While it's not exactly breaking news, discussions about privacy policies have been popping up more frequently since the start of GDPR in Europe. And despite it seeming coincidental, it's not!
After all, this term is directly linked to the LGPD or General Data Protection Law that came into effect in August 2020. However, if you're not familiar with it, don't worry because we're here to help you.
Below, you'll find everything about this type of policy, how it works, and its importance. Also, take the opportunity to learn how to develop one for your company and thus, comply with the legislation that's already in effect in the country.
It's time for you to understand once and for all what these terms are and why you shouldn't ignore them when visiting a website! After all, your security and your data's security are at stake. Want to understand how? Read on!
Privacy policies mainly apply to the online environment and concern the protection of your data. In general terms, they correspond to a company's statement regarding how it handles your information, and now, with LGPD specifically, your personal data.
But how is that so? Well, your online activities leave traces. That is, data that websites and social networks store, generating information about you. Similarly, these are recorded by your browser. However, this can't happen inadvertently because merely "browsing these environments" already generates data and, consequently, personalized data collection.
In other words, the legislation protects us citizens from websites simply collecting information and using it as they see fit. This, in fact, is the focus of LGPD. This makes it even more evident that a website should have an easily accessible privacy policy that formally organizes this information.
First and foremost, data collection can only occur with the user's explicit authorization. Whether through express consent or other Legal Bases of LGPD that support data collection by the company. Therefore, you are a key player in determining what information can be collected, stored, and eventually used.
Here's a significant gain provided by LGPD for all citizens -Info
However, it doesn't stop there!
According to the law, companies are not only responsible for collecting data within the visitors' will when they visit their websites or networks.
They must also clearly demonstrate how they store and for what purposes they use such data. After all, they belong to someone! And their use must align precisely with their intended purpose, as well as ensure that the information doesn't leak out and cause serious problems.
Before we dive into how this policy affects you and how to develop a quality one, let's clarify something. Many people confuse cookies and such policies. Although they are closely related, they are not synonyms.
Remember the data we mentioned earlier, the focus of the privacy policy? Well, some of it is collected through cookies! After all, the website needs to know which data you've given permission to access. Similarly, it needs to know what "marks" it can leave in your browser.
These data are usually collected for commercial or digital marketing purposes, i.e., for promoting products and services online. However, they also often contribute to navigation and the visitor's experience.
But how does this work? You've probably visited websites where you're already registered, and when you do, you see your login and password automatically filled in. This is nothing more than the action of these "marks" on your browser.
The same thing happens when you looked at a product, thought about it, and left it in your cart. It probably kept following you after that, right? Whether through advertisements on social networks or on websites, it surely didn't stop appearing.
Again, we have the action of cookies, which provide access information to web pages. Therefore, they are related to data and the care that LGPD reinforces about them.
So, where does the privacy policy come in? Well, it's precisely the information that the website provides to the visitor about how it handles data, how it stores it, how it ensures its security, and its intended use. Both for data that enables direct identification - i.e., data that directly identifies the individual (Name, Email, CPF, RG, etc.), and indirect data that, when combined, can lead to an individual (IP, Address, Position, Profession, etc.).
In other words, the policy acts as a code of conduct for the company.
It's important because it's a public commitment by the website to the visitor. By having it, the site assumes a responsibility that must be strictly followed.
Now that we know more about privacy policies, data collection, cookies, and how LGPD has made them so important, the question arises: how to create a high-quality policy? This is a crucial issue if you have a website, regardless of its purpose.
First and foremost, it's essential that the terms are clear. Leave legal jargon behind and use simple terms. This ensures they won't be ignored and, at the same time, provides a clear understanding of how the website handles user data.
Leaving no room for doubts or suspicions is crucial and also helps in building the page's image. So, remember to adopt a simple and very clear language.
Another essential aspect when developing a privacy policy is to provide complete information. In other words, don't leave anything out and provide a full understanding of what's being done with the data and how it's being handled.
Among the essential pieces of information are:
You might wonder, with the list above, how do I identify all this? Where do I start? The simplest answer would be to understand that the Privacy Policy is the result of a series of other readings and data mappings you should go through to write it more securely.
So, below are two articles that can help you with the next steps:
As we saw earlier, cookie collection and privacy policies go hand in hand. Therefore, our final tip couldn't be any different! It corresponds to adopting a cookie notice platform.
With this, your visitors have simultaneous access to cookie customization and authorization and to the policy the website applies to their privacy. And for this, count on AdOpt, a reference in the market that is here to help you comply with LGPD and respect all your visitors' rights!
Surely you've already seen the predictions of fines and sanctions, processes. But, what does it mean to your company?
In the end, our goal has never been to predict doom for companies or to be part of the LGPD's Apocalypse Cavalry. But, since we've been in the market for some time, these kinds of issues always catch our attention when we start data mapping and having conversations with colleagues.
It's time to talk about one of the most impactful tasks, both for the company and for the visitors of your websites: tag categorization. But why is it so impactful? What is the relevance of this configuration and how can it affect us? It is precisely because of these common questions we receive from our clients that we have written this article on best practices in tag categorization.
Now that we have the data flow within your company, we need to highlight 2 aspects of LGPD that will help you determine the extent of your responsibility in relation to the many points listed in the company. I'm talking about the difference between Data Controller and Data Processor.
Despite cookies being more well-known, what is the main difference between cookies and session storage and local storage? Why choose one over the other? This article will help you with these doubts!
LGPD, GDPR, and CCPA are data privacy regulations. In this article, we discuss their similarities and differences for practical application.
With the data mapping we have a clear understanding of the 5 stages that every data goes through in a company.
Drawing an analogy from the world of soccer, we can think of the DPO as the "midfielder" of the team, responsible for connecting the defense and the attack.
Brazilian LGPD - General Data Protection Law brought with it several acronyms and specific terms. Many of them imported from other countries and legislations. One of them is ROPA (Record Of Processing Activities), adapted in Brazil to Registros das Atividades de Tratamento. An essential document for any DPO, Data Processor.
Is there an ideal and _foolproof_ Privacy Policy? This is one of the most difficult questions to answer nowadays. Especially considering all the jurisprudence already established in Europe with the GDPR, the extensive history of cases, and the numerous tips we see in the market. Not to mention the judicial decisions that are already emerging in Brazil with the LGPD.
Ignoring Terms of Use and their significance within a website, particularly now with LGPD, is a common mistake that both consumers and website owners frequently commit.
AdOpt
Resources
Legal Terms
© AdOpt since 2020 • Made by people who love
🍪