Do you really understand why you have a Privacy Policy?

James Ryan Jonas

Brace yourself for a deluge of Privacy Policies now that Google Adsense has required all publishers to post Privacy Policies on their sites. In the latest batch of changes in their Terms and Conditions, Google now requires publishers to:

have and abide by an appropriate privacy policy that clearly discloses that third parties may be placing and reading cookies on your users’ browser, or using web beacons to collect information, in the course of ads being served on your website. Your privacy policy should also include information about user options for cookie management.

Google is here again playing God, dictating website owners what a site should have and how it should be managed. Nevertheless, this is for a good cause because sites really need to abide by certain privacy procedures especially at a time like now where personal privacy is shelved in exchange for profit.

So what really is a Privacy Policy?

A Privacy Policy is simply a promise by the site to their visitors that any information submitted to or collected by the site will be treated with utmost confidentiality.

It is a promise that whatever information collected will not be used for purposes other than what was originally intended.

If a person, for example, submitted his email address to comment on a blog post, that email address should not be automatically added to a mailing list, unless that person explicitly agreed to it. If a person subscribed to an email feed of the articles, no direct email of any offers or promotions should be sent.

Also if a visitor commented on a blog, the owner CANNOT simply reprint that comment and the email address of the commenter on any article without the latter agreeing to it. That is a violation of privacy because when the blog comment was made, the commenter did not agree for his email address to be shown publicly.

The Privacy Policy is also a firm statement by the website that any collected information will not be shared to anyone, especially to third parties for marketing purposes.

In short, websites should uphold the original and only intent of the person when he submitted his personal information.

A Privacy Policy is also a notice that tracking technologies such as cookies may be used by the site to collect data about visitors. The latter should be made aware that although cookies per se do not collect personally identifiable information, those information may be tied to the cookies if a visitor previously provided those.

So basically, a Privacy Policy is a promise to (a) protect the confidentiality of your visitors’ information; (b) use those information only in purposes originally intended; and (c) not share those to unauthorized third parties.

Now that you have your own Privacy Policy, are you ready to keep that promise?

PS. Since we’re in the subject of Privacy Policy and Google Adsense, I noticed that the Privacy Policies of some Filipino blog owners are still not at par with the requirements of Adsense.

The policy must mention two things: (1) that third parties such as Google Adsense may place cookies on a user’s browser and may collect data about visitors in the course of serving ads; AND (2) that users have options to manage their cookies, either through the ability to decline them or to remove them from their hard drive.

Check out our own Privacy Policy and other sample policies. Since these are freely available online, you may copy them but make sure you customize them to fit your site.

James Ryan Jonas teaches business management, investments, and entrepreneurship at the University of the Philippines (UP). He is also the Executive Director of UP Provident Fund Inc., managing and investing P3.2 Billion ($56.4 Million) worth of retirement funds on behalf of thousands of UP employees.