Recently some client partners have asked for help with creating privacy policies. These policies need legal guidance. Not our area of expertise. In the past our response would be to recommend engaging a lawyer and offering our support them as needed.
This past year a colleague recommended iubenda.com. This service provides “Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations”. They offer a host of tools for all things privacy and cookies.
The European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are two notable privacy laws. They outline a host of requirements for compliance for certain organizations. Their goal is to ensure that people have awareness of and say about their data. Notable fines can result if organizations deemed required to comply do not.
Because compliance to these laws can be quite involved, services like iubenda and and others have emerged to help.
These laws have an impact for those organizations who have to be compliant. They have helped to raise awareness about the amount and use of website visitor data. It is now common for organizations to adopt many of the best practices these laws suggest, even if not bound to do so.
-Seth Giammanco, Principal, MOD-Lab
We had done some research when GDPR first hit the scene to learn the impact on our small U.S.-based business. We had to do our own research, as well as consult our lawyer. We revised our Work Agreement to include some language inspired by GDPR, but that was the extent of it.
What are the categories of data collection services a website might have? A typical nonprofit website has the following.
Analytics and Tracking
Contact and Volunteer Forms
Email Subscribe Forms
For our website we knew to consider analytics, contact forms, and email subscribe forms.
When we explored iubenda further, we found a lot of data collection cases that are not as obvious. One for us is our use of Adobe Typekit fonts. Another was our use of Google’s reCAPTCHA to manage spam on form submissions. Some we don’t have that you may have are Tweet or Like buttons. Do you have a comment system on your blog? These services all collect data and have a privacy and/or cookie implication.
What is a cookie? A cookie is a small package of data, set and read by a website’s code, and stored on a person’s web browser for a period of time. They track activity and power certain website functionality. Cookies serve to help with functionality that happens over time. Such as across pages when browsing a website or across more than one visit to a website.
We found one cookie set by our content management system, Statamic. It is a technical cookie used when logging in to the site to manage content.
Among many options, we opted for a simple banner revealed at the bottom of the browser window.
Once a policy is live, it is easy to make certain adjustments. For example, we recently removed reCAPTCHA and contact forms from our website. iubenda makes adjusting our policy to remove these services easy. Changes take place immediately on save.
Privacy laws continue to change and new legislation passes. Having a dedicated service with a robust team of lawyers to keep on changes is helpful. How they evolve their product to address changes will make it easier for us to keep up.
When building sites, we often leverage the work of others to offer greater value in the work we do. It is great to have services like iubenda rise to help achieve privacy compliance and to inform for your website visitors out of care. They make meeting good standards of web privacy easier and more affordable.
If you decide to sign up to iubenda you can get 10% off your first month/year using this referral link - https://bit.ly/3ilWP2Z
Principal, Strategy and Technology