Privacy policy

privacy policiescorporate privacy policiesinformedprivacy
A privacy policy is a statement or a legal document (in privacy law) that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data.wikipedia
116 Related Articles

Online Privacy Protection Act

California Online Privacy Protection ActCalifornia Online Privacy Protection Act (OPPA)California Online Privacy Protection Act (OPPA) of 2003
(See also Online Privacy Protection Act)
The California Online Privacy Protection Act of 2003 (CalOPPA), effective as of July 1, 2004 and amended in 2013, is the first state law in the United States requiring commercial websites on the World Wide Web and online services to include a privacy policy on their website.

Children's Online Privacy Protection Act

COPPAChildren's Online Privacy Protection Act (COPPA)Children's Online Privacy Protection Act of 1998
It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing of those under 13.

Terms of service

terms of useTOSUser Agreement
However, such lawsuits are often not an option, due to arbitration clauses in the privacy policies or other terms of service agreements.

Privacy

privatepersonal privacyprivacy rights
It fulfils a legal requirement to protect a customer or client's privacy.

Gramm–Leach–Bliley Act

Gramm-Leach-Bliley ActGLBAFinancial Services Modernization Act
In summary, the financial privacy rule provides for a privacy policy agreement between the company and the consumer pertaining to the protection of the consumer's personal nonpublic information.

Personal data

personally identifiable informationpersonal informationpersonally identifying information
California Business and Professions Code, Internet Privacy Requirements (CalOPPA) mandate that websites collecting Personally Identifiable Information (PII) from California residents must conspicuously post their privacy policy.
As a response to these threats, many website privacy policies specifically address the gathering of PII, and lawmakers such as the European Parliament have enacted a series of legislation such as the General Data Protection Regulation (GDPR) to limit the distribution and accessibility of PII.

General Data Protection Regulation

GDPRGeneral Data Protection Regulation (GDPR)General Data Protection Regulation 2016
Effective 25 May 2018, the Data Protection Directive is superseded by the General Data Protection Regulation (GDPR), which harmonizes privacy rules across all EU member states.
When data is collected, data subjects must be clearly informed about the extent of data collection, the legal basis for processing of personal data, how long data is retained, if data is being transferred to a third-party and/or outside the EU, and any automated decision-making that is made on a solely algorithmic basis.

Data Protection Directive

Directive 95/46/EC on the protection of personal dataDirective 95/46/ECEuropean Data Protection Directive
In 1995 the European Union (EU) introduced the Data Protection Directive for its member states.

International Safe Harbor Privacy Principles

Safe HarborSafe Harbor PrinciplesSafe Harbor arrangement
In 2001 the United States Department of Commerce worked to ensure legal compliance for US organizations under an opt-in Safe Harbor Program.

P3P

Privacy Preferences Project
Some websites also define their privacy policies using P3P or Internet Content Rating Association (ICRA), allowing browsers to automatically assess the level of privacy offered by the site, and allowing access only when the site's privacy practices are in line with the user's privacy settings.

Expiration date

expiry dateexpiration date of November, 1959expires
Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services.

Human rights

human righthuman rights violationshuman rights abuses
In 1968, the Council of Europe began to study the effects of technology on human rights, recognizing the new threats posed by computer technology that could link and transmit in ways not widely available before.

Convention for the protection of individuals with regard to automatic processing of personal data

Convention 108 Consultative Committee
In 1981, [[Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data]] (Convention 108) was introduced.

Data Act (Sweden)

Data Act
One of the first privacy laws ever enacted was the Swedish Data Act in 1973, followed by the West German Data Protection Act in 1977 and the French Law on Informatics, Data Banks and Freedoms in 1978.

Fair Credit Reporting Act

Fair Credit Reporting Act (FCRA)U.S. law
In the United States, concern over privacy policy started around the late 1960s and 1970s saw the passage of the Fair Credit Reporting Act.

United States Department of Health and Human Services

Department of Health and Human ServicesU.S. Department of Health and Human ServicesHealth and Human Services
One such group was an advisory committee of the United States Department of Health and Human Services, which in 1973 drafted a code of principles called the Fair Information Practices.

Privacy Commissioner of Canada

Privacy CommissionerOffice of the Privacy Commissioner of Canadafederal privacy commissioner
In Canada, a Privacy Commissioner of Canada was established under the Canadian Human Rights Act in 1977.

Canadian Human Rights Act

Canadian Human Rights Codefederal anti-discrimination laws
In Canada, a Privacy Commissioner of Canada was established under the Canadian Human Rights Act in 1977.

European Union

EUEuropeanEurope
In 1995 the European Union (EU) introduced the Data Protection Directive for its member states.

Federal Trade Commission

FTCU.S. Federal Trade CommissionUnited States Federal Trade Commission
In the same year, the U.S. Federal Trade Commission (FTC) published the Fair Information Principles which provided a set of non-binding governing principles for the commercial use of personal information.

Federal Trade Commission Act of 1914

Federal Trade Commission ActFTC Actdeceptive practices
In many cases, the FTC enforces the terms of privacy policies as promises made to consumers using the authority granted by Section 5 of the FTC Act which prohibits unfair or deceptive marketing practices.

Federal Aviation Administration

FAAFederal Aviation AgencyFederal Aviation Authority
The FTC's powers are statutorily restricted in some cases; for example, airlines are subject to the authority of the Federal Aviation Administration (FAA), and cell phone carriers are subject to the authority of the Federal Communications Commission (FCC).

Federal Communications Commission

FCCU.S. Federal Communications CommissionFederal Communications Commission (FCC)
The FTC's powers are statutorily restricted in some cases; for example, airlines are subject to the authority of the Federal Aviation Administration (FAA), and cell phone carriers are subject to the authority of the Federal Communications Commission (FCC).

Class action

class action lawsuitclass-action lawsuitclass-action
In some cases, private parties enforce the terms of privacy policies by filing class action lawsuits, which may result in settlements or judgments.

Arbitration clause

mandatory arbitrationarbitrationdelegation clause
However, such lawsuits are often not an option, due to arbitration clauses in the privacy policies or other terms of service agreements.