Differences in a Privacy Notice vs. Privacy Policy

Carmen E.

Privacy policy, privacy notice = po”tay”to, po”tah”to, right? Wrong, my friend! It is not a case of po”tay”to, po”tah”to . A privacy policy and a privacy notice, though they both begin with the word privacy are two different concepts.

A Privacy Notice, which is what most of the public is familiar with, refers to an external statement to consumers letting them know how a business is using their data. A privacy notice typically tells the individual what information is collected, how it’s protected, the legal base for processing the data, categories of personal data, how the information is shared (or not shared), retention periods, data subject’s rights, contact information of the responsible party, etc.

Privacy notices exist solely to let the consumer know what, why, and how their personal data is being used. Most times people don’t even read the privacy notices websites provide due to how long and how full of technical/ legal jargon they are. That makes understanding to what you are agreeing to a tricky proposition. That is where the GDPR comes to the rescue, to help consumers with the comprehensibility of privacy notices. One of GDPR’s requirements is to have privacy notices that are in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. (Article 12)

” Most times people don’t even read the privacy notices websites provide due to how long and how full of technical/ legal jargon they are..”

Websites often refer to their privacy notice as a privacy policy, but that’s not technically accurate. A privacy policy is an internal statement used by companies to define guidelines on the handling of the personal data. A privacy policy contains more detail as to how employees should process personal data, restrictions, how personal data is classified, who the policy applies (any third party), protection standards, roles, and responsibilities, etc. In other words, a privacy policy directs employees how to handle data.

Repeat after me a Privacy Notice is an external statement that lets the consumer know what is being done with their data while a Privacy Policy is an internal statement designed to guide employees in the handling of personal data. Good job kiddos you just learned something important.

Now that we have that settled, want some help creating a simple, GDPR compliant, easy to read privacy notice for your website? Just click here to begin.

Finally, EASILY Create Privacy Notices That Meet the Requirements of the European Union GDPR