“MUST-HAVE” TERMS IN THE PRIVACY POLICY OF A WEBSITE

A privacy policy acts as a standard legal statement and is very important for a company as it provides a detailed description of the customer data collected by the company and ensures customer safety for the expansion of the business.

  Business   Nov 19, 2020   0  Add to Reading List
“MUST-HAVE” TERMS IN THE PRIVACY POLICY OF A WEBSITE

MUST-HAVE” TERMS IN THE PRIVACY POLICY OF A WEBSITE

In today’s world, privacy and security of the information provided by customers is the most vital responsibility of any website owner. The information provided must be guarded against any external exploitation and this must be assured by nobody but the website owner himself. Every detail regarding the cookies on the website and the kind of information and data collected must be specified on the website in a separate section known as the privacy policy of the site. A privacy policy acts as a standard legal statement and is very important for a company as it provides a detailed description of the customer data collected by the company and ensures customer safety for the expansion of the business.

The right to Privacy, as acknowledged by the Constitution of India is a fundamental right and therefore, the data protection of customers should be of paramount importance for the companies to avoid any legal action against them. Section 43A of the Information Technology Act, 2000 read with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 ("Sensitive Information Rules") requires every business in India, which collects, receives, possesses, stores, transmits, processes or can associate pretty much any other verb with 'personal information' directly under a contractual obligation with the provider of information, to have a privacy policy. The privacy policy terms of every company cannot be similar and should be altered as and when required. However, there are certain “must-have” terms that should be included in every privacy policy. They are mentioned below.

  • THE KIND OF DATA BEING COLLECTED: The clients should be made aware of the information being collected. The purpose and procedure of data collection must be communicated through the website. What kind of personal information is collected and how the company aims at using it must be made clear to the consumers/clients.

  • CONSENT: Once the criteria concerning the kind of information being collected are mentioned, it becomes extremely important to take consent from the respective client before using their personal information. No information should be used without the legal consent of the users. Usually, the privacy policy is mentioned at the bottom of the page that is likely to be ignored by the clients before using the site. It is often considered as consent given by them. However, it is not. A very crucial and vital part of this clause is to ensure that the policy has been read by the user and that consent has been given thereafter. Once the users are well aware of the kind of information being collected, they should be given a choice to accept or reject the option. Clear consent is very important to avoid any disputes in the future.

  • PURPOSE OF THE DATA BEING COLLECTED: The terms of the policy must specify the reasons for collecting a particular set of information from the clients. A well-drafted privacy policy stating the kind of data being collected along with the reasons for the same helps in getting consent easily. The company must ensure that unnecessary data is not being taken and that it is destroyed once the purpose has been fulfilled. Any information taken beyond the scope of work might not be acceptable by the court at uncertain times. Therefore, the purpose must be made clear to the users e.g. for analytics or email marketing, etc.

  • SECURITY OF THE DATA: The data provided by the users must be secured by the site and should be protected from any type of exploitation. The security policies along with the measures for any mishap must be provided by the company so that the users are satisfied before giving their consent. If the data is not secured, the private information of the users can be misused for various purposes by any external third party which can put the company’s image at risk. Thus, the security services provided by the company for the personal information of the users must be as strong as the services provided by them in general.

  • RIGHTS OF THE USERS: The privacy policy must also provide the users with their rights in case there is any breach of the policies. The rights given to the users provide them with a sense of safety from any exploitation. The users also have the right to inspect the data the company has about them and can demand to destroy the data once the purpose has been fulfilled.

  • LEGAL OBLIGATIONS OF THE WEBSITE OWNER/COMPANY: The main motive of almost every clause in the privacy policy is to assure the users that their personal information is safe with the website. This legal statement, ie. the privacy policy must also contain the legal obligations of the website along with the rights of the users and other clauses. The company should be legally obligated to protect user data and take actions against any misuse of it by any employee whatsoever.

The digitalization of India has led to immense growth in the use of online websites for various purposes. An increase in the digital population demands an increase in the protection of the information of the population. Data protection of the users including their name, address, or any other sensitive information is very vital to every business. Terms & Conditions of a website along with the privacy policy must be customized as per the needs of the business and should always be drafted with the help of an expert in the field. It should always maintain a balance between the safety of the users and the smooth flow of the company business.

 

By:-

Ridhika Kapoor

 

 

Tags