Privacy policies must:
- Be specifically tailored to your industry, business, and circumstances
- Have clear and accessible explanations understandable to the average consumer
- Provide enough information that users have informed consent
- Be strictly adhered to once published
- Be updated to reflect any changes
The plaintiff subscribed to GameStop’s monthly publication Game Informer magazine, including both print and online versions. GameStop provides a feature that allows subscribers to log in to the magazine content through their personal Facebook accounts. The plaintiff filed suit because once he logged in to the magazine through Facebook, his Personal Facebook ID and Game Informer browsing history were transmitted to Facebook.
Privacy policies have become a common business practice for many websites. These days, website users are keenly aware of privacy concerns and protective of their personal information. The prevailing view is that a credible website will operate with at least minimal privacy standards in place. Privacy policies are especially necessary when you are engaged in e-commerce or data collection. If your prospective and current clients are likely to have concerns about privacy, then they will expect you to have a policy that details the various protections and procedures that you have in place.
Every website will have different elements to cover, and some websites will need more comprehensive policies than others. This is likely dependent on what kind of user information is collected and how much/to what extent it will be shared with third parties.
Privacy policies typically include sections that address:
- user information that is collected
- method of collection
- how that information is shared and/or stored
Once you have a policy in place, it is essential that you abide it and make sure that your practices actually match the statements in your policy. Your policy creates a contract with your users. If your policy and practices do not align, you open yourself up to liability, both from lawsuits by users and actions by regulators like the FTC, who scrutinize unfair or deceptive trade practices.
 833 F.3d 903 (8th Cir. 2016).