Some long-winded thoughts on privacy policies and consent popups
This Q&A is compiled from conversations I have had with many, many clients and collaborators who have had a hard time navigating things like the GDPR, privacy policies, cookie notices, consent messaging, and other related topics.
Requisite caveat: Though I have a lot of experience poking around in the GDPR and other privacy regulation wording and try to advise where I can, I would not consider myself an expert on information privacy law and you shouldn’t either. The guidance I provide here is a primer that scratches the general surface of these topics.
If you’re looking for concrete guidance, always refer to official documents and bodies such as the GDPR guide on gdpr.eu which is part-funded by the EU, the ICO’s guide to UK GDPR, and the European Commission website. And, of course, speak to a specialist who is an expert on this stuff!
And a note: There are other privacy regulations around the world that are worth keeping in mind, but I will refer to the GDPR throughout this Q&A since it is the strictest and most broadly applicable policy I am aware of at this time. If you’re curious about other regulations and laws that might be more applicable for your audience such as the CCPA in California or LGPD in Brazil, check out the Wikipedia page on information privacy law as a starting point.
/cloudfront-us-east-2.images.arcpublishing.com/reuters/GGMGHBONFRM6TCFALZQYWYSVRE.jpg)
