Conversations about data privacy policies and website terms and conditions have become more common in recent months. Bigger companies like Facebook, Expedia, and Dick’s Sporting Goods have been involved in legal action regarding different privacy issues. The questions on most business owners’ minds are “What are these agreements?” and “Do I need them on my website?” Privacy policies and terms and conditions serve quite different purposes, but both are essential for any business that engages with customers online! So let’s dive in.
What Are Terms & Conditions?
Overall, terms and conditions are needed to define permissible and impermissible website activities by the consumer. For instance, a user may claim to be unaware of having engaged in wrongful conduct that triggered a termination of the user’s website account or access. However, if the terms and conditions set forth the website owner’s right to take such action, the owner has notified the consumers of permissible behavior and therefore the terms support the website owner’s ability to terminate access when violations occur.
Do I Need These Agreements?
Privacy policies are a must-have to comply with federal regulations and various state laws regarding data protection. These laws apply to the vast majority of websites because most websites collect personal information from users regardless of their geographic location. “Personal information” or “personal data” includes everything from users’ names and email addresses to their IP addresses and device types. In other words, data collection practices that do not overtly collect private data may still be collecting personal information from website visitors using various technologies. Additionally, laws like the General Data Protection Regulation (“GDPR”) and California Consumer Privacy Act (“CCPA”) broadly apply to business owners who collect data and profit by using the data in their marketing or selling the data. Have you ever gotten an email directed at you from a company you have never even heard of? That’s what the CCPA is about. These types of laws signal a push for legislation requiring transparency from businesses, and noncompliance could result in costly fines from local governments or even the Federal Trade Commission (“FTC”), the agency in charge of enforcing most consumer data protection compliance and the authority to seek civil monetary penalties for violations. Long story short, you do not want to get into a mess with the Federal Trade Commission, that’s for sure!
Does your Business Fall Under the CCPA?
The CCPA applies to businesses that fall into at least one of the following categories:
(1) Those that earn $25 million or more in annual revenue.
(2) Those that buy, receive, or sell the personal data of at least 50,000 consumers or households.
(3) Those that obtain at least half of their revenue selling the personal data of California residents.
Any business, including those located outside of the state of California, will be subject to the law, as long as it meets one of the three conditions mentioned above. It has been estimated that more than 500,000 U.S. businesses, including many small businesses, will be impacted. The law does not apply when a business’s commercial conduct “takes place wholly outside of California,” meaning:
(1) The business collected information while the consumer was outside of California.
(2) No part of a sale of the consumer’s personal information occurred in California.
(3) There was no sale of the personal information collected while the consumer was in California.
Schmit Law Firm Can Help!
Ensuring that your website has all of the legal agreements in place to protect your business should be one of your greatest priorities! I am here to help you understand exactly what agreements you need and how they can best be used in order to protect yourself and your business! Schedule an appointment with us today or reach out using the “Contact Us” tab above. I look forward to hearing from you!