Privacy Policies are Required by Law
Privacy laws vary around the globe, and your website or app must abide by the regulations based on the location of your business, your targeted audience, and where you conduct business.
As data collection and processing becomes more ubiquitous across the internet, privacy laws in the US and around the world set strict requirements for privacy policies.
The General Data Privacy Regulation (GDPR)
Your business must comply with the GDPR if it targets EU consumers and meets one of the following thresholds:
It’s important to note that different privacy laws use unique definitions for personal information, each with slight variations in meaning.
The penalties for GDPR non-compliance are fines of up to 4% of your annual global turnover or €24 million ($23 million), whatever is highest.
The California Consumer Protection Act (CCPA)
Under the law, you must inform users about the personal data you collect and how it’s processed.
The text of the CCPA defines personal data similarly to the GDPR but excludes publicly available information, like social media posts.
You must also provide a way for consumers to opt out of the sale of their data.
The penalties for CCPA non-compliance are fines of $2,5000 per violation or $7,500 per intentional violation.