Eyeweb

01482 628830

hello@eyeweb.co.uk

Privacy and Cookie Policies on Websites

What are the primary legal requirements every website or app must follow?

All websites and apps have a thing in common: the online privacy laws, including GDPR and Cookie law in Europe, the CCPA in California, and the LGPD in Brazil. As a professional with a web-based platform, you must ensure your clients and visitors websites and apps meet the requirements of these laws. In doing so, you avoid liabilities towards end customers. Furthermore, this increases the client's trust in your product and service. As software developers, we take these measures seriously and implement them as a guaranteed compliance measure into all our work.

Every Website or App Needs and Privacy and Cookie Policy

By law, every website or app is required to collect data and must maintain an up-to-date privacy policy. This policy should always accurately reflect the data processing activities carried out on the website or app. It is a requirement that we inform our clients that having a Privacy policy is a legal requirement. However, as the industry expert, we will happily provide details and input into which data processing activities should be included in the privacy policy. A privacy policy has four main requirements: It should be custom made according to the legal requirements in force, not based on a template or copy and pasted. It should include information about third parties who may also have the data shared with them. It should also be easily accessible and available in all languages. Finally, the privacy policy should also include a cookie policy, which is mandatory if your clients' run cookies and have users from the EU.

Collect Cookie Consent from EU Users

The cookie law also requires a cookie banner to prompt users to provide their informed consent before installing the profiling cookies, and this is in addition to the cookie policy. We inform our clients who have EU users to display a cookie banner on their site and highlight that it is mandatory to implement a technical cookie management solution, which blocks codes that may install non-exempt cookies unless the user has provided consent. There are four main requirements for the cookie banner mentioned earlier. First, the cookie banner should briefly explain the purpose of cookie installation, including a link to the cookie policy and state the action that signifies consent. The cookie banner allows for explicit and informed consent with a clear call to action that cannot be misinterpreted. Third, the cookies remember the users' preferences for a set period, meaning returning users are not repeatedly asked for their consent. This implements prior blocking of codes that install profiling cookies unless consent is provided.

Collect GDPR Consent and Document opt Ins for EU Users

The General Data Protection Regulation states that online businesses that have EU users must collect freely given, specific, explicit, and informed consent from them. We can help our clients by informing them that in addition to collecting consent in line with the GDPR requirement, they must also demonstrate proof of this consent through detailed records. Clients must be aware that valid consent records should include specific information typically not found in website logs. There are three main GDPR consent requirements, one of which mandates informed and explicit consent via a clear opt-in call to action. Clients must demonstrate proof that this consent has been provided, and valid proof of consent records should contain specific information about the conditions in which the permission was obtained.

Apply CCPA Requirements to Protect California Users

The California Consumer Privacy Act requires websites to display a notice informing users that their data might be collected and sold to other parties and their right to opt out of this. We help our clients with Californian users by informing them that the CCPA applies to them, even if the business is not located in California. However, we also communicate to our clients what the CCPA considers a sale of personal data. A sale can happen if clients use analytics tools involving transfers of data exchange for value. This does not need to involve money to be considered a sale. There are four main CCPA requirements. One of which mandates a notice informing users that their information might be collected and sold to third parties. However, they have the right to opt out at any time. One of the requirements is the facilitation of users opting out through a Do Not Sell My Information link on the website or privacy policy. In addition, it requires records of the opt-out details, such as particular users, the date, and sub-contractors, to be notified of opt-out cases and the forbidding of contacting opted-out users for a minimum of one year after the request opt-out has been made.

Protect Websites and Apps with A Terms and Conditions Document

Privacy laws do not mandate the terms and conditions document, but it is fundamental in establishing the relationship between a service provider and its users, as it sets out the legally binding rules about how the website or app may be used. Ensuring that the client has a terms and conditions document is crucial to protect the client from potential liabilities. A terms and conditions document also covers users' content from copyright infringement. The four main requirements of the terms and conditions document contain copyright clauses, disclaimers, and terms of sale and list the mandatory consumer protection clauses defined by government law. The document must be customised and not based on a template or copied from another location. The terms and conditions document should be available to the user before using a service or completing a purchase. In addition to this, eCommerce websites must have return, withdrawal, or cancellation policies as well.