All my websites should have a Privacy Policy. Even though its a GDPR requirement, and it would please me to replace my privacy policies with a simple statement: “Privacy Policy deleted to annoy evil European despots.”
First, and most important, a Privacy Policy is just polite. Anyone who visits my site should be able to know what data is collected, what is done with it, and how to opt out. That’s just being a good interwebs citizen.
Second, since I use Adsense, Google requires a Privacy Policy, as do various government regulations and statutes – hard to keep track but lots of ’em.
Let’s say I have a site that I have absolutely verified uses no cookies, and collects no user information – no contact form, no comments, nothing. Should I still post a Privacy Policy? Yes! Otherwise my site appears to be unprofessional at best and likely suspicious.
So, I gotta have a Privacy Policy. But most web Privacy Policies seem to me too long, to legalese, and way too intent on protecting the website owner instead of the visitor. Worst of all are the ubiquitous equivocal disclaimers – “This Privacy Policy is subject to change without notice” – then what the hell good is it!?
What to include in my Privacy Policy? I like to use …
- A bit of humor. “My privacy policy is private and none of your business. Just kidding.”
- The stuff required by Google and by any legitimate applicable laws/regulations that I’m aware of (not the evil GDPR).
- My personal assurance, in my voice, not legalese: “I value and respect your privacy. I collect your name or email address only if you choose to enter that optional information in my contact form. I will use your name and email address only to respond to your request. I will never sell, trade, or otherwise transfer your contact information, unless in the unlikely event of being forced under court order. I do not maintain or use a mailing list. I will not continue to send you emails or otherwise contact you after responding to your original request. I dispose of your contact information immediately after responding to your request or, in some cases, after deciding not to respond. I store no private information.”
