How to Make a Privacy Policy [for Online Advertisers]

Privacy policies are an important part of any web advertiser’s site. Without a privacy policy you might face legal difficulties. Web privacy is certainly a hot topic in the world of tech, and as consumers become more aware, and therefore concerned about their online footprint, having a privacy policy is that much more important. 

As the internet continues to change, privacy policies will need to be revisited. In order to build trust between a brand and customers, companies must be clear about privacy and offer even clearer guidance along with its privacy options.

What is a Privacy Policy?

A privacy policy is an exact and legally sound description of all the ways you plan on using and storing a user’s private/personal information collected from your site or mobile app. Different from cookie policies or data protection policies, privacy policies specifically cover personal information provided by users. 

Why do web advertisers need a privacy policy?

Privacy policies are essential for web advertisers not just for legal protection, but also to foster user trust. Insofar as privacy policies are in place to protect users from predatory data collection processes, a robust and easily accessible privacy policy will signal to your users that you are trustworthy. 

Legally a privacy policy is also required by law if any of your users come from the EU as of 2016; the General Data Protection Regulation (GDPR) passed in 2016 and requires robust documentation of data storage and use. Additionally, the U.S. Federal Trade Commission can pursue action if data is not stored securely and leaks occur. 

A Step-by-Step Guide to Writing A Privacy Policy

There are many components to include in a privacy policy for it to be complete and legally airtight. This is especially true when it comes to privacy terms advertisers must consider.

We should note that none of this is meant as legal advice. These are merely resources for your company and legal team to review in crafting a privacy policy that is right for your organization.

Here’s our guide to writing a privacy policy:

How to write a website privacy policy

  1. Make sure your privacy policy includes:
    1. A list of all collected data, including as many specifics as possible
    2. Where and how you plan on storing it 
    3. Where and how you plan on using it (now and in the future)
  2. State why you’re collecting, storing, and using this data
  3. State clearly whether you will be using third party data 
  4. State clearly if data will be kept in perpetuity or wiped after a certain time frame
  5. Include an opt-out policy- this is legally required by the California Consumer Privacy Act of 2018 and mandates that users must be able to eliminate any data

What to Include in Social Media Privacy Policies

Below, we’ll detail the paid media channels DTC leverages to support our customer’s advertising needs. You’ll find some of the links and resources to each channel’s privacy policy documentation, as well as some additional context for your team to consider. When it comes to writing a privacy policy for ads, there are some extra considerations.

What to include in your Google Ads privacy policy

What should you include in your privacy policy for Google Ads? The search engine giant has some recommendations for privacy policy best practices on its platform, including:

Remarketing – Remarketing is a great way to re-target audiences who have already visited your site and engaged with your brand. While many people understand that websites collect user information it’s best practice to spell out, in your Google Ads privacy policy, what information you are using and gathering.

Google says it best…“you should inform these people that you gather information for remarketing, re-engagement, or similar audiences on your website or in your app.”

General – On this page you can see exactly what information Google Ads collects about your customers, why it collects that information and how you can keep your information secure.

What to include in your LinkedIn Ads privacy policy

What terms are you agreeing to when you advertise on LinkedIn? Let’s dive into LinkedIn’s updated privacy policy. 

General – When companies start using LinkedIn Ads Services, they’re agreeing to the company’s terms and conditions. While LinkedIn agrees to optimize your campaigns and offer businesses or third-party advertisers (like DTC) must comply with applicable law, according to LinkedIn’s privacy policy. LinkedIn reserves the right to reject, modify or terminate your Ad Services. 

Lead form ads – When creating Lead Gen Forms on LinkedIn, companies and advertisers are required to include a privacy policy URL. Essentially, businesses need to describe how they’re going to use the collected leads.

What to include in your Facebook Ads privacy policy

When we talk about Facebook’s privacy policy, we’re also talking about the privacy policies for Instagram and Messenger. 

Facebook’s General Privacy Policy – This resource, straight from Facebook, explains what information Facebook collects from its users regarding:

  • Information and content provided, including posts, pictures, and location tags
  • Networks and connections
  • Usage and engagement
  • Information about transactions made via Facebook products
  • Information about those who users interact with on Facebook, that tells Facebook more about them.

This privacy policy resource also dives into how Facebook uses and shares its user information and data gathered on the platform.

Facebook Lead Form Ads Privacy Policy – Facebook’s “Lead Ads” allows companies to run ads that give Facebook users the ability to provide their email address or other information. In turn, Facebook asks that advertisers comply with their terms and conditions.

What to include in your Microsoft Ads (Bing Ads) privacy policy

More and more companies continue to update their privacy policies to better explain how they’re using consumer data. Microsoft’s Bing Ads platform is no different. 

Bing Ads General Privacy Policy – Bing does not allow websites to advertise whose sole purpose is to collect data. According to Bing Ads’ privacy policy, that includes advertises for pages that link to, or redirect to such organizations:

  • Sites may not collect personal data without user consent
  • Sensitive information like financial, health, or government-related must be performed on a site hosted on a secure server.
  • Advertisers must comply with all applicable data-collection laws and regulations surrounding personal data collection.
  • Remarketing practices require installing a Universal Event Tracking (UET) tag to your site and then create/provide to Microsoft lists of users based on this site activity
  • Precise locations can only be provided with express user consent

What to include in your Pinterest privacy policy

Many B2C companies advertise on Pinterest, a social media platform, because of its wide and diverse user base. Pinterest does a great job outlining how they use the data they collect, what data they collect, and what choices users have. Their privacy policy language makes it easy to understand and user-friendly.

Pinterest General Privacy Policy – The biggest update for Pinterest’s privacy policy was greater transparency. The site recently “added more details about the personal data we collect and how we may share it” 

Pinterest also started offering greater data collection disclosures to its users from California, in lieu of the state’s additional privacy regulations.

We think Pinterest’s privacy policy is a good example of the effectiveness of clarity. There is no need to be vague in your stated privacy policy. If you bury your privacy standards with “legalese” you’re only making your brand appear less trustworthy.

Privacy Policies for Tools to Track & Capture Customer Information

There are many other tools and platforms that use code to track or capture information about your users & customers. If you are using a HubSpot or Pardot or anything similar, you will want to seek out their guidance as well to help craft an exhaustive privacy policy for your company.

Examples of privacy pages we love:

We wanted to point out a few examples of some top-notch Privacy Policy pages for inspiration. 

Starbucks – Starbucks’ policy is very clean, easy to navigate and covers a lot of ground. Starbucks specifically calls out their use of digital ads and gives its users easy ways to opt-out of unwanted tracking or use of personal information.

From a user experience standpoint, there are a lot of ways to get in touch with the Starbucks team if you have any further concerns.  

Best Buy – While Best Buy has a clean and easy to follow privacy policy, we really like that they have an entire page dedicated to their use of digital ads and their impact on privacy. 

Best Buy provides access to a tool which scans your browser and allows you opt-out of all sorts of cookies you probably didn’t even know you had. Best Buy uses browser history and personal information to show off interest-based ads that it deems relevant to customers. It goes on to say…

The browsing history we use is collected by us and by third parties on our website, as well as other sites. We may also share your anonymous browsing history from our website and personal information with third parties to provide relevant ads. They may combine this information with assumptions based on the other websites you have visited in order to tailor ads to you. If you would like to know more about how we use and share your information, please see our Privacy Policy.”

This type of language and transparency with an external link to a privacy tool like About Ads, is an impressive disclosure. It also goes above and beyond most brands’ by spelling out consumers’ options to opt out of interest-based advertising from third party providers.

Privacy & Google Analytics 4 (GA4)

As a digital marketing agency, we love Google Analytics (GA4). It’s an extremely helpful tool to track somewhat anonymized information about website visitors and their behaviors. 

The Google Analytics Terms of Service agreement requires that those who use GA4 must have a privacy policy in place. It goes on to spell out that those websites using GA must disclose, in that privacy policy, how data is collected, processed, and provide notice of cookies. 

We, like countless other websites, use Google Analytics. Here’s a look at our privacy policy. You can click through to read more, but the big takeaway reads as follows: “This website complies to all US national laws and requirements for user privacy.”

How GA4 tracks user data on websites

Google Analytics collects information about site visitor behavior. It collects this information through JavaScript code placed on each and every page on a site. As users travel from page to page, GA4 can pull data about sources of traffic, monthly sessions, number of unique visitors, and much more. 

While that may sound like super specific information, this data is somewhat anonymized. The information GA4 gathers about users is more vague. When we check our GA4 data, we can’t see that “John Smith from Yorktown, PA visited our website three times.” We can see that a user, using a specific keyword or phrase from a particular browser, located in a certain geographic region, visited our website three times. 

Privacy and AI

It is important to be mindful of AI privacy policies both as a user of AI and as someone who might incorporate AI into your business. Many large language model AI platforms take all user input as training data, which can pose a serious risk for sensitive personal information. 

Take, for example, Meta’s AI Privacy Policy. It notes that it uses a combination of publicly available, licensed data, and “information from Meta’s products and services” to train its generative AI models. This roughly translates to information captured in other privacy policies is fair game to be used to train AI, and it takes extra pains to stress that identifying information is not included in training data. 

Be sure before you use AI for anything having to do with your user data to read the privacy policy of AI and how it stores and collects your inputs.

What to Expect from Future Privacy Policies

The internet evolved rapidly, and for a long time, users were blissfully unaware about their data. But that’s not the case anymore. 

The trend now is for websites to be more forthcoming with their privacy policies. Which means full disclosures about what data they’re collecting, how they’re using it, their use of cookies, and how they use data for AI (in some cases). For those suspicious about what data about them is available, we recommend trying tools like About Ads, but for others, the personalized ad experience is a welcome one.

Ultimately, it’s important to earn user trust by being as transparent as possible in your privacy policy. This will set you up for success and provide protection from legal repercussions.  Even if some users prefer the customized ad experience, this must be their choice, or else you’ve earned no trust at all.

Read more from our blog: