Todays Blog about Privacy Policies is from Bill Hess from PixelPrivacy.com. I’ve shared some of Bill’s article before. I encourage you to check out his blog which is all about making the world of online security accessible to everyone. He prides himself in writing guides that even the non techy of us can read. Be sure to head over to Bill’s blog if you’re interested in keeping your private information just that: Private!
GDPR and Privacy Policies
After a long time in the making, Europe’s enforced the new General Data Protection Regulation (GDPR), a new privacy framework – in full effect since May 2018. The new data protection and privacy policies created a massive wave of new emails in everyone’s email inbox, stating what has changed or asking to go through your privacy settings again.
These different laws and policies that have come into effect have also made it a lot easier to find legitimate company information.
In this article, I’ll explain why and how the implementation of stricter laws and policies are also making credible company data easier to find.
Let’s get started.
Before the introduction of the GDPR, many websites didn’t tell whole story in regards to privacy in their policy statements. It was mostly legal jibber-jabber that didn’t make any sense to the average website visitor, simply because the website owner’s goal was to inoculate their business against lawsuits and fines. The less it made sense and more adaptable the text was to certain situations, the less likely its owners were risking a fine.
Privacy Policies before GDPR
Here are some examples of vague privacy policies that don’t really exist any longer under the GDPR:
LinkedIn stated it will exclusively share customer data “as reasonably necessary in order to provide our features and functionality to you.” And Facebook stated in their ad policy statement “We may use any of the non-personally identifiable attributes we have collected (including information you may have decided not to show to other users, such as your birth year or other sensitive personal information or preferences) to select the appropriate audience for those advertisements.”
This clearly indicates that these policies were written with the intention not to be read by regular visitors. As briefly mentioned above, companies sent emails to their subscribers in order to update them on new privacy and terms of service policies. Thus, privacy wasn’t making these pages complicated but the way businesses outlined their policies in extreme vague technical jibber-jabber.
For example, Facebook also stated the following:
“Facebook is part of the same company as WhatsApp and Oculus, and we explain how we share services, infrastructure and information. We also make clear that Facebook is the corporate entity that provides the Messenger and Instagram services, which now all use the same data policy. Your experience isn’t changing with any of these products.”
In short, companies describe what the overall business network looks like and what belongs to one another, making it a lot easier to find company information.
Privacy policies after GDPR
When clicking on the message, you’ll end up on the rules and policies page of Twitter. This might seem irrelevant, however, an important takeaway from this example is that, as seen on many other “Terms of Service” or privacy policies pages of other businesses, there’s a clear and easy-to-find button to get in contact with the business.
Transparency Regulation and Privacy Policies
The next aspect that comes into play is the transparency regulations for companies under stricter policies. For some companies it means that they’ll have to hire a protection offer, or a data expert. It’s beneficial simply because that means this person is always contactable and you can find legit information of a company on their site if you know they have someone like that employed.
Additionally, there are various important topics that must be included in privacy policies, one of them is “Subject access request (SAR) form and procedure.”
There are even businesses selling GDPR toolkits, tailored to assist you in creating the correct form, which as explained, contains the contact form. That means that every business that stores or processes European customer data is compelled to state their contact details on their website. This is extremely helpful for people who want to contact businesses without a real privacy inquiry but rather want to contact a business for other reasons.