The most important privacy laws you need to know and how to tell which apply to you

Home » Knowledge Base » Legal Compliance » The most important privacy laws you need to know and how to tell which apply to you

Compliance can often be a bit confusing and it’s not uncommon for more than one regulation or law to apply at the same time. Feeling a little overwhelmed? No need! In this short post, we’ll take a look at the most important privacy laws and how, using a simple rule of thumb, you can quickly tell which laws apply to you.

 

Privacy Laws

 

United States

If you target US-based persons, the Federal CAN-SPAM Act and California’s CCPA and CalOPPA may be most relevant to you. California’s CalOPPA and the CCPA (California’s most well-known privacy laws) currently make up the most comprehensive legal privacy framework in place on a state level in the US, while the CAN-SPAM Act is one of the few data-privacy-related laws that exist on a  Federal level in the United States.

Under the California Online Privacy Protection Act (CalOPPA), commercial websites must have a valid privacy policy available on their site or app.

The privacy policy:

  • Must clearly inform users of what info is collected and who it’s shared with.
  • Must state how your business responds to Do Not Track signals from Web browsers.
  • Must show the effective date of the privacy policy and more.

Under the California Consumer Protection Act (CCPA) California-based consumers are granted additional rights such as the right to be informed and the right to access any data you’ve collected about them. However, one of the most talked-about rights granted to users is the right to Opt-out.

The CCPA gives users the right to opt out of any processing that is considered to be a sale of their data under the law. Sale, under the CCPA’s definition, is quite broad and can mean sharing the data for any kind of profit (monetary or not). Californian users that visit your site or app must be notified of your “selling” activities in regards to their data and must be informed of their right to opt-out. Minors, on the other hand, are given the right to opt-in under CCPA rules, and therefore, valid consent must be collected before processing the data of children. You can read more about the CCPA here.

Both the CCPA and CalOPPA are likely relevant to you if you have California-based users, regardless of where you are based. 

The Federal CAN-SPAM Act

The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing), sets the rules for sending commercial emails and commercial messages on a Federal level.

Under the Act, you do not need the consent of US-based users in order to add them to your mailing list or send them commercial messages. However, the law mandates that you must meet CAN-SPAM disclosure requirements and give users an easy way to opt out of further contact. More on email compliance here.

 

European Union

If you or at least some of your users are based in the EU, the GDPR and ePrivacy (Cookie Law) are relevant to you – regardless of where you’re based.

GDPR

The General Data Protection Regulation (GDPR), is probably the most famous global privacy law. It applies to you where any of the following conditions are met:

  • you’re based in the EU, regardless of where your users are based; or 
  • you are not based in the EU but offer goods or services (even if the offer is free) to EU citizens; or
  • you are not based in the EU but you monitor (e.g. analytics) the behavior of EU citizens.

At its most basic, the General Data Protection Regulation specifies how and when personal data should be lawfully processed.

Personal data under the GDPR refers to any data that relates to a living person, and even includes fragmented data that can be pieced together to identify a person, and IP addresses.

Under the GDPR you can only process personal data where there is at least one legal basis for doing so. There are six legal bases under the GDPR; however, please keep in mind that legal bases shouldn’t be “picked” at random, as they must legitimately apply to your situation.

Therefore, there will always be situations under the GDPR for which the legal basis of consent is the safest, best, or only option. This makes consent it one of the most discussed aspects of the GDPR.

Consent under the GPDR must always be informed, opt-in, freely given, and verifiable (meaning you must be able to prove that you collected valid consent). Read more about the GDPR here.

ePrivacy

The EU’s ePrivacy Directive (Cookie Law) sets the rules for electronic privacy, including email marketing and cookie usage. The ePrivacy works alongside the GDPR, and is still in force today. If you have EU-based users the ePrivacy (or Cookie Law) applies whether or not your business is based in the EU.

The ePrivacy Directive/Cookie Law states that you must have the informed consent of EU-based users before you can store cookies on a user’s device and/or track them.

A cookie is a small piece of data that is sent from a website or app and often stored on a user’s computer via their web browser. Many of the apps, widgets and services you use on your website (e.g. analytics, social logins, share buttons, payment services) run cookie scripts or similar technologies.

Meeting ePrivacy requirements generally mean informing the user of your use of cookies via a cookie notice, blocking scripts from running until you’ve got the user’s consent, and linking to a comprehensive cookie policy. More on the ePrivacy here.

 

Multiple regions/ other countries

Generally, where the laws of multiple countries apply, including countries outside the US or EU, it’s often safest to apply the strictest applicable standards (currently GDPR standards). However, be sure to look out for any legally or technically specific requirements of the other laws that might also apply.

For example, in cases where both the GDPR and CCPA, while following GDPR guidelines will, in principle, mean that you’re meeting many of the CCPA’s requirements, the CCPA has its own distinct disclosure requirements such as the Notice of Collection, which will need to be specifically addressed).

 

Determining which laws apply to you

As a general rule of thumb, you should comply with the laws of the country in which you base your operations, as well as those of the country (or countries) your site targets.

 

Languages

Onsite legal documents like your privacy and cookie policy or terms and conditions, must be available in the same language as your site so that your users can understand them. If your site is available in multiple languages, your documents and notices should also be available in these languages.

With features like geo-detection and one-click legislation activation, iubenda can help you meet global data privacy law requirements in minutes. Learn more about our solutions here.

Was this post helpful?

i

Relevant tags:

Connect

Latest posts:

How to Find Modules in MediaWiki

After you install MediaWiki, log in to the CMS, and presumably install extensions, it is time to learn how to find modules in MediaWiki.   What are MediaWiki Modules Modules in MediaWiki are Lua-based scripts that allow you to add various functionalities to your...

How to Fix MediaWiki Internal Error: A Step-By-Step Guide

MediaWiki Internal Error message can be very frustrating and can significantly harm your MediaWiki project. Luckily, the issue can be fixed in a few easy-to-follow steps to get your website up and running in no time. There are various causes for the issue: Incorrect...

How to Add Infobox Module in MediaWiki

The Infobox in MediaWiki is a handy tool for presenting content and key information in a structured and visually pleasing way. Infoboxes are useful for any kind of MediaWiki project and can provide your readers with a quick snapshot of important data and details. In...

How to Install a MediaWiki Skin

In MediaWiki, skins determine the visual appearance of your wiki website. Skins define how content is presented to users and include such settings for the overall website layout, typography, color scheme, and more. By default, when you install MediaWiki, the platform...

How to Create a Page in MediaWiki

Creating pages in MediaWiki is а core feature that allows you to add content to your MediaWiki website. Whether you are adding details for a project, contributing to a knowledge base, or anything else, learning how to create a page in MediaWiki is crucial for your...



Create a website for free!


Free forever

Our Support Team is Here to Help

 

If you need any questions answered, don't hesitate and contact us. Click the button below and follow the instructions. You can expect an answer within an hour.

 

Contact AwardSpace

 

iNewest knowledge base articles

How to Find Modules in MediaWiki

After you install MediaWiki, log in to the CMS, and presumably install extensions, it is time to learn how to find modules in MediaWiki.   What are MediaWiki Modules Modules in MediaWiki are Lua-based scripts that allow you to add various functionalities to your...

How to Fix MediaWiki Internal Error: A Step-By-Step Guide

MediaWiki Internal Error message can be very frustrating and can significantly harm your MediaWiki project. Luckily, the issue can be fixed in a few easy-to-follow steps to get your website up and running in no time. There are various causes for the issue: Incorrect...

How to Add Infobox Module in MediaWiki

The Infobox in MediaWiki is a handy tool for presenting content and key information in a structured and visually pleasing way. Infoboxes are useful for any kind of MediaWiki project and can provide your readers with a quick snapshot of important data and details. In...

How to Install a MediaWiki Skin

In MediaWiki, skins determine the visual appearance of your wiki website. Skins define how content is presented to users and include such settings for the overall website layout, typography, color scheme, and more. By default, when you install MediaWiki, the platform...

How to Create a Page in MediaWiki

Creating pages in MediaWiki is а core feature that allows you to add content to your MediaWiki website. Whether you are adding details for a project, contributing to a knowledge base, or anything else, learning how to create a page in MediaWiki is crucial for your...

How to Install MediaWiki Extensions

Now that you have installed MediaWiki and learned how to log in to the CMS, it is time to extend MediaWiki's functionality via extensions. MediaWiki extensions are sets of files that add various types of functionality to your MediaWiki website. You can use extensions...

Even more web tutorials

Check out our web hosting knowledge base and the WordPress tutorials to learn more, and be better prepared for your website creation and maintenance journey.