing rate and individuals are becoming more aware of how their data is being used by websites. 

Privacy Policies are very business-specific in that not every business will need to comply with the same laws. Even a close competitor will often have a very different Privacy Policy to match the privacy law disclosures if different laws apply to them.

Website policies will also need to change as the laws change, not weeks, months, or even years after. 

I just want a simple Privacy Policy

In general, having a simple Privacy Policy is indeed a very good goal to have, but you still need to ensure that the Privacy Policy has the exact disclosures you’re required to make under each applicable privacy law.  In other words, simple is great, so long as it is not missing the disclosures you were required to make by law.

I just want a simple Cookie Popup

Unfortunately, there are many non-compliant cookie popups out in the world right now, and companies utilizing these non-compliant cookie consents are the ones who are getting significant fines for doing so.  

If you offer a cookie consent popup that has just an ‘okay’ button or just an ‘accept’ button, then you are utilizing a non-compliant cookie consent tool. You must offer users clear options to deny non-essential cookies under privacy laws like GDPR, and you also must give users the ability to come back later and change their consent settings in the future as well.