The boring question: does your website need a privacy policy?

The boring question: does your website need a privacy policy?

You know those little links at the very bottom of a website? The ones under the social media icons and address details?


Understandable really – they’re usually in tiny fonts, coloured to blend into the background, reduced to little importance and hidden away as if considered undesirable; a necessary evil.

I’m talking about the ‘Privacy Policy’ or ‘Cookie Policy’ links that appear almost ubiquitously in website footers. Let’s be real about this: no-one ever clicks on them. No-one really wants to read the most boring page on your site, reams of dense legalese that has no bearing on their day-to-day lives; no-one would be too appalled if they were missing from your website. Right?

Well, unfortunately the situation isn’t so simple. While the casual visitor to your website would rather find out about what you do, or who you do it for, or how to get in touch with you, there are sound reasons these pages are so commonly found and if your website doesn’t feature them you may be in breach of privacy or data laws such as the Data Protection Act 1998 in the UK.

A question of data

In many countries a person’s data is – rightly – considered privileged information. It is their right to keep possession of it or understand how it will be used; just look at the forthcoming GDPR rules (we’re hoping to blog about these soon) to see how important this is. So, to avoid upsetting visitors, breaking laws or opening yourself up to lawsuits, it makes good business sense to be up-front and honest about your use of data.

“But I’m not using any data”

This comment spawned the foundation for this article. Plenty of websites are obvious in their data-acquisition – they may have a web form to collect email address information, or they may have e-commerce features which harvest financial data. In these instances it’s obvious that data is being collected and visitors need due warning.

However there are plenty of other ways data is captured or used by a website. Most sites feature cookies and many have analytics packages such as Google Analytics installed – these track data about site visitors and, as such, need to be disclosed.

The issue is slightly muddled, we’ll admit, by the cookie consent pop-ups that are so prevalent these days, but even they don’t replace the requirement for a full-blown privacy policy (though for the record, we see no need for a site to have separate cookie and privacy policies).

How to do I write a policy?

There’s nothing wrong with plain English. You could simply write a short declaration of what data-tracking occurs on your site and what it means for visitors, along with a promise that you won’t share or misuse the data.

A lot of people prefer a bit of legalese, however, which is why so many policies you see are lengthy, as well as sometimes obtuse or obfuscating. Deep down I suspect one person wrote a privacy policy many years ago and has had that document – with some irony – copy-and-pasted wholesale onto millions of other sites over time, with just company names being changed.

If you’re running an e-commerce site, we can heartily recommend Shopify’s free privacy policy generator []. Otherwise if you’d like some help putting a policy together – or any copywriting at all – please just get in touch with us on 02920 463047. But don’t worry, we’ll make sure the Privacy Policy is still the most boring page on your website!