What Privacy Laws Are Important For Web Developers?
The two biggest privacy laws that web developers need to keep tabs on are the General Data Protection Regulations (GDPR) and the California Consumer Privacy Act (CCPA). Each law has its own unique scope and provisions, but they both shifted the landscape in defining an individual’s rights to their personal data and set mechanisms for how these rights would be protected and enforced. Each regulation also carries with it fines, fees, and legal measures for non-compliance. These can be substantial. And if that’s not enough, there’s an ever-increasing consumer demand for websites that prioritize privacy and security. Consider these statistics:- 82% of Americans surveyed say they are concerned about the security of their online data
- 79% of adults claim they are very or somewhat worried about how companies use the data they collect about them
- 63% of Americans believe they understand very little or nothing at all about privacy laws and regulations that are intended to protect their data
How Can Developers Implement These Laws?
Privacy by Design is Critical for Websites
Under GDPR, web developers are required to adopt the Privacy by Design framework, which is a multi-point methodology intended to standardize data protection measures. Building privacy into websites shouldn’t happen at the end stages. It should start with how the websites are conceptualized in the first place. Here are points to prioritize:- Minimize that data you’re collecting and pseudonymize it to protect data privacy
- Are you capturing consent? How? Where?
- Integrating security measures to protect data — anytime you capture data or implement a third party product, a security risk is born.
- Knowing where you’re introducing privacy and data sharing notices
- Implement just-in-time notices to provide consumers transparency and build trust
- Giving your users the opportunity to manage their personal data
Data Minimization is the Goal
Data minimization is an important principle embedded in GDPR. Data minimization itself is a pretty straightforward concept: organizations should limit how much personal data they collect and only process the information necessary to accomplish their business purposes. Once the data is no longer useful, it should be deleted. For web developers, this means several things. When it comes to building websites, forms, cookies, and other methods should only ask for essential information. For example, if you are creating a pop-up to collect email addresses, don’t ask for their location unless it’s relevant to the email list and better serving their needs.How and Where Do You Introduce Privacy Policies and Notices?
Let’s say you take data minimization seriously. That’s great! Now you need to put those data collection practices into words and share them with your customers. Privacy policies and notices are a big part of both GDPR and CCPA. Both the CCPA and the GDPR mandate that your privacy policy detail why you’re collecting information and how it will be used, as well as what the individual’s rights are and how they can exercise them. CCPA takes a slightly different angle, requiring privacy policies to disclose if the business sells personal data and what third parties have access to the data. CCPA also dictates that privacy policies and notices are current, updated at least annually. (Nota bene: GDPR also asks for updated privacy documents, but doesn’t specify frequency.) How does this translate from policy into web development?- If you’re collecting data to improve user experience, allow for targeted ads, or sharing information with third-parties, this information will need to be included in a privacy notice. Remember, CCPA works with a broad definition of selling data, so you may need to account for a “Do Not Sell” link on your home page.
- Considering using data beyond these purposes? Plan to obtain explicit user consent for each additional purpose.
- What’s your plan for the data after the user gives it to you? Where is it stored? Who has access to it? How long are you keeping it? These are all questions that a website developer should consider, and that needs to go into a privacy notice.
Just-in-Time Notices for Transparency and Trust
Part of Privacy by Design is the use of individual components of your website to create transparency and support compliance. From a development and design perspective, this means you should always be looking for ways to communicate the hows and whys of data collection. Yes, your privacy policies and notices aid in this, but going beyond these pieces is important. Customers recognize when businesses go the extra mile for them, after all. So consider implementing just-in-time notices at points where users enter their information. These notices are a chance to share your data collection practices with your users. It’s transparent! It’s open! It aids in consumer awareness!Keep Users in the Loop
Want to win over your customers? Make it as easy as possible for them to manage their personal data and how it’s being used. This starts with making sure they are aware of why you’re requesting their information and how you’re planning on using it for the website. You should also:- Get user consent — clear and unambiguous user consent — prior to gathering any data at all. This includes cookies.
- Don’t pre-tick boxes for consent. Just don’t. (It’s bad practice AND it’s against GDPR.)
- Link to all legal documents on the site. Users should be required to agree to them before using the service.
- Want to send marketing communications like email newsletters to your customers? Make sure they agree to this. Expressly.
- Maintain accurate and clean records of users’ data consent preferences
- Send regular reminders to users to update their personal information in your system
- If a user deletes their account, promptly delete all of their personal information
- If your client goes out of business or is sold, they should delete all personal information in their system
Make it User Friendly
A final point: making your websites user friendly is important regardless of privacy compliance. Users expect websites that don’t make them think deeply about, or worry about, their privacy. Make it accessible and easy. Don’t make people figure it out on their own. Give them value for sharing their data Your users don’t have to share their data. They’re choosing to. So in exchange for their personal information, make sure you’re using it to provide a user-friendly website. Offer them a secure, enjoyable experience. But don’t ask for more than you need Let’s loop back around to this point again. While consumer data can help you build a better website, don’t plan your websites around it and don’t demand data to create a good experience. Usability, web design, and website security; all of these things benefit from consumer data. But privacy laws should always guide how any personal data is collected and used, and respect for consumers’ individual rights, and honoring their privacy should be top-of-mind for web developers. Featured image via Pexels.Jodi Daniels
Jodi Daniels is the Founder & CEO of Red Clover Advisors. She is a Certified Informational Privacy Professional (CIPP/US) with more than 20 years of experience helping a range of businesses from solopreneurs to multi-national companies in privacy, marketing, strategy, and finance roles. Since launching in 2017, Red Clover Advisors has helped hundreds of companies create privacy programs, achieve GDPR, CCPA, and US privacy law compliance, and establish a secure online data strategy their customers can count on.
Read Next
24 Best Creative Portfolio Websites in 2023
For anyone working in a digital creative field, whether design, illustration, animation, video, or a combination of…
By Simon Sterne
15 Best New Fonts, September 2023
Nothing upgrades your designs like selecting the right font. It’s all too easy to fall into the trap of using the same…
By Ben Moss
Weekly Design News #1
Every Sunday we’re rounding up the best of the previous week’s stories from webdesignernews.com, and in this issue #1,…
By Louise North
The 20 Most Controversial Logos of All Time (Ranked)
When you hire graphic designers to create your company's logo, what do you expect? Professional designs, culturally…
By Robert Reeve
LimeWire AI Studio Generative Art App
If you’re looking for the most exciting way to launch a career in AI-generated art, then you’re in the right place.
By WDD Staff
20 Best New Websites, September 2023
Are you in need of design inspiration? Are you looking for the best websites designed in 2023 to pull ideas,…
The Dangers of Deceptive Design Patterns (And How to Avoid Them)
As web designers, our role in crafting user-friendly digital landscapes is critical. We are tasked with creating user…
By Louise North
10 Best Ecommerce WordPress Themes in 2023 [September update]
You plan to set up shop with an online store. You know there’ll be competition. And to compete with or beat that…
By WDD Staff
5 Marketing Tools Every Designer Needs
Yes, designers do need marketing tools. From freelance graphic designers who need to land more work to designers who…
Exciting New Tools For Designers, September 2023
At the end of another summer, we are all getting ready to knuckle down for some serious work in the fall. But we want…
Elon Musk calls LinkedIn ‘Cringe’—Announces Competitor
Elon Musk recently announced his intentions to create a direct competitor to LinkedIn. Musk’s grand plan is to make his…
Everything You Need to Know to Embrace the Y2K Design Trend
The turn of the millennium was a major cultural shift, and the Y2K aesthetic emerged as a visualization of what the…
By Simon Sterne