Drafting a privacy policy for your blog that works

Posted on September 1, 2011

Photo by Pink Sherbett Photography via Flickr Creative Commons

We live in an information economy.  While many companies have privacy policies and/or terms and conditions on their websites governing how they collect and use personal information, such policies are typically poorly drafted, fail to convey important information, or are simply inaccurate.  Class action suits have targeted dozens of companies for alleged failure to communicate what information they collect and why.

Website visitors typically provide information by typing it in the appropriate field and checking a consent box, or taking some similar step, but companies collect much more information without relying on the consumer’s help. Web analytics track consumers as they move from page to page within a site. Cookies store user histories and preferences as a file on the user’s browser. Third-party marketers mine for information about consumers habits. Even if the information gathered is not associated with a consumer’s name, privacy concerns may arise. So how can you be sure you’re sending clear messages about privacy and getting truly informed consent?


Be as clear, concise and transparent as possible.  Your privacy policy should not read like a technical manual. While you may have to master terms like “query string,” “web beacon,” and “trace route,” those terms mean nothing to your audience. Also, many of these technical details change so regularly that your privacy policy will be out of date before it’s uploaded to the site.


Focus on information the consumer needs to make choices. Try to draft your policy from a “cause and effect” point of view. For example, “if you use the website, then we will collect X. If you create a registered account, we will require Y. If you give us this piece of information, we will share it with Z. If you have a question or complaint, then please contact us here.”


Your policy should be written as simply as possible, in plain language. Use common words over advanced vocabulary. Favor short, declarative sentences. Make it easy for the reader to find what he or she is looking for by using headings. If it fits your corporate culture, don’t be afraid to draft the policy in a fun, approachable way. Zynga Inc., the company behind FarmVille, created PrivacyVille. In PrivacyVille, gamers earn points by showing that they understand Zynga’s privacy policy.


The text of a privacy policy matters, but so, too, does its placement on the website. If the consumer has to follow a link, is the link easy to find? Is the font size large enough?

Best practices and customer expectations will change over time. So too must your privacy policy. Make clear to consumers how you will communicate changes to your privacy policy, and what constitutes their consent to such changes. A privacy policy is a contract, and a contract needs to be written clearly. Good privacy policies all start by knowing what to say, and how to say it. But above all, say it in plain English.

The information presented herein by the firm is for general informational purposes only and should not be construed as legal advice. You should not act upon any information contained within this blog post without first seeking specific advice from us or from your existing counsel. The firm makes no warranties, representations or claims of any kind with respect to any of the information contained herein.

Daniel Bellizio and Brian Igel are the founders of of Bellizio & Igel, PLLC, a boutique law firm based in New York City that counsels small businesses and entrepreneurs, primarily in fashion, the arts, lifestyles and entertainment.


Trackbacks & Pings

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge

Notify me of followup comments via e-mail. You can also subscribe without commenting.


  • Subscribe via RSS!

    bloglovin Join us on BlogLovin'!

    Never miss another iFabbo post or
    important news update again!

    Subscribe via RSS feed here
    or enter your e-mail address:

    Delivered by