What Privacy Laws Are Important For Web Developers?The two biggest privacy laws that web developers need to keep tabs on are the General Data Protection Regulations (GDPR) and the California Consumer Privacy Act (CCPA). Each law has its own unique scope and provisions, but they both shifted the landscape in defining an individual’s rights to their personal data and set mechanisms for how these rights would be protected and enforced. Each regulation also carries with it fines, fees, and legal measures for non-compliance. These can be substantial. And if that’s not enough, there’s an ever-increasing consumer demand for websites that prioritize privacy and security. Consider these statistics:
- 82% of Americans surveyed say they are concerned about the security of their online data
- 79% of adults claim they are very or somewhat worried about how companies use the data they collect about them
- 63% of Americans believe they understand very little or nothing at all about privacy laws and regulations that are intended to protect their data
How Can Developers Implement These Laws?
Privacy by Design is Critical for WebsitesUnder GDPR, web developers are required to adopt the Privacy by Design framework, which is a multi-point methodology intended to standardize data protection measures. Building privacy into websites shouldn’t happen at the end stages. It should start with how the websites are conceptualized in the first place. Here are points to prioritize:
- Minimize that data you’re collecting and pseudonymize it to protect data privacy
- Are you capturing consent? How? Where?
- Integrating security measures to protect data — anytime you capture data or implement a third party product, a security risk is born.
- Knowing where you’re introducing privacy and data sharing notices
- Implement just-in-time notices to provide consumers transparency and build trust
- Giving your users the opportunity to manage their personal data
Data Minimization is the GoalData minimization is an important principle embedded in GDPR. Data minimization itself is a pretty straightforward concept: organizations should limit how much personal data they collect and only process the information necessary to accomplish their business purposes. Once the data is no longer useful, it should be deleted. For web developers, this means several things. When it comes to building websites, forms, cookies, and other methods should only ask for essential information. For example, if you are creating a pop-up to collect email addresses, don’t ask for their location unless it’s relevant to the email list and better serving their needs.
- If you’re collecting data to improve user experience, allow for targeted ads, or sharing information with third-parties, this information will need to be included in a privacy notice. Remember, CCPA works with a broad definition of selling data, so you may need to account for a “Do Not Sell” link on your home page.
- Considering using data beyond these purposes? Plan to obtain explicit user consent for each additional purpose.
- What’s your plan for the data after the user gives it to you? Where is it stored? Who has access to it? How long are you keeping it? These are all questions that a website developer should consider, and that needs to go into a privacy notice.
Just-in-Time Notices for Transparency and TrustPart of Privacy by Design is the use of individual components of your website to create transparency and support compliance. From a development and design perspective, this means you should always be looking for ways to communicate the hows and whys of data collection. Yes, your privacy policies and notices aid in this, but going beyond these pieces is important. Customers recognize when businesses go the extra mile for them, after all. So consider implementing just-in-time notices at points where users enter their information. These notices are a chance to share your data collection practices with your users. It’s transparent! It’s open! It aids in consumer awareness!
Keep Users in the LoopWant to win over your customers? Make it as easy as possible for them to manage their personal data and how it’s being used. This starts with making sure they are aware of why you’re requesting their information and how you’re planning on using it for the website. You should also:
- Get user consent — clear and unambiguous user consent — prior to gathering any data at all. This includes cookies.
- Don’t pre-tick boxes for consent. Just don’t. (It’s bad practice AND it’s against GDPR.)
- Link to all legal documents on the site. Users should be required to agree to them before using the service.
- Want to send marketing communications like email newsletters to your customers? Make sure they agree to this. Expressly.
- Maintain accurate and clean records of users’ data consent preferences
- Send regular reminders to users to update their personal information in your system
- If a user deletes their account, promptly delete all of their personal information
- If your client goes out of business or is sold, they should delete all personal information in their system
Make it User FriendlyA final point: making your websites user friendly is important regardless of privacy compliance. Users expect websites that don’t make them think deeply about, or worry about, their privacy. Make it accessible and easy. Don’t make people figure it out on their own. Give them value for sharing their data Your users don’t have to share their data. They’re choosing to. So in exchange for their personal information, make sure you’re using it to provide a user-friendly website. Offer them a secure, enjoyable experience. But don’t ask for more than you need Let’s loop back around to this point again. While consumer data can help you build a better website, don’t plan your websites around it and don’t demand data to create a good experience. Usability, web design, and website security; all of these things benefit from consumer data. But privacy laws should always guide how any personal data is collected and used, and respect for consumers’ individual rights, and honoring their privacy should be top-of-mind for web developers. Featured image via Pexels.
Jodi Daniels is the Founder & CEO of Red Clover Advisors. She is a Certified Informational Privacy Professional (CIPP/US) with more than 20 years of experience helping a range of businesses from solopreneurs to multi-national companies in privacy, marketing, strategy, and finance roles.¬†Since launching in 2017, Red Clover Advisors has helped hundreds of companies create privacy programs, achieve GDPR, CCPA, and US privacy law compliance, and establish a secure online data strategy their customers can count on.
Searching for a tool to make cross-platform design a breeze? Desperate for an extension that helps you figure out the…
By Robert Reeve
As a creative professional, navigating the digital realm is second nature to you. It’s normal to follow an endless…
Remember when Merriam-Webster added Photoshop to the dictionary back in 2008? Want to learn how AI is changing design…
By Max Walton
Remember the screech of dial-up internet? Hold fond memories of arcade machines? In this list, we’re condensing down 30…