• October 2019
    M T W T F S S
    « Sep    

Data Privacy Law, Data Protection, and Implications for Your Business

lawtrades privacy policy website

Data protection and privacy law are critical matters because personal data is lucrative. Even if your startup does not plan to profit directly from personal data, you will almost certainly have to collect and use data to conduct your business. Much of this data will be considered personal data – and affect your legal obligations accordingly. And Google’s own insistence on websites making plain such policies constitutes something of a data privacy law in itself, in effect, insofar as most businesses depend on the search engine for much if not most or even all of their sales leads.


The Data Privacy Law Landscape in the US: The Skim

The United States does not have a uniform regulatory system with regard to data protection laws, which constitute a patchwork of state and federal laws and regulations. The primary mechanism of regulation is the Federal Trade Commission Act, which prohibits unfair and deceptive business practices. The Federal Trade Commission (FTC) holds that companies that do not have a stated privacy policy on their website are engaging in deceptive business practices. This privacy policy requirement might be the most salient aspect of US data privacy law. In addition to this, there are detailed laws and regulations dealing with the protection of consumers’ financial and medical information (The Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act).


Privacy Policy

Most data protection laws, regardless of jurisdiction, require that notice be provided to users about the ways in which their data is being used, and which data is being collected. As a general rule, this notice should be provided at the time of data collection. In the EU, it is also required that users be notified about their rights with respect to their data. In terms of the newly enacted GDPR, these rights include the right to be forgotten – a user must be able to request that you delete all record and data related to him/her, and you must be able to comply.

Providing a privacy notice that covers these basics is the first important obligation under most data protection and data privacy laws, but it might not be the only one. Other obligations that are frequently imposed is to provide notice about the use of cookies or other tracking technologies (even if no personal data is collected by those technologies). Something else that is important to remember is that the purpose of the privacy policy is transparency: for this reason, you might have to translate your notice into local languages – depending on the jurisdiction.


Personal Data

It is important to note that differences between jurisdictions do not only pertain to the rules regarding how personal data must be protected, but also the definition of personal data. For example, monitoring information (e.g.: gathered employee-monitoring services) is considered personal data in the EU, but not the US. Some data privacy laws applies only to “controllers” of data within their jurisdiction. This means that you won’t have to comply if your business does not operate there. In other cases, such as with the GDPR, data privacy laws applies if you collect personal data from users in that jurisdiction, regardless of where you operate.


Internet privacy lawyers

A well-crafted privacy policy is something that all online businesses should have. For online businesses, drafting and implementing a privacy policy takes planning and foresight. A privacy policy should be drafted in a way that creates transparency and confidence in your site. It’s crucial for businesses to follow their policy by enforcing security measures to protect their users’ data. If a business fails to follow its privacy policy then they may face lawsuits, legal fees, and/or fines. An internet privacy policy lawyer can help.