Ecommerce – The Importance of Having a Privacy Policy

A privacy policy, also known as an information management policy, is an agreement between a website operator and a website user that determines how the operator intends to use, collect, store, share, and protect the data that the user shares through interactions with the website. Even a little more than a decade ago, some commercial websites did not have privacy policies, but now, virtually all websites have one. These policies, which should be separate from the website’s terms of use agreement, are a necessity for several different reasons.

The Policy Can Foster Transparency and Trust between Operators and Users

In connection with privacy policies, website users usually want to know two things: what information the website collects and how that information is used. Best business practices dictate that website operators let users know the answers to those two questions and let them know how to control that use.

Some websites inform users that they simply collect information for their own use, and other websites disclose that they provide that information to third parties under certain circumstances. eBay’s privacy policy, for instance, tells users that it does not “disclose your personal information to third parties for their marketing and advertising purposes” without the user’s explicit consent. The policy says eBay may share personal information to third parties when it is necessary to prevent fraud or use the eBay website’s core functions. The extended version of eBay’s reader-friendly policy could be improved by specifically informing users at what points of service the information is collected and how it is shared at each point.

A website should also update users whenever the privacy policy changes. It should let the users know when the new policy will go into effect, and it may allow users to agree to the changes, explicitly through a dialogue box or implicitly through continued use of the website.

The Policy Can Help Shield You from Legal Liability

Although there is no general federal law outlining privacy policy requirements for websites that collect information from adults, several state laws and minor-specific federal laws exist. For instance, the California Online Privacy Protection Act of 2003 (OPPA) requires that website privacy policies must contain certain information, including: “personally identifying information collected, the categories of parties with whom this personally identifying information may be shared, and the process for notifying users of material changes to the applicable privacy policy.” The Children’s Online Privacy Protection Act (COPPA) requires operators to maintain a privacy policy if the website is directed to children under the age of 13 or knowingly collects information from children under the age of 13.

Read for more for additional information regarding privacy policies, terms of use agreements, internet business, and eCommerce.

Darin M. Klemchuk is an intellectual property (IP) trial lawyer located in Dallas, Texas with significant experience enforcing patent, trademark, copyright, and trade secret rights. He is a founding partner of Klemchuk LLP. He was selected to be included in the Internet Lawyer Leadership Summit, a group of lawyers in the US focused on Internet law issues. He also practices commercial litigation and business law, social media law, and ecommerce and IP licensing.