Understanding Data Privacy Laws & Why Data Privacy is Important

You see it on virtually every website you visit these days. That inevitable pop-up that sometimes blocks part of the page’s content and asks you to accept the cookies on their site, with a link to their privacy policy and the user data they collect. Many people don’t even read it and just click “accept”. But more and more, users have been taking control of their own data and have chosen to limit what companies can collect from them and what they can do with that data.

Data privacy is related to how a company collects, stores, uses, and shares user data. Even if you don’t share your users’ data with third parties, data privacy is still important by simply collecting user data.

So why is data privacy so important for businesses? Is it even worth collecting user data with all the regulations? Does your business even need to be concerned if they aren’t located in Europe or California? We’ll answer all these questions below.

Should You Be Tracking User Data?

With all these regulations popping up, you might wonder if it’s even worth it to track user data. What can you come to gain by adding cookies to your site and collecting engagement and personal data about each user as they use your app or browse through your product to even after they leave it? The answer is a lot — that’s why the data is so valuable.

Your company probably isn’t like Facebook or Google who might know more about their users than they know about themselves. Instead, your company may be using the most basic setup of Google Analytics or not using anything at all. Tracking user data on your website, mobile app, or software helps to understand how users engage with your site or product, their behaviors, and what you can do to influence their behavior to align with business goals. 

So if you don’t have basic analytics in place, start now. Google Analytics is free and easy to implement by putting a code snippet on each page. Your ability to make decisions in the future will be improved if you start collecting data asap and improve your analytics as you go. Even with the basic analytics Google Analytics provides, you could track what pages drive the most upsells in London compared to Boston. You can see which marketing campaigns are returning the most ROI, which pages or parts of your app users aren’t visiting, and even break that down by geographic location. Bottom line: you’ll be able to make more informed and strategic decisions even with a basic setup, so don’t wait.

Then as you improve your analytics to include custom tracking events, you can track behavior on an individual user level to see the journey each user takes as they engage with your product. This allows you to tailor your analytics tracking to your business goals, and to make sure you’re product is providing value to your users. Whether you’re looking to increase cart value on checkout, profile completion, feature usage, or time to complete internal tasks, you’ll be making product changes blindly until you get better analytics in place. And often that gets expensive fast without seeing great results.

With some development work, you can also link analytics of specific users to trigger system actions. For example, the system could send an email to users that don’t use a specific feature on your platform. This email can guide them to the benefits of using that feature, ultimately increasing user adoption. This kind of product proactivity leads to satisfied customers, who will continue to use your software and even recommend it to others.

As you can see, collecting user data isn’t just about selling that data or tracking the number of visits on a website. More advanced analytics can help you better engage with your users, provide them answers and recommendations tailored to their needs, and even help you optimize to meet business goals. Without that data, you’d be left in the dark about your users and where your product or site falls short.

Keep in mind, when you collect data, your privacy policies should reflect the user data you collect. This is one step to help you stay in compliance with privacy laws, which we’ll discuss next.

Major Data Privacy Laws

Data privacy has been a hot topic for the last several years in the business world. In 2018, GDPR laws were put into effect in the EU, followed soon after by CCPA in California that same year and subsequent CPRA in California in 2020. These laws are not the first to set guidelines and govern how personal data is collected as industries like healthcare and financial services already had their own data privacy laws in place. But they were the first to cast such a wide net to affect businesses of all industries at the state, federal, and global levels. And they are propelling other laws to emerge across China, India, and the United States. 

To understand what these privacy laws entail and who they may affect, let’s look at each one individually.

GDPR

The General Data Protection Regulation or GDPR is the strictest and most widespread privacy and security law of them all. Going into effect on May 25, 2018, it applies to users in the European Union (EU) but doesn’t just impact businesses who have operations there. Any company that collects data from users who reside in the EU needs to follow the regulations. If they don’t, sanctions and fines can be issued, with the maximum penalty of €20 million or 4% of global revenue, whichever is higher. That’s nothing to balk at.

To comply with GDPR, companies need to perform an audit of the personal data they collect, how and where it’s stored, and how secure it is. They also want to consider if they share that user data with third parties. Then they must adhere to the privacy guidelines outlined in the GDPR and may need to update their privacy policy accordingly. To learn more, read the GDPR FAQs.

CCPA

The California Consumer Privacy Act or CCPA was passed into law in 2018, but enforcement went into effect in January 2020. This law regulates data privacy for any company that does business in California, even if they are located outside of the state. This law hits a little closer to home for some businesses in the U.S. that may have customers or simply website visitors in the state of California. 

This law protects users’ privacy rights, which include the right to know what personal information is being collected, to delete that data, opt-out of the sale of their data, and the right to non-discrimination for exercising their right to privacy. The fines, which are less steep than for GDPR on an individual violation, allow users to sue for the amount of monetary damages suffered or “statutory damages” of up to $750 per incident. Although this might seem insignificant, if only 1,000 users sued for the maximum amount of statutory damages, that would be a $750,000 loss for the company. Learn more about CCPA.

CPRA

The California Privacy Rights Act or CPRA was passed in November 2020 and amends and extends CCPA from 2018. The law established the California Privacy Protection Agency to implement and enforce the CCPA law. The Agency may update existing regulations or make new data privacy regulations. CCPA is governed by a five-member board, which will take over the rulemaking and enforcement of CPRA.

Find more information about CPRA and the California Privacy Protection Agency.

Why Privacy Laws Are Important for Businesses to Follow

As mentioned above, fines can be steep for businesses who are found in violation, not to mention the legal fees and time lost dealing with violations. But it’s not just fines and legal fees a business should be concerned about. When the violations are made public, consumer confidence can be lost, which can have a trickle-down effect that can be even worse than the fines. Your users’ trust is what keeps them loyal to you. If their data is not protected nor being used in a way you say it is, that trust is lost…and so is that customer.

Privacy Laws Will Continue to Grow

In only a few years, these three laws were passed that had major impacts for many businesses. Although there is still no federal law in the United States which governs data privacy, more states are discussing their own data privacy laws. In addition to California, Virginia passed the Consumer Data Protection Act (VCDPA) and Colorado passed ColoPA to protect personal data privacy. Countries like China and India are also finalizing their own privacy regulations in 2021.

And companies are also taking extra steps to protect their consumer’s data. Apple has been rolling out new privacy protections for their iPhone and iPad users starting in early 2021 that allow users to take control of the data they share while using apps. While it has been an option to turn off ad personalization under settings, Apple is being more proactive and informing users about what data might be being tracked without users realizing it. Depending on user adoption rates, there will be a ripple effect for many businesses like Facebook, email platforms, and other advertising services that have been tracking that data in the past. So it’s important for businesses to be aware of how that may affect them and their websites or software.

Importance for Businesses Even if Not in EU, CA, etc.

Even if your business is not located in the EU or any of the states with laws in effect currently, you are still required to be compliant with the local laws if you target users in those regions. And even if your state doesn’t have a law now for user data privacy, it could be coming. It’s important to stay on top of laws, work with companies who are knowledgeable about data privacy laws, and even hire someone at your organization in charge of ensuring you are staying compliant with all relevant regulations.

Working with a partner who considers data privacy during the software design process will help keep you on the right track towards compliance and keeping your user data safe. Schedule a free consultation with Meticular to learn about our full design process and our approach to data privacy.