We recently sent out a survey asking for the opinion of website developers, designers and marketers on privacy and all of the new laws and obligations that are being imposed. We asked you what questions or concerns you have about this new landscape and how it affects your industry. One of the questions that we received was “can I consolidate all policies, such as a Privacy Policy, Terms of Service and Disclaimer all onto one page?” The question makes perfect sense – usually, the links to policies are on the footer of a website along with contact information and other boring things. Even though it’s by far not the most exciting part of a website, you still want the footer to look uncluttered and beautiful. Should you include a separate link to each of these policies or have them all under one page titled “legal”? Here’s the short answer: you should have a separate link to all of the policies. 

We’re glad you asked! You need a separate page for each policy because the law said so. Article 7 of General Data Protection Regulation (GDPR) provides that when the processing of data is based on the user giving consent, you must be able to show that the user agreed to the processing of the data. This means that if you are bundling all of the policies onto one page, you will not be able to show that the user agreed to the processing of their data because they agreed to like 50,000 other things. So the user can say “oh yes, I agreed to the Terms of Service, but not to the Privacy Policy.” Also, GDPR requires you to present the request for consent in a manner that is “clearly distinguishable from other matters.” This means that if you bundle all of your policies into one place, a user will not be able to easily distinguish between all of your requests and thus you will infringe on GDPR. Here’s a screenshot of the actual text in case you don’t believe us.

Article 7 of GDPR: Conditions of consent actual text

What if GDPR doesn’t apply to you? Can you then bundle all of those policies together? Heck no! Let’s visit the California Online Privacy Protection Act of 2003, which states that you must “conspicuously post” the Privacy Policy. How do you “conspicuously post” a Privacy Policy onto your clients’ website? Have an icon that hyperlinks to a web page on which the Privacy Policy is posted on the home page and have the icon contain the word “Privacy”. This also includes having a hyperlink. Here’s a copy of the text of CalOPPA that describes “conspicuously post”. 

Text of CalOPPA

So here you go! You should not consolidate all policies such as a Privacy Policy, Terms of Service and Disclaimer all onto one web page. 

Protect yo’ self, 

Team Termageddon