Should you consolidate all policies onto one page?


Photo of author

Donata Stroink-Skillrud

Co-founder and President of Termageddon

Should you put all your website policies onto one page

We recently sent out a survey asking for the opinion of website developers, designers and marketers on privacy and all of the new laws and obligations that are being imposed. We asked you what questions or concerns you have about this new landscape and how it affects your industry. One of the questions that we received was “can I consolidate all policies, such as a Privacy Policy, Terms of Service and Disclaimer all onto one page?” The question makes perfect sense – usually, the links to policies are on the footer of a website along with contact information and other boring things. Even though it’s by far not the most exciting part of a website, you still want the footer to look uncluttered and beautiful. Should you include a separate link to each of these policies or have them all under one page titled “legal”? Here’s the short answer: you should have a separate link to all of the policies. 

We’re glad you asked! You need a separate page for each policy because the law said so. Article 7 of General Data Protection Regulation (GDPR) provides that when the processing of data is based on the user giving consent, you must be able to show that the user agreed to the processing of the data. This means that if you are bundling all of the policies onto one page, you will not be able to show that the user agreed to the processing of their data because they agreed to like 50,000 other things. So the user can say “oh yes, I agreed to the Terms of Service, but not to the Privacy Policy.” Also, GDPR requires you to present the request for consent in a manner that is “clearly distinguishable from other matters.” This means that if you bundle all of your policies into one place, a user will not be able to easily distinguish between all of your requests and thus you will infringe on GDPR. Here’s a screenshot of the actual text in case you don’t believe us.

Article 7 of GDPR: Conditions of consent actual text

What if GDPR doesn’t apply to you? Can you then bundle all of those policies together? Heck no! Let’s visit the California Online Privacy Protection Act of 2003, which states that you must “conspicuously post” the Privacy Policy. How do you “conspicuously post” a Privacy Policy onto your clients’ website? Have an icon that hyperlinks to a web page on which the Privacy Policy is posted on the home page and have the icon contain the word “Privacy”. This also includes having a hyperlink. Here’s a copy of the text of CalOPPA that describes “conspicuously post”. 

Text of CalOPPA

GDPR and CalOPPA are just two examples of this as well. More laws have been passed that also require this consolidation — with additional privacy bills in the work claiming the same thing.

So here you go! You should not consolidate all policies such as a Privacy Policy, Terms of Service and Disclaimer all onto one web page. 

Protect yo’ self, 

Team Termageddon

Photo of author
About the Author
Donata Stroink-Skillrud

Donata is the Co-founder and President of Termageddon and a licensed attorney and Certified Information Privacy Professional. She serves as the Vice-Chair of the American Bar Association's ePrivacy Committee and the Chair of the Chicago Chapter of the International Association of Privacy Professionals.

Search the Site
Popular Articles
Browse by Category

Comparing Policy Generators

Cookie Consent Banner

Cookie Policy




How To's

Privacy Policy

Terms of Service

Subscribe for Updates