Privacy Policies are agreements where website owners disclose the personal data they collect from site visitors along with information about how that data is managed, used and protected.

A good Privacy Policy explains how data is collected, how it is used, why it is needed, whether it is shared with third parties, and how the information is managed.

If you own or operate a blog, then it's very likely that you need to post a Privacy Policy on it.

A Privacy Policy is required both by law and by third party services you may be using, such as analytics or chat forums that collect personal information.

In this article, we'll take a look at why blogs need Privacy Policies, what sort of personally identifiable information blogs directly and indirectly collect, and how the information is used.

Several privacy laws around the world require website, blog and mobile app owners to publish a legally binding Privacy Policy on their website if the website collects or uses any type of personal information.

The contents of a Privacy Policy should cover the different types of personal information the website or blog collects from its visitors. It should discuss how the information is being collected and why. It also should clearly explain how the information is used.

Personal information is anything that could be used by itself or in combination to identify an individual. This could be a person's name, email address, social security number, credit card number, date of birth, etc.

Privacy Policies protect your blog visitors' privacy and informs them of their rights to control their information.

Why Your Blog Needs a Privacy Policy

Why Your Blog Needs a Privacy Policy

Blogs, just like websites and mobile apps, need Privacy Policies if they're collecting personal information from their visitors and readers.

What you might not realize, however, is that even if you're not collecting personal data from your site's visitors directly, such as by asking them to sign up for a newsletter, you may still be doing it indirectly.

There are two main reasons your blog needs a Privacy Policy:

  • Because you collect/use personal information and are required by law to have one. This personal information can be collected when you allow user comments or allow users to sign up, requiring an email address or name.
  • Because you're using a third party analytics tool like Google Analytics.

Privacy Policies are Required by Law

Many laws require you to post a Privacy Policy on your blog site for the best interest of the public's privacy protection.

If your blog visitors live in any jurisdiction with privacy laws, you are legally obligated to comply with those laws.

For instance, in the United States, you're required by the California Online Privacy Protection Act (CalOPPA) to disclose how you collect and handle personal information you collect from residents of California.

Even if your business isn't located in California, you are required to abide by the California law because of the likelihood of attracting California residents to your site.

Many websites provide a link or clause specifically addressing their California Privacy Policy. For example, Forever 21's Privacy Policy agreement has a separate section on Your California Privacy Rights which addresses the California law.

Forever 21 Privacy Policy: California Residents Clause

To comply with CalOPPA, you must include a Privacy Policy with your blog that discloses what kinds of personal information you collect, how to use the information, how you protect it and other legal requirements.

In May of 2018, the EU's General Data Protection Regulation (GDPR) replaced the EU Data Protection Directive and regulates data collection and processing for all websites attracting EU residents. It also requires a Privacy Policy.

CheckMarket's Privacy Policy addresses how they process the personal data of account holders based in the EU and stipulates that processing of the data is in compliance with the GDPR.

Checkmarket Privacy Policy: Processing in the European Economic Area clause

Similarly, Canada requires compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA). Australia requires compliance with the Privacy Act of 1988.

Comments Functionality

Another reason you may be required by law to post a Privacy Policy on your blog is because you allow users to post comments on your pages and blog posts. Comments not only fall under the category of user-generated content, but they also often contain the user's name and email address, which is personal information.

In doing this, you must disclose that you collect that information and explain what you do with it.

What's more, if you're using a content management system such as WordPress or other popular blog platforms, you may be collecting and storing your commenters' IP addresses as well.

Wordpress dashboard showing user's personal information collected when commenting

Because user IP addresses are considered personal information, you need to disclose this in your Privacy Policy.

Common types of personally identifiable information often collected by blogs include:

  • Name
  • Email address
  • Profile picture/image/gravatar
  • IP address

The privacy laws in the United States (CalOPPA), the EU (GDPR), and Canada (PIPEDA) all require blog owners to include a disclosure in their Privacy Policy that states they collect this information from anyone who comments on their site's pages and blog posts.

Additionally, many blog owners actively use third party comment forums, plugins, and tools such as Disqus and Facebook Comments to host user remarks.

The Facebook Comments application, for instance, allows people to comment on any blog integrated with their Facebook account. In these cases, the blog is gathering and storing personal information about the visitor's social media account.

Facebook's Privacy Policy discloses that personal information may be collected and shared when using these apps or services.

Facebook Privacy Policy: Apps, websites, and third-party integrations clause

Similarly, if you're using software such as Disqus to host user comments on your blog, then you must be aware that the tool collects personally identifiable information about your site's visitors.

According to the Disqus Privacy Policy, when a visitor logs in through Google, Twitter, or Facebook Connect, or follows, likes, or links their account in any other way, the third party may give Disqus personally identifiable information about them.

Disqus Privacy Policy: Third parties or publicly available sources clause

Privacy Policies are Required by Third Party Services

Privacy Policies Required by Third Parties

If you've integrated analytics services into your website to track metrics like how many unique page views your site receives, such as Google Analytics, then you need to post a Privacy Policy in order to comply with privacy laws and third party requirements.

Google Analytics and other third parties require you to post a Privacy Policy to meet their Terms of Service. If you fail to comply with those terms, then they retain the right to deny their services to you.

In the Privacy section of the Google Analytics Terms of Service, Google states that you must post a Privacy Policy to your blog and disclose your use of Google Analytics:

Google Analytics Terms of Service requires a Privacy Policy

Google Analytics requires you to have a Privacy Policy posted to your blog because they store cookies on your visitors' devices in order to collect usage data.

Because some types of cookies collect information that can be used to identify an individual, this falls under the category of protected personally identifiable information.

The Budget Fashionista's Privacy Policy has a clause about cookies in which it's stated that Google Analytics to increase the functionality of the website. They disclose that Google Analytics cookies are used for website traffic tracking, to understand how users navigate the site, what content is interesting to the user and to show relevant ads and offers.

Budget Fashionista's Privacy Policy: Performance Cookies clause

Anytime Fitness has a blog integrated with its website. The Privacy Policy mentions that the company may use Google Analytics' services to advertise to site visitors. It also states that the information collected through cookies isn't linked to any form of personally identifiable information.

In addition to this, the policy explains how users can opt-out of Google Analytics tracking.

Anytime Fitness Privacy Policy: Cookies clause excerpt about Google Analytics

If you are using third party services such as a blog platform, an analytics tool or if you allow site visitors to leave comments on your pages and posts, then you're most likely required by law and those third party services to post a Privacy Policy on your site.

Remember:

  • Your site is governed by the privacy laws of the jurisdictions where your site visitors live.
  • You also must comply with the Privacy Policy and The Terms of Service for the third party services you use.

How to Create a Privacy Policy

FreePrivacyPolicy: Privacy Policy Generator - Steps How to Create Privacy Policy

Our Privacy Policy Generator helps you create a custom Privacy Policy for your website and mobile app. Just follow these few simple steps and your Privacy Policy will be ready to display.

  1. Start the Free Privacy Policy Generator, located at the top of the website.
  2. Select where your Privacy Policy will be used:
  3. FreePrivacyPolicy: Privacy Policy Generator - Select where your Privacy Policy will be used - Step 1

  4. Answer a few questions about your business:
  5. FreePrivacyPolicy: Privacy Policy Generator - Answer a few questions about your business - Step 2

  6. Add your website or app information:
  7. FreePrivacyPolicy: Privacy Policy Generator - Add your website or app information - Step 3

  8. Answer a few questions about what information you collect from your users:
  9. FreePrivacyPolicy: Privacy Policy Generator -  What information you collect - Step 4

  10. Select options for how your users can contact you:
  11. FreePrivacyPolicy: Privacy Policy Generator - How your users can contact - Step 5

  12. Select whether or not you wish to create a Professional Privacy Policy that would include wording for GDPR and CalOPPA:
  13. FreePrivacyPolicy: Privacy Policy Generator - Select what Privacy Policy you want to create - Step 6

  14. Enter your email address where you'd like your new Privacy Policy sent:
  15. FreePrivacyPolicy: Privacy Policy Generator - Enter your email address - Step 7

  16. Click Create Privacy Policy and you're done. Now you can copy and paste your Privacy Policy code into your website, or link to your hosted Privacy Policy.
  17. FreePrivacyPolicy: Privacy Policy Generator - Copy or link to your hosted Privacy Policy - Step 8