First, the information in this news piece is not meant to be legal advice. I’m not a lawyer, and am only writing this for informational purposes.
Recently, Amazon Europe Core S.à r.l. was fined €746 million, and Zoom allegedly agreed to pay $85 million.
Amazon Europe’s fine was due to the Luxembourg National Commission for Data Protection’s claim that Amazon’s handling of personal data didn’t comply with the EU’s General Data Protection Regulation.
Zoom’s payment of $85 million was allegedly to settle claims that it lied about encryption and, without the consent of its users, gave user data to Google and Facebook.
So, What Does This Mean for Us, the Small- or Medium-Sized
Digital Business Owner?
Privacy (and how personal data is handled…or mishandled) is a serious matter.
On some level, we, as owners of small digital businesses, are aware that it’s important to inform our users of the data we may collect, and our limitations on how we can use that data.
To that end, over the years, there have been a number of geographically-oriented, and international laws that govern privacy and data usage.
One of the earliest ones I remember is the CAN-SPAM act of 2003, which has more to do with email.
More recently, there have been the advent of cookie policies, the California Consumer Protection Act (CCPA), the General Data Protection Regulation (GDPR).
Of course, there’s also the general requirement to have a privacy policy on your site.
A Few Tips to Keep on Top of Your Privacy Requirements
Know What Personally Identifiable Data Is
Personally identifiable data is data or information that can be used to identify a single person. Things like an email address, a phone number, or maybe even an IP address can be used to identify a particular person.
Don’t Be Afraid
In my opinion, if you aren’t doing anything with personal data that’s not covered in your privacy policy, you’re fine. I think the big problems arise when data is given or sold to 3rd parties, when this practice isn’t covered in your privacy policy, or goes against the applicable legal guidelines.
Your Web Host May Be a Resource
If you’re looking for privacy solutions, your hosting company may have some informational resources.
Do You Use WordPress? Try a Plugin
There may be plugins, such as the GDPR Cookie Consent plugin, that make it a lot easier to put the required laws in practice on your site.
Be Aware of How 3rd Parties Use Your Visitors’ Data
Does your site participate in any advertising programs or tracking programs that require you to put some code on your site?
Google Analytics, Google AdSense, and Google Search Console may require that you put some of their code on your site. These 3rd-party services may collect data from your visitors. Are you aware of whether this data is personally identifiable data? How do they use it? Where is it stored?
If you use an autoresponder, an email automation solution, or otherwise collect email addresses, do any 3rd-party solutions comply with your site’s privacy policy?
And of course, only use reputable 3rd-party partners.
Use Cookies? Have a Cookie Consent Banner
You’ve seen them: you arrive at a site, and usually, at the bottom of the page, there’s a statement about cookies, with a button you click on, confirming that you’re okay with the cookie statement.
Cookies are bits of data stored on browsers, so that information is kept on the visitor, such as the pages they visited.
If your site uses cookies, you may need to have a cookie consent banner.
In conclusion, be sure to do your best to comply with local and international privacy regulations.
Source: The Verge