As the owner of a blog or similarly simple website, you may be wondering if the same rules of commercial sites and apps apply to you.
To answer that question, here are a couple of things you need to consider:
If you answered yes to any of these, then many of the same privacy rules that apply to commercial websites and apps will apply to you.
You can read our general legal overview.
For the most part, compliance requires that you disclose data collection, inform users of their rights in regards to their data and implement methods of receiving/rescinding consent. Failure to adhere to data privacy laws can result in hefty fines, leave you open to litigation and negatively affect the credibility of your website.
Compliance requires that you disclose data collection, inform users of their rights in regards to their data and implement methods of receiving/rescinding consent
You can learn more about which laws apply to you here.
View live demos and have your questions answered in real time by attending one of our free English webinars. They are all practical and designed to really help you with understanding and achieving compliance for your websites or apps.Attend our free webinars
By law users of your site need to be informed about:
💡 Run an affiliate program? Read this guide.
Generally, they require that endorsements made by bloggers and influencers reflect the truth-in-advertising principles. This means that you’re not allowed to make any claims about the product that the marketer couldn’t legally make and that endorsements must be non-misleading and fully disclosed. You must inform users when there’s a connection between an endorser and the marketer a consumer would be interested in knowing, or that would change their perception if known.
You must also inform users when you’ve been given an incentive (financial or otherwise) to push the product. This means that whether you were given a free product/service, paid directly, or you make a percentage off each sale (in the case of Affiliates) you’re equally obligated to inform users of the fact.
According to ICEPEN, you must clearly and prominently label content that you’re paid to endorse and ensure that it is clear whose opinion or experiences is being stated. This means that disclosures need to be specific to the particular endorsement, so simply putting a single disclosure on your homepage won’t suffice.
Here’s an example of a complaint disclosure using the affiliate example above:
This blog received a commission for using “company name” products in the tutorial shared in this post. Although we receive a commission for using and linking their products, all of the products are tested thoroughly and only the ones that meet our standards are linked. All opinions stated are our own.
Third-party apps and services also need to follow the law. As organizations themselves, they too can be exposed to major reputation damage, fines, and sanctions if their legal obligations are not met. For this reason, it’s often mandatory that all partners and customers that use their services meet regulatory standards.
We extended the requirement to disclose our affiliate relationship to any means where you may be leveraging Associates’ content.
Needless to say, it’s important to ensure that both legal and third-party requirements are met. From time to time, however, third party requirements can change in response to internal or regional regulations. It’s therefore necessary that your policies meet the latest requirements in order to avoid interruption of service or legal consequences. For this reason, we use embedding and NOT copy & paste for our document solutions. With this method, you can rest assured that your policy is up to date and being maintained remotely by our legal team.
Regulations require that your policy is clear, easy-to-understand and that it lists specific third-parties in a granular manner. The policy also needs to be easily accessible throughout the website.
With hundreds of available clauses, our privacy policies contain all the elements commonly required across many regions and services, while applying the strictest standards by default – giving you the option to fully customize as needed.
Our policies are created by lawyers, monitored by our lawyers and hosted on our servers to ensure that they are always up-to-date with the latest legal and third-party requirements.
Easily integrate with your website/app using any one of our integration methods to make sure that your policies are visible and easily accessible as legally required.
Congratulations! Your policy has been created. Simply check that all the details are correct, then:
Generally, US laws require that you provide users with an option for withdrawing consent (opt-out) when using data collection mechanisms (e.g. newsletter sign-up forms).
Compared to US laws, however, EU laws (in particular the GDPR) are more stringent. Consent under the GDPR must be “explicit and freely given”. This means that the mechanism for acquiring consent must be straightforward and involve a clear “opt-in” action. Within the context of a blog, this means that you’d be in violation of regulations if you were to employ mechanisms such as pre-ticked newsletter sign-up boxes when a user registers an account, as GDPR regulation specifically forbids pre-ticked boxes and similar “opt-out” mechanisms.
The mechanism for acquiring consent must be straightforward and involve a clear “opt-in” action
The regulation also gives users a specific right to withdraw consent. This means that you’re required to make it as easy to withdraw consent as it is to give it.
The user should be honestly and straightforwardly informed about what they’re consenting to and the mechanisms chosen for obtaining the consent should require the user to actively consent via a clear affirmative action, such as clicking an “agree” button or clicking a checkbox. Ensure that the consent obtained is specific to the purpose of obtaining it and clearly indicate that the consent is optional as consent must not be “freely given” and not coerced in any way.
As consent must be as easy to withdraw as it is to give, the withdrawal mechanism must be visible, easy to understand, simple and immediately available. Your withdrawal mechanism should be both situationally and generally available and involve no more than a single webpage. It should also be accompanied with an explanation as to its purpose.
If you no longer wish to receive weekly emails from us, you can click here to modify your settings or click here to unsubscribe instantly.
As shown in the example above, the mechanism most commonly used is the email unsubscribe link, however, it’s important to remember that the user should also have withdrawal options available within their account in order to facilitate withdrawal even before they’ve received the first email communication from you.
User requests for withdrawal must be honored within 10 days under US law and within 30 days under EU law.
Records of consent should at least contain the following information:
iubenda can help with this in 2 ways:
Cookies are small bits of information that websites and apps store on a computer or mobile device, which are designed to hold small amounts of user-specific data. Many platforms, such as WordPress, and third-party widgets use them by default. Because using cookies means both processing user data and installing files that could be used for tracking, it is a major point of concern when it comes to user data privacy rights.
You can read more about the Cookie Law here.
If you monetize content on your site via ads (including Google’s ad services), we heavily suggest that you meet industry requirements by enabling the IAB Transparency & Consent Framework feature in the Cookie Solution. Failure to do so can potentially result in reduced ad reach and revenue.
Our comprehensive Cookie Solution simplifies compliance with provisions of the European Cookie Law.
It allows you to:
Congratulations! Your Cookie Solution has been created and is fully operational.
Though not always legally required, a Terms & Conditions document is pragmatically required. It governs the contractual relationship between you and your users and is therefore essential for protecting your content from a copyright perspective as well as protecting you from potential liabilities.
The Terms & Conditions document is a legally binding agreement, therefore not only is it important to have one, but it’s also necessary to ensure that it’s clear, easily understandable, precise and that users can both easily see it and agree to it in an unambiguous way (for example, clicking a checkbox with a visible link to the document before being allowed to create an account or comment).
You’ll likely need a Terms & Conditions document if any of the following apply to you:
Set clear terms for users with a comprehensive and up-to-date terms and conditions document. This legal agreement is essential to protecting the interests of your business and establishing terms of usage.
It is therefore vital that this contract be precise and up-to-date with all applicable regulations. It should include the general conditions for use of your service with special attention to limitation-of-liability clauses and disclaimers.
Here’s where our Terms and Conditions Generator comes in very handy: customizable from over 100 clauses, available in 8 languages, drafted by an international legal team and up to date with the main international legislations, it’s capable of handling even the most complex, individual scenarios and customization needs.
Our solution works for businesses of any size, from the single blogger to enterprise level organizations, protecting their interests and their content. It’s optimised for e-commerce, marketplace, SaaS, mobile apps, blogs, publications and more.
The generation process is easy and intuitive:
For more information read our guide on How to Generate a Terms and Conditions document.
Please note that from time to time, laws are amended and updated. It’s therefore important to ensure that your policies meet the latest requirements. For this reason, we use embedding and NOT copy & paste. With this method, you can rest assured that your policy is up to date and being maintained remotely by our legal team.