The Federal Trade Commission (FTC) is the main body regulating privacy policies in the United States, but these laws are complex and vary depending on state laws and the nature and means of data collection. While laws are relaxed in certain states, other regions, such as California, have strict laws requiring all owners of commercial websites to include a privacy policy in order to alert visitors to the use of cookies. Website operators living in the US should therefore take care to ensure that their site is in accordance with their respective state’s laws. For those regions and sectors that require website operators to incorporate a privacy policy, the FTC requires that the information given is accurate and unambiguous and includes details of both the technical and personal data being collected.
Social plugins affect users’ privacy, so websites that use social media buttons need to wise up to their correct usage. The current legal situation means that misleading or erroneous privacy notices can result in cease and desist orders, fines, or even serious legal action. Therefore, users must be informed when accessing any website that collects personal data from consumers for advertising, commercial purposes, or creating user profiles. Above all, this ruling applies to e-commerce and online shops, as websites of this kind are required to provide comprehensive information regarding terms and conditions and returns policies.
Personal data isn’t only taken from online shops, however; cookies may well be used on other sites for other purposes, such as the fulfilment of a contractual relationship or media usage). If your region or sector requires you to include a privacy policy and you have a clear and legal purpose for collecting personal data on your website, you must display the information clearly. Before you can begin to collect data, users must be aware of the scope and nature of the data usage and explicitly give their consent to the collection of cookies. One way of obtaining the user’s consent, for example, is using the double opt-in process for a newsletter subscription. This process involves users clicking on a link sent to them via e-mail to confirm their permission to share their data. If the website operator provides no privacy policy notice, they are putting themselves at risk of legal action.