Iubenda logo
Start generating


Table of Contents

Why are there so many privacy policy updates?

If it appears that everyone is updating their privacy policies, it’s because it is true, and perhaps you should be too! Stick around to find out why there are so many privacy policy updates and how you can update yours, too!

Privacy policy updates

Why do I need to update my privacy policy?

Like most things nowadays, privacy policies also need updating!

Companies must update their privacy policies to comply with data protection legislation and notify users of their rights and how their information is collected, stored, and used.

As per international privacy regulations, if you gather personal information from website visitors, you must post a privacy policy and make it available through your website. A privacy policy is a legal document that specifies what kind of personal information you collect from website visitors, how you use it, and how you protect it.

In general, a privacy policy covers

  1. the types of data collected by the website or app; 
  2. the reason for collecting the data; 
  3. data storage, security, and the rights of users;
  4. data transfers; 
  5. affiliated websites or organizations (including third parties);
  6. cookie usage.

Therefore, if any of the above information changes, you must update your privacy policy and notify your users

More on compliance for websites and apps

This article is a part of our series on compliance for websites and apps. Read also:

👉 Why you need a privacy policy

What Data Privacy Laws Require Privacy Policy Updates?

Several key data privacy laws around the world require businesses to keep their privacy policies updated. These laws ensure that businesses handle personal information transparently and securely. Here are some of the major ones:

General Data Protection Regulation (GDPR) – European Union:

  • Applies to all organizations operating within the EU and those outside the EU that offer goods or services to, or monitor the behavior of, EU data subjects.
  • Requires businesses to inform users about how their personal data is collected, used, and protected. Any changes in data processing activities must be reflected in the privacy policy.

California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) – United States, California:

  • Applies to for-profit businesses that collect and process the personal information of California residents and meet certain criteria.
  • Mandates that businesses provide a clear and updated privacy policy that explains the rights of California residents regarding their personal information and how they can exercise those rights.

Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada:

  • Applies to private-sector organizations across Canada that collect, use, or disclose personal information in the course of commercial activities.
  • Requires organizations to obtain consent for the collection, use, and disclosure of personal information and to have a privacy policy that is clear, understandable, and easily accessible.

Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados, LGPD):

  • Similar to the GDPR, it applies to any business that processes the personal data of individuals in Brazil, regardless of the company’s location.
  • Requires transparency in how personal data is handled and mandates the update of privacy policies to include information on data processing activities.

These laws, among others, emphasize the importance of privacy policies as living documents that need regular reviews and updates. Changes in legislation, business operations, technologies, or data practices can all necessitate updates to a privacy policy to ensure ongoing compliance and transparency with users.

Law Region Impact on Privacy Policy Updates
GDPR (General Data Protection Regulation) European Union Must specify types of data collected, reasons for processing, and how it’s protected. Requires updates when there are changes in data processing or when new data protection rights are introduced. Must detail user rights such as access, rectification, deletion, and data portability.
CCPA (California Consumer Privacy Act) / CPRA (California Privacy Rights Act) California, USA Requires detailing the categories of personal information collected, purposes for collection, and third parties with whom the data is shared. Needs updates to explain new consumer rights under the law and how to exercise them. Must notify consumers of the right to opt-out of the sale of personal information.
PIPEDA (Personal Information Protection and Electronic Documents Act) Canada Policies must clearly communicate how personal information is managed, including consent, limits to collection, use, and disclosure. Requires updates when there are changes in how personal information is handled or when offering new services.
LGPD (Lei Geral de Proteção de Dados) Brazil Similar to GDPR in requiring transparency about data collection, use, and rights. Privacy policies must be updated to reflect any changes in processing activities and to inform about data subject rights.
EU Cookie Law (ePrivacy Directive) European Union Requires websites to get consent from users before storing or retrieving any information on a computer, smartphone, or tablet. Impacts privacy policies by necessitating clear disclosure of cookie use, types of cookies used (e.g., necessary, performance, targeting), and how users can manage or reject cookies.

How often should your privacy policy be updated?

Good practice says you should evaluate your privacy policy at least once every few months. If you make a significant change to how you collect, use, keep, or share data, you should review your privacy policy and update it to ensure that it still accurately reflects your current data processing operations

It’s also good to evaluate your privacy policy when:

  • you’re launching a new or updated product or service;
  • you start using data in a new way; or
  • you start exchanging data with a new partner or vendor.

Why Do You Need to Inform Users About Privacy Policy Updates?

Informing users about updates to your privacy policy is crucial for several reasons, all of which contribute to transparency, trust, and legal compliance in handling personal data. Here’s why it’s important:

  • Legal Compliance: Many data protection laws around the world, like the GDPR in the European Union and the CCPA in California, require that organizations notify users of any changes in the way personal data is handled. Failing to inform users about updates can lead to legal penalties and fines.
  • Transparency: Updating users about changes in your privacy policy demonstrates that your organization is committed to data protection and transparency. This openness is key to building and maintaining trust with your users, as it shows you respect their privacy and are clear about how their data is used.
  • User Trust: Trust is a critical component of the relationship between users and businesses. By informing users about updates to your privacy policy, you reassure them that you are actively protecting their personal information and are up to date with the latest data protection practices and regulations.
  • Awareness of User Rights: Privacy policy updates often include changes to how users can exercise their rights in relation to their personal data, such as accessing, correcting, or deleting their information. Notifying users about these updates ensures they are aware of their rights and how to exercise them, fostering a more empowered and informed user base.
  • Operational Changes and New Features: Updates to privacy policies can reflect changes in business operations, new features, or new data processing activities. By informing users about these changes, you ensure that they are aware of how their data may be collected and used in new ways, which can affect their decision to continue using your services.
  • Avoiding Misunderstandings and Disputes: Clear communication about privacy policy updates can help avoid misunderstandings and disputes related to data use. It ensures that users are aware of the terms they are agreeing to, which can prevent conflicts and enhance user satisfaction.

In summary, informing users about privacy policy updates is not just a legal requirement; it’s a best practice that promotes transparency, builds trust, and ensures users are informed and comfortable with how their data is handled.

How Can You Notify Users About Privacy Policy Updates?

Notifying users about updates to your privacy policy is crucial for transparency and compliance. Here are effective ways to ensure your users are informed about any changes:

  • Email Notifications: Send a privacy policy update email to your users detailing the updates to the privacy policy. The email (also knowns as the privacy policy update email) should summarize the changes and include a link to the full privacy policy. This direct approach ensures that the information reaches users personally.
  • Website Pop-Ups: Implement a pop-up notification on your website that alerts visitors to the privacy policy updates. This pop-up should briefly describe the changes and provide a link to the updated policy for more detailed information.
  • Banner Notifications: Place a noticeable banner at the top or bottom of your website pages, informing users of the privacy policy update. Like pop-ups, banners should include a concise summary of the changes and a link to the full document.
  • In-App Notifications: For services with mobile or web applications, use in-app notifications to alert users about the privacy policy updates. These notifications can direct users to the updated policy within the app.
  • Blog Post or News Section on Your Website: Publish a detailed explanation of the privacy policy updates in a blog post or news section on your site. This allows users to understand the context and reasoning behind the changes.
  • Update Notices in Account Settings or User Dashboard: For platforms where users have accounts or dashboards, include a notice about the privacy policy updates within these areas. This method catches the attention of active users when they log in or manage their account settings.

When notifying users, it’s important to:

  • Be Transparent: Clearly explain what has changed in the privacy policy and why these changes were made.
  • Highlight Key Changes: While some users may read the entire policy, many will benefit from a summary of the most significant updates.
  • Encourage Questions: Provide a way for users to ask questions or express concerns about the updates, such as a dedicated email address or contact form.
  • Give Notice Ahead of Time: Whenever possible, inform users about upcoming changes before they take effect, giving them time to review the new policy.

By employing these strategies, you can ensure that your users are well-informed about any updates to your privacy policy, maintaining trust and compliance with data protection regulations.

How to update a privacy policy 

Updating your privacy policy depends on how/where you have created your privacy policy. 

Most privacy policy generators are self-updating with the current laws and allow you to easily update any clauses and add new third parties cookies. 

In the case of iubenda’s Privacy Policy Generator, editing and updating your policy has never been easier. We constantly monitor the major legal regulations and automatically update your policy to keep it valid and up-to-date. However, should you need to manually update your personal information, contact details, custom clauses, or add additional services, you can log back into your iubenda dashboard and make changes anytime.

iubenda’s Privacy Policy Generator in action

First, click on edit in your privacy policy from within your dashboard. 

Here is where you can make changes, update, and add any new clauses. Need to add a new service, for example? Click on Add new service. 

Privacy policy updates

You can all add any applicable legislation standards with a simple click. 

Privacy policy updates

Are your services now available in another country, and do you need to add that language to your privacy policy? Click on Add Language (iubenda has 11 languages to choose from)

Privacy policy updates

Once you’ve made and saved all your changes, our system automatically updates your privacy policies on any website it is embedded in.   

Need to set up a privacy policy with a generator you can trust?

Start generating

Or learn more here


Why do I need to update my privacy policy?

You need to update your privacy policy to comply with the data protection rules about user’s personal information and to inform them of how you collect, store, and use their data. These rules are part of several international privacy laws. Your privacy policy should clearly say what kind of personal information you take from visitors to your website, why you need it, how you keep it safe, and how you use it. It should also talk about cookies and if you share data with other websites or third parties. If anything about how you handle information changes, you have to update your privacy policy to reflect these changes and inform your users.

How often should privacy policies be updated?

It is highly recommended to check and update your privacy policy at least once a year, or every 6 months to ensure it accurately reflects the current state of your data practices. If you make changes to how you collect, use, store, or share data, review your policy right away. Also, update it if you launch new services, use data in new ways, or start working with new partners.

Why is everyone updating their privacy policy in 2023?

People are updating their privacy policies regularly, at least every year or every 6 months, not just in 2023. This practice ensures that their policies remain compliant with the latest data protection laws, which are constantly evolving to better protect consumer privacy. Additionally, whenever a company changes how it collects, uses, stores, or shares data, it’s crucial to review and immediately update the privacy policy. These updates are also necessary when launching new services, using data in new ways, or forming new partnerships.

Why am I getting so many privacy policy updates?

You’re getting a lot of privacy policy updates because companies must follow new and updated data protection laws. They also need to be clear with you about how they handle your personal information. When something changes in the way they collect, use, or share your data, they have to let you know by updating their privacy policy.

How do I update my privacy policy?

To update your privacy policy, you might use a tool like a privacy policy generator, which stays up-to-date with the latest laws. With such tools, you can easily make changes, add new sections, or include new services. If your service now covers more countries or you need to add new data handling practices, just log in to your tool, make the updates, and save them. These tools are often automatically updated if the law changes, keeping your privacy documents up-to-date without much hassle.

How to see when a website was last updated?

To find out when a website was last updated in the most basic way, you can simply check the page itself. Here’s how:

  • Look at the Bottom of the Page: Many websites include the last updated date at the bottom of their pages. This is also true for specific pages like privacy policies, where the last update information might be included within the document. Scroll down to see if there’s a date listed, often near the copyright notice.
  • Check the Top of the Article: If you’re reading an article, a blog post, or even a privacy policy document, the last updated date might be at the top or bottom of the page.

This method is straightforward and doesn’t require any technical skills. Just by looking around the webpage, you can often find the information you need.

See also