Legal requirements in general
- In the US privacy laws can vary widely and are often implemented on both a State and Federal Level.
- In the EU, the main data privacy regulations are the General Data Protection Regulation (GDPR) and the ePrivacy Directive (the Cookie Law).
You can read our general legal overview.
Which Regulations apply to you
For the most part, compliance requires that you disclose data collection, inform users of their rights in regards to their data and implement methods of receiving/rescinding consent. Failure to adhere to data privacy laws can result in hefty fines, leave you open to litigation and negatively affect the credibility of your website.
Compliance requires that you disclose data collection, inform users of their rights in regards to their data and implement methods of receiving/rescinding consent
You can learn more about which laws apply to you here.
Legal requirements specific to blogging
By law users of your site need to be informed about:
- what data is being collected;
- their rights in regards to that data;
- your notification process for policy changes;
- third-party access to their data (for example, third-party comment widgets, social buttons, ad service integrations etc.)
Disclosing endorsements in accordance with legal guidelines
Many regulations, including those by US, EU and The International Consumer Protection and Enforcement Network (ICPEN), have specific guidelines in place regarding product/ service endorsements.
? Run an affiliate program? Read this guide.
Generally, they require that endorsements made by bloggers and influencers reflect the truth-in-advertising principles. This means that you’re not allowed to make any claims about the product that the marketer couldn’t legally make and that endorsements must be non-misleading and fully disclosed. You must inform users when there’s a connection between an endorser and the marketer a consumer would be interested in knowing, or that would change their perception if known.
- you’re endorsing a product that is marketed by your relative;
- you’re an employee, shareholder or investor in the product.
You must also inform users when you’ve been given an incentive (financial or otherwise) to push the product. This means that whether you were given a free product/service, paid directly, or you make a percentage off each sale (in the case of Affiliates) you’re equally obligated to inform users of the fact.
- you’ve been given a free night at a hotel in exchange for an endorsement;
- you’re reviewing a product with an affiliate link that earns you money, discounts or free products;
- you’re being paid by a brand to post pictures of yourself wearing their clothing.
According to ICEPEN, you must clearly and prominently label content that you’re paid to endorse and ensure that it is clear whose opinion or experiences is being stated. This means that disclosures need to be specific to the particular endorsement, so simply putting a single disclosure on your homepage won’t suffice.
Here’s an example of a complaint disclosure using the affiliate example above:
This blog received a commission for using “company name” products in the tutorial shared in this post. Although we receive a commission for using and linking their products, all of the products are tested thoroughly and only the ones that meet our standards are linked. All opinions stated are our own.
Third-party apps and services also need to follow the law. As organizations themselves, they too can be exposed to major reputation damage, fines, and sanctions if their legal obligations are not met. For this reason, it’s often mandatory that all partners and customers that use their services meet regulatory standards.
We extended the requirement to disclose our affiliate relationship to any means where you may be leveraging Associates’ content.
Needless to say, it’s important to ensure that both legal and third-party requirements are met. From time to time, however, third party requirements can change in response to internal or regional regulations. It’s therefore necessary that your policies meet the latest requirements in order to avoid interruption of service or legal consequences. For this reason, we use embedding and NOT copy & paste for our document solutions. With this method, you can rest assured that your policy is up to date and being maintained remotely by our legal team.
You can read more about Google’s requirements here and Amazon’s requirements here.
How to comply
- what data you’re collecting;
- how you’re collecting it;
- their rights in regards to their data;
- your purposes for collecting this data;
- which third-parties have access to their data and for which purpose.
Regulations require that your policy is clear, easy-to-understand and that it lists specific third-parties in a granular manner. The policy also needs to be easily accessible throughout the website.
How iubenda can help
With hundreds of available clauses, our privacy policies contain all the elements commonly required across many regions and services, while applying the strictest standards by default – giving you the option to fully customize as needed.
Our policies are created by lawyers, monitored by our lawyers and hosted on our servers to ensure that they are always up-to-date with the latest legal and third-party requirements.
Easily integrate with your website/app using any one of our integration methods to make sure that your policies are visible and easily accessible as legally required.
1. Add your services
- Click “Add a service” then start typing the name of the service you’d like to add. Remember to include all services processing personal information as a blogger, you’ll most likely want to add services like “Contact Form”, “Mailing list or Newsletter” and social widget services such as the “Facebook like button”.
- Select each applicable service from the list of suggestions that shows up and customize by simply adding the specific types of personal data you collect. Our lawyer-crafted clauses automatically include the relevant user-rights disclosures and service definitions based on your input here.
- If you’d like to add a custom service clause, simply click the “Create custom service” button and fill out the built-in form.
2. Fill out your web/app owner and contact details
- Enter name and full address
- Enter email address
Congratulations! Your policy has been created. Simply check that all the details are correct, then:
- Customize the look of your button or simply choose a text link;
- Choose the embedding method (choose between embedding code, direct link or direct text embedding);
- Easily embed wherever you’d like! Remember you’re required to choose a location that is easily accessible and visible to users.
Consent for data collection forms
Generally, US laws require that you provide users with an option for withdrawing consent (opt-out) when using data collection mechanisms (e.g. newsletter sign-up forms).
Compared to US laws, however, EU laws (in particular the GDPR) are more stringent. Consent under the GDPR must be “explicit and freely given”. This means that the mechanism for acquiring consent must be straightforward and involve a clear “opt-in” action. Within the context of a blog, this means that you’d be in violation of regulations if you were to employ mechanisms such as pre-ticked newsletter sign-up boxes when a user registers an account, as GDPR regulation specifically forbids pre-ticked boxes and similar “opt-out” mechanisms.
The mechanism for acquiring consent must be straightforward and involve a clear “opt-in” action
The regulation also gives users a specific right to withdraw consent. This means that you’re required to make it as easy to withdraw consent as it is to give it.
You can read more about newsletters here and the GDPR here.