Maybe you really did make that logo too small.
Or, maybe you start a blog by upsetting 100% of the target demographic.
Or, worst of all, you chose Xbox instead of PlayStation during the ‘Spider-Man,’ ‘Last of Us,’ ‘Ghost of Tsushima,’ and ‘God of War’ era.
The point is that we all make mistakes. This is especially true regarding privacy. With privacy laws always changing and new ones going into effect each year, it’s hard to keep up with what’s considered a good web design practice and what’s a privacy no-no.
So, I thought I’d take the time to throw together some of the most common mistakes I see web designers make regarding privacy… I mean, what else am I going to do? Play ‘Halo 3’ again?
Note: These are in no particular order and none of this is legal advice, nor gaming console advice.
Mistake #1: ‘Accept’ Only Cookie Banners
Speaking of Cookie Banners, I feel it’s only right to pop this one in first.
Are they annoying? Yes. However, the whole point of these banners is to give website users control over whether a website tracks them and how. And that’s good.
A cookie banner that only has an “Accept” and no “Decline” option is popping up just to let you know that you have no power over your own data on this particular website.
There’s nothing more annoying than that. Plus, it’s illegal. GDPR, as well as other privacy laws, require there to be a “Decline” option for a banner to get proper consent.
Mistake #2: Greedy Forms
I swear, if I have to provide my birthday on one more quote for a termite removal company I’m going to just have termites, I guess. That’ll show ‘em!
There’s no need for your website’s forms to collect more data than what’s needed. Collecting and storing unnecessary data opens the website up to more privacy laws and more risk. Website designers commonly fall into the “well, maybe one day they’ll use it” trap. Don’t do this!
If you can’t specifically state how collecting the data is helping you meet a current goal, it’s best to not collect it.
Mistake #3: Copy & Pasting Policies
How different can policies be between two car dealerships in the same city? Just cruise on over there and do a quick Ctrl C, Ctrl V (that’s Cmd C, Cmd V for those with a green-chat-bubble-intolerance). Make a few tweaks and voila!
Putting the major copyright violations aside for a moment, this is a major no-no for privacy laws as well.
Even businesses that seem very similar will have very different privacy and/or business practices. Just one third-party tool like Google Analytics or Facebook Pixel can open one business up to far more laws than another. More laws = more disclosures = very different policies.
Simply doing a one-time copy-and-paste heist won’t account for future changes to privacy laws as well… but we’ll get more into regular updates later.
Doing this is like saying:
“My brother looks a lot like me. We have similar names. We’re even neighbors. So I could save so much time and effort copying his tax documents. I’m sure the IRS won’t care.”
Note: let’s add financial advice to the list of what this post IS NOT.
Mistake #4: Pre-Selecting Boxes
“When in doubt, opt them out.”
That’s the ol’ saying I made up just now to explain good privacy practices. Laws like GDPR require users to be opted out (newsletters, marketing emails, etc.) by default. This means forms shouldn’t come with boxes that are pre-selected.
Why? Well, comprehensive laws like GDPR specifically state that silence and/or inactivity do not constitute consent. Having a box pre-checked means that no action was taken by the user offer proper consent.
It’s common for web designers to do this because their clients ask them to. Clients oftentimes fear the extra click will scare away potential newsletter subscribers. It’s important to let clients know that the risk of missing out on a few subscribers is far less scary than the risk of violating privacy laws like GDPR.
Mistake #5: Hoarding Old Tracking Pixels
Remember that hilarious Facebook ad from 10 years ago?… me neither. I’m sure your client’s Ice Bucket Challenge video was super unique to them, but it’s time to move on – especially on the website.
As soon as a campaign ends, remove any tracking pixels associated with that campaign from the website. Otherwise, you’ll be sharing your users’ data with third parties for no reason.
Tracking pixels are easy to install and implement on websites. So, if your client ever wants to create new campaigns in the future, it won’t be hard to set them back up again.
We’ve seen a growing number of demand letters being sent to website owners for CIPA violations. Some of these specifically call out Facebook pixels being used without user consent. In one case the business owner completely forgot about the pixel since it was several years old. Don’t be that guy!
While we’re on the topic of hoarding data, you should also delete user data once it’s no longer being used. For example, if someone unsubscribes from your newsletter, there’s no reason to keep that user’s information stored on your site or in third-party tools such as MailChimp or Constant Contact.
Mistake #6: Client Size Matters
“My client is too small to worry about website policies.”
I get it, small businesses getting sued don’t usually make the headlines. META being sued by Texas for $1.4 Billion (with a b) for privacy violations has more of an impact than Gram Gram’s Cake and Jams being sued for $25,000. While Gram Gram’s was probably safe from the eyes of privacy lawsuits in the past, about nine privacy laws today require small businesses to have a Privacy Policy.
Many small businesses can’t afford to pay the legal representation, fines, and penalties associated with a lawsuit – so it’s best to play it safe by putting all the proper policies into place using an attorney or a reputable Privacy Policy Generator.
It’s also important for web agencies to let clients make these decisions for themselves. Don’t assume a smaller client won’t be interested in website policies. That’s making a legal decision for your client without them even having a voice in the matter. They’re more affordable than ever and can be a huge safety net for a company just getting started.
P.S. It’s also a good idea to get it documented that you discussed with your client that all this is their responsibility.
Mistake #7: Outdated Privacy Policies
You already know I had to end with this one, but it’s getting bad out there.
I see Privacy Policies all the time that remind me of the horrors of my grandparents’ pantry – alarmingly outdated stuff everywhere.
Your Privacy Policy must be frequently updated to keep up with changing legislation. If you haven’t already, go to your website’s Privacy Policy and see when it was last updated. If it’s been a few years, you may want to look into having it updated. And if there’s no date even listed, well you’re also non-compliant with several existing privacy laws.
You may want to ask your clients to do the same. Their policies are ultimately their responsibility, but advice from their friendly neighborhood web designer never hurts.
If only there was a Privacy Policy solution that automatically updates website policies as laws change.