Does My Website Need a Privacy Policy? Everything You Need to Know

July 11, 2021
8 Min Read

There are some really fun and creative aspects of running a website, especially if you are just starting up a new business and showcasing your talents online. Then, there are some boring and undesirable aspects, many of which go unnoticed by customers, but are essential to your success.

Legal documents, including contracts and tax forms, are not what most people see as fun things to deal with. Without them, though, you are toast.

Therefore, if you have a website, you should be asking, "Does my website need a privacy policy?"

In almost every case, the answer is yes.

In the article below, you'll learn about privacy policies and whether you need one for your website.

What Is a Privacy Policy?

Privacy policies are legal documents that are meant to protect both the provider and the customer. They outline exactly how data is collected from visitors to the website and explain what the data is used for.

The website administrator must follow this outlined policy, and any deviations are punishable by law. Visitors of the website automatically agree to this privacy policy by continuing to use the site. The policy must be easily accessible to everyone to read in full.

Any business that collects personal information from customers should concern itself with privacy policy laws.

Does My Website Need a Privacy Policy?

When a business runs a website, there is almost always at least one way they collect potential and current customer information. Many popular website builders allow you to easily add in contact forms and widgets that collect names, addresses, phone numbers, email addresses, and more.

It is a good marketing and sales practice to gather website visitor information and use it to inform your marketing tactics and increase sales. If you aren't doing that, then maybe you don't need a privacy policy, but you should reconsider.

Here are some common practices that business websites use that will require privacy policies:

  1. Asking people to sign up for emails
  2. Offering discounts and coupons in exchange for phone numbers and email addresses
  3. Including name and contact information boxes in contact forms
  4. Creating sales funnels that ask for email addresses
  5. Offering digital products that require contact information for download
  6. Selling any product through e-commerce

If you are using any of these techniques on your site, or any other tactic that collects personal information, you are required to list a privacy policy on your site.

Some other reasons you may require a privacy policy are if you use third-party websites and widgets, use cookies, and display advertisements. Often, third-party websites and advertisers will require that you have a privacy policy before you initiate a partnership with them, anyway.

Do I Need A Privacy Policy

Privacy Policy Laws

Depending on the place that your business is based, and the countries that your website is available to view, you will need to know and follow the laws of those areas. In general, privacy policy laws protect personal information, but there are intricacies about how it's done.

The types of personal information that a privacy policy protects are:

  • Names
  • Social security numbers
  • Dates of birth
  • Addresses
  • Phone numbers
  • Email addresses
  • Bank details

It is very common for businesses to collect this type of information in contact forms, subscription sign-ups, account registrations, and shopping carts during check-out.

Federal Law

The United States has a long history of placing laws that protect personal information. The Privacy Act of 1974 placed restrictions on how government agencies could collect and use personal data. In the '90s, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Gramm–Leach–Bliley Act (GLBA) laws protected health and financial information.

In 2000, the Children's Online Privacy Protection Act set out to protect the personal information of any child 12 years old and younger.

It is important to understand the various laws that protect personal information and apply that knowledge to your business practice. For example, you should be aware of protections for younger children, and not attempt to extract and disseminate customer information about finances or health unless you are legally allowed.

State Law

When it comes to privacy laws in the United States, federal law may have basic requirements, but you will need to follow the strictest laws put out by the states. You want everyone to be able to access your site, even if they are out of state.

In the case of the U.S., California has the strictest privacy policies in the country. Anyone who collects information from California residents is subject to California law and the California Online Privacy Protection Act of 2003 (CalOPPA). This means that it is highly advisable to use California law as a guideline for your privacy policy.


The law may be strict, but it is fairly simple to follow when creating your privacy policy.

To begin, privacy policies must be clearly visible and accessible. You cannot attempt to hide them in any way, whether it is by making the color or font hard to read or making it difficult to find or access the link. The link to your privacy policy also must include the word "Privacy."

All of the personal information that the law covers includes:

  • First and last names
  • Phone numbers
  • Email addresses
  • Physical addresses
  • Birth dates
  • Social Security numbers
  • Any contact information shared online or physically
  • Any information stored online that could potentially identify a person

To comply with CalOPPA, your policy must include:

  • Exactly what types of data you collect, and how you use that collected data
  • Explanation of how users can request amendments to personal data collected by you
  • Any affiliated organizations that you share data with
  • Details about the third parties who use your website or app to collect data
  • The date that the privacy policy goes into effect
  • How you will inform users of policy changes
  • A "Do Not Track" clause and the ramifications of users making a "Do Not Track" request

Do Not Track Clauses

A "Do Not Track" (DNT) clause is a way that users can request to block behavioral tracking from other services that are affiliated with your site, including Google Ads.

It is mandatory to include a DNT clause for privacy policies, but the surprise is that even California law does not require businesses to honor a DNT request. The only required action is that you include a section explaining how you will respond to DNT requests.

For example, all you need to do is include a paragraph explaining that you will not honor DNT requests, and users can follow a link or contact you for further information.

International Law

If your website is or ever will be pulling in international traffic, you will need to consider international laws as well. For example, the European Union has a similar stance to California in that any website that operates out of the European Union or does business with EU residents must comply with EU law.

The EU has the General Data Protection Regulation (GDPR) law, which regulates data gathering and handling and protects it from misuse.

To begin, you are required to have and display a privacy policy. Some other regulations are as follows:

  • Data must be collected and processed in an ethical manner, only to be collected and used for predetermined reasons
  • Users can request that data be updated for accuracy
  • Businesses must make sure they follow GDPR law consistently and advise users of their 8 rights protected by the GDPR
  • The Data Protection Officer or another contact of the business collecting data must be accessible to users and is responsible for handling complaints
  • Businesses must make users aware of the reasons for data collection, and the length of time it will be kept, as well as who the data will be shared with

The GDPR requires that your policy obtains active consent from users before you begin collecting any data.

The UK, Canada, Australia, and other countries all have their own forms of privacy policy regulations. While they all have their own unique aspects, the general idea is the same.

To keep yourself legally protected and to be able to collect data from all users, it is best to cover all of your bases.

Cookie Consent

If you offer someone a cookie, they are almost definitely going to take it; however, in the world of data, cookies get a bad reputation. Almost every website you visit now has popups that ask for your consent to track your cookies.

These popups can be annoying, but they are legally necessary. Websites are required to actively seek your consent to place cookies on your device. As the user, you must check a box or click a button that affirms your consent before a business can use cookies.

A cookie consent box must provide information or a link to information for users to understand what types of cookies are being used, including from third parties, why, and how you place them on devices.

How to Write Up a Privacy Policy

There are many free services you can use that will allow you to input information about your business, and your use of data to generate a policy. Each business will have a unique policy according to its practices, but in general, you can follow a template.

At the very least, your policy should follow this format:

  • Official business name and contact information
  • Each type of personal information you collect with an explanation of how you collect it
  • Your reasons for collecting each type of data
  • How you use each type of data
  • Which third parties you share data with and how
  • How a user can opt-out of data collection and request a copy of any data already collected

Once you have written out all of that information, you should check with local laws to add in any extra information that is required. Then you should check with all of your third-party affiliated to make sure you are following their policies as well.

Making Your Website Ready for Users

The web design trends you see on social media mainly focus on animation, videos, and eye-catching colors. While these efforts are great for drawing new customers in, you won't be able to legally or ethically run your website until you make some other changes.

If you have taken the time to generate a privacy policy and have posted it on your website, you have taken a huge first step towards making your practices transparent and your website ethical. You have also made a great decision in protecting yourself legally.

What other legal documents and processes should you have in place to make your website is ready for users?

Does My Website Need Terms and Conditions?

Along with a privacy policy and informed consent for cookies, you may need to include a terms and conditions document. Terms and conditions pages are not required by law, but they go hand-in-hand nicely with your privacy policy.

A terms and conditions page outlines how your website is to be used. It acts as a contract between you and the user that could be used in the court of law in cases of disputes or crimes.

A terms and conditions page could:

  • Limit your liability in a lawsuit
  • Protect your website's content
  • Set the governing law that would handle legal issues

If you are including a terms and conditions page for your site, you would include your privacy policy within it.

The bottom line is that you are limiting your liability for any errors in your content or offensive content posted on your site. You are also protecting your rights to your own content.

It is up to you if those protections are important enough to bother writing one up!

Do I Need A Terms and Conditions

Website Accessibility

Having an accessible website means that all users can experience and enjoy your content and become valuable customers. Unfortunately, not many businesses take this seriously and lose out on a large customer base.

You can achieve an accessible website by using a content management system that supports accessibility. You should correctly use the tools to create content that your system can manipulate properly and easily. This means using headers correctly and including great alt text for images.

There are many ways to ensure your website is functional and everyone can use it. Speaking to a professional web designer will ensure the accessibility of your website is perfect.

Give Your Site a Refresh

No more questions like "Does my website need a privacy policy?" It is time to make sure your business's website is accessible, ethical, attractive, and legally protected. An experienced web design professional can take care of all of the details so you can focus on running your business.

Contact Design Epicenter to get started on your new website today!


The information provided in the article is offered purely for informational purposes and should not be relied upon as legal advice. We intend to make every attempt to keep this information current. We do not promise or guarantee, however, that the information is correct, complete or up-to-date, and internet subscribers and online readers should not act based upon this information without seeking professional counsel from an attorney admitted to practice in your location.

Photo of Brian Love, founder of Design Epicenter
Brian Love
Founder, Design Epicenter

Is Your Website Ready For A Shake-Up

At Design Epicenter, our mission is to help our clients grow their business online. We believe that your success is our success. If you are ready to take your website to next level, click the link below to schedule your free consultation call to see how we can help you with your website.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.