Global privacy laws vary from country to country, and generally apply to any business that collects data from users who are residents of the location where the law was created.
That means that even if your business is based in the United States, if you collect personal information from users who live in the European Union (EU), then the EU's privacy legislation will still apply to your business.
For example, although Volkswagen is a company based in Germany, it still includes information in its Privacy Statement about California's Privacy Rights. This is a good move for any business that expects to have consumers from around the world:
The GDPR is the EU's privacy and security law. It applies to any business that collects personal data from users based in the EU. Those who are found to be in violation of the GDPR are subject to steep financial penalties.
The CCPA is legislation that ensures privacy rights for all consumers based in California, and requires that businesses inform users of their privacy practices.
PIPEDA is Canada's privacy law which was created to protect individuals' personal data. PIPEDA requires businesses to inform users of how and why they collect personal information, and enables users to access that information.
Personal information can encompass a wide range of data, including but not limited to contact information, social security and driver's license numbers, IP addresses and web-browsing behavior as captured by cookies, and even some encrypted data.
Whether it's straightforward data like names and email addresses, or more sophisticated statistics such as the kind gathered through analytics, it's important to be aware of what kind of personal information you gather from your users.
Third party sharing can occur when your business (second party) shares information from your customers (first party) with another organization (third party). Third party sharing might take place when you use another company to provide security, analytics, or Customer Relationships Management (CRM) services.
J.K. Rowling's website offers a simplified version of a third party clause, covering legal bases in case of sale of any part of her business as well as informing users of her obligation to keep her business safe through the use of third party security:
Letting customers know how you use their personal information is great for both legal and transparency reasons. People want to know what you plan on doing with their data, and assuring them of your purposes for collecting their information goes a long way in building consumer trust.
If your business is product based, you might gather personal information for shipping information, or you could use the data you collect to improve customer service strategies. In any case, it's important to let your users know what you intend to do with their data.
The Privacy Notice for Whole Foods contains both a link to an email address created specifically to handle privacy concerns as well as a link to a customer service form that allows users to contact Whole Foods via telephone or online chat:
When a user creates an online account on Sam's Clubs' website, they are given the option to click on several different privacy-related links in the footer of the sign-up page. Another way to provide this information would be through a checkbox within the actual sign-up form:
Adding these selections to your business emails is an excellent way to make sure that your clientele is both informed and willing to receive communications from you.
You can facilitate this process through the use of sign-up forms or pop-up forms placed at strategic locations throughout your site.