When accessing a website, the user/client’s data is often gathered throughout several actions, such as registering on the site, logging in, membership registration, sharing content, posts, etc. or by the means of the so called “cookies”, which are small files (http) that the site sends and embeds into the user’s terminal. Cookies allow to collect traces of information that recall some of the user’s behaviour within the site, allowing a faster and more fluent browsing.
Nevertheless, sometimes the user shares sensitive information or data that it does not want to be shared or used by third parties.
This is why websites seeking to inform the general public on how such information is treated, adopt Privacy Policies. This way, the user that logs into a website or registers in it or subscribes to an agreement, as for instance Terms & Conditions, has the possibility to acknowledge the website’s rights, prohibitions and limits with regards to the information it receives.
Privacy Policies do not fall exclusively in the informatics area (internet websites more precisely) but can rather be assimilated in an annex or clause of a contract or agreement, as an NDA would be. That said, in this brief article we will focus on the Privacy Policies that are subjected to the Terms & Conditions of a website.
These policies normally allow the user to acknowledge what specific type of data will be collected by the website (for instance, name, ID number, passport Nº, or any other form of identification, age, sex, viewed content, shared content, created content) and how such information shall be treated. For example, the user can know if the info will be shared or traded with third parties and for what purposes (such as advertising), data banks, traffic analysis, viewed, shared and published content statistics, etc.
As would be expected, the Law that applies in case of conflict between the user and the server falls into a grey area. To this end, the country in which the server hosting the website is physically located or where the company based, is crucial when deciding which law shall apply. Normally, Privacy Policies will include a clause stating which National Law applies for interpretation, enforcement and conflict resolution.
A well-drafted Privacy Policy notifies the users of any changes it undergoes, allowing them, within a reasonable timeframe, to decide if they want to stay and accept the new policies or reject them, obligating the server itself to delete any trace of information of the user that the server keeps.