This article has been written by Monika Dubey and has been edited by Oishika Banerji (Team Lawsikho). 

Introduction

Article 12 of the UDHR (Universal Declaration of Human Rights) mentions the right to privacy as a basic human right. Moreover, Article 17 of the International Covenant on Civil and Political Rights (ICCPR) and Article 16 of the Convention on the Rights of the Child (CRC) also enshrine the provision regarding the right to privacy. Aside from these international treaties and covenants, multiple domestic constitutions also regard the right to privacy as a fundamental human right, either explicitly or implicitly. Coming to India, privacy is not new but rather innovative. Although not asserted explicitly, the Right to Privacy is implicit in the Indian Constitution, especially under the provisions of Article 21, providing for the Right to Life and Personal Liberty. Various judicial decisions are proclaiming the same, but the motto of this blog is not to dig deeper into such details. Rather, this article will focus on the reasons why one should emphasize having strong privacy policies and have them drafted by an experienced lawyer.

What is a privacy policy

As we have acknowledged in brief about the legal provisions concerning privacy rights, it is time to gain insight into why privacy policy is important. However, before that, let us know what a privacy policy is and what must a good one contain.

A privacy policy is a form of legal documentation disclosing the manner involving the collection, use, disclosure, and management of a consumer/client’s data by the service provider or any third party. A privacy policy is a legal necessity in safeguarding a customer or client’s privacy.

A good privacy policy must contain the following:

1. Clear and easily retrievable information regarding its practices and policies.
2. Clear assertion regarding the type of personal and sensitive personal data or information collected by the business.
3. Purpose behind the data collection and the manner of their usage.
4. Regarding the disclosure of information that includes sensitive personal data or collected information.
5. Justifiable security practices and procedures adopted in protecting the collected data or information.

Why have a good privacy policy in place

All internet-based entities need to have a privacy policy in place in this digital millennium. Of course, one may be exempted if no data is stored and nothing is sold, but even freelancers are considering the essentiality of a privacy policy. Consumer privacy laws are rapidly evolving both in terms of quantity and power. Hence, both the consumers and business partners are now expecting you to mention your privacy policy to them. Now there are multiple reasons for having a proper privacy policy ready by an expert legal draftsman; some of them are for you to see.

Legal requirements

The pivotal reason for having a proper privacy policy is the requirement of complying with the applicable privacy laws irrespective of the location of the clients/consumers. Usually, organizations develop a website for expanding their reach, which increases the necessity for higher legal awareness.

Building trust

Being transparent with the users is possibly the highest moral requirement. Providing a clear image to the clients and customers regarding the reasons and manner of processing their data makes the clients feel safe and secure.

Additionally, by having a concise, transparent, and easily accessible privacy policy, trust-building becomes reinforced. Such a visual representation immediately raises the levels of trust between you, as a business owner, and the users and visitors.

Finally, the thorough readers of a privacy policy will feel safer and more comfortable, thereby using the website or mobile app longer and also tend to recommend the product. Hence, a proper privacy policy pacifies the users mentally.

Avoiding costly legal troubles

There are numerous instances of lawsuits being rolled over due to questionable privacy policies. Snapchat, Delta Airlines, and Google are just a few sufferers for having just a few mistakes in their privacy policies. Hence, whether you own an online website, blog, or mobile app, you better have a good privacy policy to safeguard yourself from such potential legal troubles in the form of fines and lawsuits.

Drafting a privacy policy is not a simple copy-paste job

Many website owners or entities have this notion that simply copy-pasting the privacy policies from other websites and incorporating them into their own shall do the job. Well, that is simply not the case. Just like agreements, treaties, memorandums, and other legal documents have to be customized for suiting different scenarios, the same holds with a privacy policy. Hence, a lawyer possessing expertise in this domain needs to be consulted and handle the drafting of privacy policies for websites, applications, and other related platforms.

Requirements by the 3^rd parties

It is a fact that you not only need a proper privacy policy for the sake of law, but numerous third-party organizations like Apple and Google require you to have one. This holds for the mobile apps that you are planning to place on Google Play or the App Store, but also for using third-party services like Google AdSense or Google Analytics for displaying ads or collecting website data.

Section 7 of the Google Analytics Terms of Service can be a good example in this regard: “…you will have and abide by an appropriate Privacy Policy and … must post a Privacy Policy…”

Also, aside from privacy policy requirements during the mobile app submission process which may otherwise receive a rejection of listing, if the users fail to access your Privacy Policy easily, it may lead to suspension of your mobile app or even worse – ban.

SEO and marketing

Search engines just love a good privacy policy, and therefore prioritize websites having their privacy policies linked as this acts as a symbol of proper security. Hence, if you are yet to have a privacy policy, adding it can result in your site delivering better signals to the search engines. Furthermore, many ad sellers also require you to have a privacy policy in place before running their ads on your site. Therefore, lacking one may severely affect both your SEO and marketing.

Grievance Redressal Officer

As per Rule 10 of the Information Technology Rules, 2021, the Government has mandated the intermediaries to establish a three-tier framework for the grievance redressal mechanism for the users. The first level mandates self-regulation by the intermediary, the second stage mandates the creation of a self-regulating body, and the third one mandates Governmental oversight. Hence, it is necessary to have a grievance redressal officer appointed by an intermediary to address any privacy-related or other grievances in the very first instance.

Data retention

A data retention policy, or a record retention policy, is an established commercial protocol for keeping data or information. Generally, the policy defines:

1. The nature of the data requiring retention.
2. The format for maintaining such data.
3. The time of such retention.
4. Whether such data will eventually be archived or deleted.
5. Identifying the authority for disposing of such data.
6. The process that will be followed in case of any policy violation.

Conclusion

In this ‘Go Virtual’ era, the need for a robust data privacy policy holds utmost importance. It is only through a well drafted privacy policy can companies function in a cut-throat competitive market where data leakage is a common sight. Therefore, the reasons which are discussed in this article behind hiring a legal expert, although limited, are quite relevant. 

References

1. https://www.contractscounsel.com/t/us/privacy-policy
2. https://clarenceabogados.com/client-alert/why-hire-lawyer-draft-your-business-contracts/
3. https://termly.io/resources/articles/why-you-need-a-privacy-policy/#:~:text=The%20purpose%20of%20a%20privacy%20policy%20is%20to%20show%20the,use%2C%20and%20protect%20their%20data