Attorney-level compliance solution
The world is more dependent on digital communications for products and services. Data privacy has become a top priority for many countries and they have put in place robust and enforceable data regulations .
In most cases, non-compliance with these regulations can not only lead to major financial consequences, but it can also lead to significant and lasting damage to public trust and the reputation of your organization. It is, therefore, important to ensure that your business meets its legal obligations.
This privacy information must be up-to-date, understandable, unambiguous, and easily accessible throughout the website or app. Some component requirements may vary based on the type of processing activity, region, user age or business type. It is, therefore, worth noting that in addition to the general points outlined here, you may have further responsibilities depending on your law of reference.
In general, users need to be informed of:
You may be further responsible for making additional disclosures to users, third-parties and the supervisory authority depending on your law of reference.
Consent refers to the informed voluntary agreement of an individual to engage in a particular event or process. Users need to be able to decline, withdraw or give (depending on the regional law) consent.
Determining your law of reference
In the US, there is no single comprehensive national body of data regulations; there are, however, various laws on a state level as well as industry guidelines and specific federal laws in place. Since online site/app activity is rarely limited to just one state, it’s always best to adhere to the strictest applicable regulations. With this in mind, the most robust data law framework is implemented by the state of California. The California Online Privacy Protection Act (CalOPPA), implemented in 2004, was the first state law to make privacy policies mandatory and it applies to person or company whose website/app processes the personal data of California residents.
In addition to the generally required disclosures above, CalOPPA also requires that you:
If your service is knowingly collecting, using, or disclosing personal information from children under 13, then special regulations apply to those data processing activities. Children’s Online Privacy Protection Act (COPPA) is a US federal law implemented to better protect the personal data and rights of children under 13 years of age. Under this law, if you operate a website or online service which is directed to children under 13, or you have actual knowledge that you’re collecting personal information from children under 13, you must give notice to parents and get their verifiable consent before collecting, using, or disclosing the information, and must keep the information collected secure. “Verifiable” here means using a method of attaining consent that is not easily faked by a child and that is demonstrably likely to be given by an adult (e.g. checking a form of government-issued ID against an applicable database).