Running a podcast is hard work: you need to find guests, come up with a script, schedule recordings, promote your podcast, and much more. If you have a website for your podcast, you may be wondering: do podcasts need a Privacy Policy? The truth is that podcasts are not exempt from privacy laws and most podcast websites collect Personally Identifiable Information (PII). Thus, chances are that your podcast does need to have a comprehensive and up to date Privacy Policy to avoid privacy law non-compliance and fines and lawsuits. In this article, we’ll discuss why podcasts need a Privacy Policy, including how podcasts collect PII, what privacy laws can apply to them and where podcasts can obtain comprehensive policies.
Table of Contents
Do podcasts collect PII?
Privacy laws can start applying to your podcast as soon as you collect PII so it is important to first determine whether you actually collect PII so that you may determine what privacy laws apply to you and your podcast. PII is generally defined as any information that could identify a particular person or any information related to a particular person. Examples of PII include names, email addresses, phone numbers, physical addresses, IP addresses or device identifiers.
If you have a website for your podcast, chances are that you are probably collecting PII through any of the following features:
- Email newsletter subscription forms;
- Contact forms;
- Guest inquiry forms;
- Sponsorship forms;
- Analytics features (including Google Analytics and podcast-specific analytics);
- Advertising features (such as Facebook or Google Pixels).
If you do not have a website for your podcast and are instead just hosting the podcast on a platform such as Apple Podcasts, you should be aware of the fact that you are still collecting PII. For example, do you have a spreadsheet that includes the names and email addresses of individuals who you will be interviewing for your podcast? This would mean that you are still collecting PII, even if you do not have a website. In addition, when people listen to your podcast through apps such as Apple Podcasts or Spotify, you will receive PII such as the IP address about your audience from those platforms, meaning that you will still be collecting and handling PII, causing your podcast to need a Privacy Policy.
Do podcasts need a Privacy Policy?
Generally speaking, anyone collecting PII needs to have a Privacy Policy because PII is governed and protected by privacy laws. After you have determined that you do collect PII, the next step is to determine what privacy laws apply to you. Privacy laws were enacted to protect individuals, and not organizations and, due to the broad nature of the Internet (i.e. anyone can submit their PII online), your location is usually not indicative as to whether a particular privacy law will apply to you.
To determine what privacy laws apply to you, you should ask yourself the following questions:
- Who can submit their PII to your podcast?
- Who is tracked as they listen to your podcast?
- Where is your podcast available?
- To whom do you offer the podcasting service?
For example, if you collect the PII of residents of California, the California Online Privacy and Protection Act (CalOPPA) can apply to you. Or, if you collect the PII of residents of Nevada and do business in that state, then Nevada Revised Statutes Chapter 603A can apply to you.
At this point, you may be thinking that since you have a podcast, that you are not actually “doing business” in any states or countries. However, while some privacy laws regulate individuals who operate a website for any purpose (including a podcasting website), others regulate those who operate the website for a commercial purpose. A commercial purpose is a way to advance commercial or economic interests such as by asking an individual to buy or subscribe to a particular product, good, or service. Many podcasts have a commercial purpose such as:
- Asking individuals to subscribe to your podcast to get access to new episodes prior to them being released to a non-paying audience;
- Selling podcast swag such as t-shirts, mugs, or hats;
- Inputting affiliate links to podcast descriptions where you receive a commission anytime someone purchases certain products;
- Selling sponsorship slots or advertisements within your podcast episodes.
If your podcast does not have a commercial purpose, then you still need to be aware of the fact that certain privacy laws such as GDPR, UK DPA or Quebec Law 25, can still apply to your podcast, requiring you to have a Privacy Policy. In addition, you should also be aware that certain privacy laws can apply to podcasts regardless of their size and you do not need to make a certain amount of money or have a certain number of listeners for certain privacy laws to apply to you.
What should your podcast Privacy Policy include?
While some think that a Privacy Policy includes random information or legalese, this is actually not true as privacy laws dictate the specific disclosures that your Privacy Policy needs to contain. Thus, you can only know the disclosures that your Privacy Policy has to include after you have determined what privacy laws apply to you.
Due to the fact that each privacy law has its own set of disclosure requirements, it is important that you do not get caught in the trap of creating a Privacy Policy for the most stringent privacy law. For example, many think that a GDPR compliant Privacy Policy will cover all other privacy laws. However, this is simply not true. For example, GDPR does not require you to disclose how your website responds to Do Not Track signals while CalOPPA does. Or, many US-based privacy laws require you to disclose how consumers can opt out of sales of their personal information (whether or not you actually sell that information), while GDPR does not require this disclosure.
In addition, you should ensure that you update your Privacy Policy as new legislation is passed. For example, in 2024, three new privacy laws are going into effect, each with their own Privacy Policy disclosure requirements. In addition, more than a dozen states have proposed their own privacy bills and countries such as the United Kingdom and Australia are considering updating their privacy laws, all of which would impact Privacy Policies. Thus, you should not just have a Privacy Policy that complies with the privacy laws that apply to you today, but you should also have a strategy to keep that Privacy Policy up to date with changing requirements.
Where can podcasters obtain a Privacy Policy?
Now that you know the answer to the question of “do podcasts need a Privacy Policy”, you may be wondering where you can get one. The best option to get a comprehensive and up to date Privacy Policy is to hire a privacy attorney to write one and keep it up to date with changing legislation. However, this can cost thousands of dollars per year and many podcasts are too small to afford this large cost.
An alternative to hiring a privacy attorney is to use a Privacy Policy generator. A Privacy Policy generator is a tool that asks you a series of questions to first determine what privacy laws apply to you and questions that will help the generator create the disclosures required by those privacy laws. Since a generator is a tool, you should keep in mind that unlike an attorney, generators cannot provide you with legal advice. When selecting the right generator for you, make sure to research who is behind the generator (do they have a privacy attorney on staff?), their pricing (do they trick you into believing that the policies are free and then foot you with a large bill once you are done answering all questions?), their comprehensiveness (do they have a privacy law identifier?) and whether they update their policies prior to the laws’ effective dates (or after?). If you do not currently have a Privacy Policy or do not have a strategy to keep it up to date with changing privacy laws, check out the Termageddon Privacy Policy generator which not only helps you identify what privacy laws apply to you, it helps you create a comprehensive Privacy Policy and can even automatically update your policy with newly required disclosures as legislation changes.