Common Misconceptions

I created my Privacy Policy, so I’m now good to go.

Privacy Policies change as privacy laws change. In 2023 alone, there will be six new privacy laws going into effect. Once they go into effect, websites will need to adjust their Privacy Policies in order to keep compliant with these new laws. There are also dozens of privacy bills in the US alone that, if passed, will require new disclosures by applicable website owners who would otherwise face the risk of non-compliant fines or even lawsuits.

My business is small so I don’t have to worry about Privacy Policies

Privacy laws do not care about the size of your business or, in many cases, where your business is physically located. Privacy laws are designed to help individuals protect their information and privacy.

So, if your website is collecting the data of website users from states like California, Colorado, Utah, Connecticut, or Virginia, you may be required to comply with that state’s particular privacy laws. Plus, more states are currently working on their own privacy laws that will likely require their own unique set of disclosures.

If individuals from these states are being violated according to these privacy laws, every business – no matter the size – could be held accountable. Fines also start at $2,500 per website user, meaning small businesses could be more vulnerable to quickly-escalating fines.

I’ll just copy and paste someone else’s Privacy Policy or use a free template online

Once upon a time you’d likely be ok doing this (though it was still illegal). However, today’s world takes privacy far more seriously. Fines are being issued at an ever-increasing rate and individuals are becoming more aware of how their data/privacy is being used by websites. 

Privacy Policies are very business-specific in that not every business will need to comply with the same laws. Even a close competitor will often have a very different Privacy Policy to match specific third-party software they use and how they use their data internally. 

Website policies will also need to change as the laws change, not weeks, months, or even years after – like templates often do. 

I just want a simple Privacy Policy

In general, having a simple Privacy Policy is indeed a very good goal to have, but you still need to ensure that the Privacy Policy has the exact disclosures you’re required to make under each applicable privacy law.  In other words, simple is great, so long as it is not missing the disclosures you were required to make by law.

I just want a simple Cookie Popup

Unfortunately, there are many non-compliant cookie popups out in the world right now, and companies utilizing these non-compliant cookie consents are the ones who are getting dinged significant fines for doing so.  

If you offer a cookie consent popup that has just an ‘okay’ button or just an ‘accept’ button, then you are utilizing a non-compliant cookie consent tool. You must offer users clear options to deny non-essential cookies under privacy laws like GDPR, and you also must give users the ability to come back later and change their consent settings in the future as well.