How humane privacy policies should be written (and in compliance with GDPR)

One other policy to look at (the one I’ve spent most time sweating over):
https://wikimediafoundation.org/wiki/Privacy_policy

I find the format and structure of the document helps align people’s thinking about what privacy is and should be for; a good policy is something you are glad to have read, not just a potential minefield you have navigated.

2 Likes

This is excellent. We will draw inspiration from it.

Thanks for sharing this. I was lacking some good examples, but had this in mind for a partner and myself who are putting together a voice skill right now. Our aim is to be compliant, establish a clear legal framing, and most of all be clear to our users what the upshot is since our skill does involve sharing audio with other people.

I’ll add more examples if I can find them.

2 Likes

Wordpress’s cookie policy is very good. Sharing in case you folks want to check it out:

Hi @andrewmurraydunn!

I couldn’t help but notice that you did not yet updated your Privacy Policy. I can imagine that with all the activities that come with a young startup company, the PP is not highest on your priority list.

Maybe you’d be helped by using a Privacy Policy generator. A quick search showed that there are multiple choices that can deliver GDPR-compliant PP text. You could try those and maybe the only additional thing that is needed is a quick glance by your lawyer, and you are ready to go.

The site Termly looked promising to me:

Free Privacy Policy Generator (U.S.)

Generate a customized privacy policy for your website, mobile app, and Facebook app. Crafted by attorneys, our software can help you comply with state, federal, and international laws like the GDPR. Create your policy for free, or sign up for a premium account to access even more compliance features and upgrades.

I did not vet the site for how they use the information you provide when generating the PP. Maybe, if you decide to using a PP generator site, you could do that and report your experience to this forum?

Edit: Just tried Termly 6 months after posting this. It is terrible. You go through a complete form with questions about what you track. Then when ready… you have to register with them to get the text.

Thanks for bumping this up. It has been a challenging few months for apps in our space since the Apple/Google announcements, and now Apple cleansing us out of the App Store. We paused operations and had to let people go during this time but are planning on updating the PP once we get up and running again :slight_smile:

Thanks to Nathan Kinch (and @m3me) of Greaterthanlearning I came upon this resource:

Summarizing from their GDPR project:

Nobody reads privacy policies. They are too long and too complex. However, we are constantly asked to declare to “have read and understood the terms”. With the simple click of a button, we may consent to unwanted uses of our personal data. Visual communication can help people to navigate and make sense of cumbersome legal texts. To this end, the General Data Protection Regulation (GDPR) recommends to provide information about data practices in combination with icons. […]

With our project, we aim to provide an answer to these and related questions.

They have developed an icon set (licensed CC-BY-SA-4.0) with which GDPR privacy policies individual sections can be summarized and communicated in more clearly understandable format: