Sites you visit, applications you use and services you take all have privacy policies – but what are they and why are they important, despite many people just check boxing them?

Privacy policies govern the collection, management and protection of data

Transparency and empowerment around the use of your data underpin the use of privacy policies in this data-driven age and should be taken seriously.

Sign up for a Google email account? They have a privacy policy on how they handle your data in providing you email services. Playing a new game? They will have a privacy policy specifying how they handle your personal data.

Privacy policies are a necessity whenever data is handled whether its customer names or addresses, personal information or sensitive data such as health or financial data. They provide the framework for how data is collected and managed and communicate this to the end-user. TPP has a privacy policy that covers how data from your comments or communications with us is handled and your rights in relation to it.

In data-driven ecosystems, this has ever-increasing importance. Following the Cambridge Analytica scandal how data is collected, why, where and when has come under intense scrutiny. As it should. Data profiling and mining provide ever-encroaching methods of using data for commercial and potentially invasive purposes.

All these practices and their justifications should be found in a robust privacy policy. Common questions such as which third parties your data is shared with should be answered. Fundamental rights, such as those under the GDPR, should be stated. This includes your rights, if you are governed by EU laws, to the removal, access or rectification of your data.

Further, opt-in and outs in providing data should be specified clearly. Having clear data retention and usage policies allows for data portability and the explanation of otherwise invasive services. Ever wondered why some apps in Apple Store or Google Play ask for permission to access your phone’s contacts or text messages? A privacy policy should specify exactly why this is the case.

If anything goes wrong a privacy policy will outline how you can make a complaint or raise a concern regarding the handling of your data.

So yes, you should read privacy policies. They are typically a few pages long at most. Focus on how your data is being used, why, where and how it is being stored and whether this is necessary. 

Do I need a privacy policy?

If you are a content creator or business owner a privacy policy may well be necessary for your compliance with data protection laws and would be well advised in any event. Having one is a necessity, as informing users of why and how you handle their data is a basic requirement when requesting it. It can also help you map the data you are collecting and how best to get the commercial value out of it.

For more details on what UK companies need to communicate to users about what data they collect and use see the ICO website.

Suneet Sharma is a junior legal professional with a particular interest and experience in media, information and privacy law.

This post originally appeared on The Privacy Perspective Blog and is reproduced with permission and thanks