Publish privacy policy

publish-privacy-policyDomain: data-privacyType: policy

Description

A privacy policy is the public-facing notice that captures the substantive transparency obligations of every modern privacy regime in a single document, and that fails to do its job when it is written for the lawyers rather than for the readers. GDPR Articles 13 and 14, CCPA's required disclosures, and the equivalent obligations in regimes from Brazil's LGPD to India's DPDP Act converge on a similar information set: what categories of personal data are collected, the purposes of processing, the lawful basis under each purpose, the retention period or the criteria used to set it, the third parties with whom the data is shared (including sub-processors and advertising partners), the cross-border transfer mechanisms relied upon, the data-subject rights and the channel for exercising them, and the contact information for the controller and the DPO where one is required. The text has to be both legally sufficient and accessible (plain language, organized by topic rather than by statute), which is the tension that produces most of the bad privacy policies in circulation: legal review optimizes for completeness while drift produces a document the average reader cannot navigate. The piece that consistently surprises operators is the change-management discipline: the policy has to be re-published when material processing changes, and the previous versions have to remain accessible so a user can determine what was disclosed at the time their data was collected.

Required by (22 regulations)

CCPA/CPRA
CCPA §1798.130(a)(5) — privacy policy disclosures, 12-month update cadence.
Cal. Civ. Code §§1798.100-1798.199.100; 11 CCR §7000-7102
CPA
Colo. Rev. Stat. §§6-1-1301 to 6-1-1313; 4 CCR 904-3
CTDPA
Conn. Gen. Stat. §§42-515 to 42-525
COPPA
§ 312.4 — direct notice + online notice covering data collection from children.
15 U.S.C. §§6501-6506; 16 CFR Part 312
DE PDPA
Del. Code Ann. tit. 6, ch. 12D
DPDPA
Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023), published in the Gazette of India on August 11, 2023
GDPR
Articles 12-14 — transparency and information obligations.
Regulation (EU) 2016/679 of the European Parliament and of the Council
IT Rules 2021
Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, issued under the Information Technology Act, 2000 (Act No. 21 of 2000), as amended by the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2023
Indiana CDPA
Iowa CDPA
LGPD
Article 9 — right to access information about processing.
Lei nº 13.709, de 14 de agosto de 2018 (as amended by Lei nº 13.853/2019 and Emenda Constitucional nº 115/2022)
MODPA
Md. Code Ann., Com. Law §§14-4601 to 14-4616
LFPDPPP
MCDPA
Mont. Code Ann. §§30-14-2801 to 30-14-2817
NJDPA
N.J. Stat. Ann. §§56:8-166 to 56:8-188
OCPA
Or. Rev. Stat. §§646A.570 to 646A.604
PIPA
Personal Information Protection Act (Act No. 10465, enacted March 29, 2011; last wholly amended by Act No. 19234, effective September 15, 2023)
PIPEDA
Principle 8 — openness about policies and practices.
S.C. 2000, c. 5 (Personal Information Protection and Electronic Documents Act)
Privacy Act
Privacy Act 1988 (Cth), No. 119 of 1988
Tennessee IPA
UCPA
Utah Code §§13-61-101 to 13-61-404
VCDPA
Va. Code §§59.1-575 to 59.1-585

Fulfilled by (3)

In-house build · low effort · $
onetrust · partial · low effort · $$
Generates a tailored draft from a questionnaire; legal review still required.
termly · partial · low effort · $

ClearLaunch does not accept payment from vendors. Methodology.

Evidence formats

privacy policy URL
archive snapshots
change log

ClearLaunch provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions.

Description

Required by (22 regulations)

CCPA/CPRA

CCPA §1798.130(a)(5) — privacy policy disclosures, 12-month update cadence.

Cal. Civ. Code §§1798.100-1798.199.100; 11 CCR §7000-7102

CPA

Colo. Rev. Stat. §§6-1-1301 to 6-1-1313; 4 CCR 904-3

CTDPA

Conn. Gen. Stat. §§42-515 to 42-525

COPPA

§ 312.4 — direct notice + online notice covering data collection from children.

15 U.S.C. §§6501-6506; 16 CFR Part 312

DE PDPA

Del. Code Ann. tit. 6, ch. 12D

DPDPA

Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023), published in the Gazette of India on August 11, 2023

GDPR

Articles 12-14 — transparency and information obligations.

Regulation (EU) 2016/679 of the European Parliament and of the Council

IT Rules 2021

Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, issued under the Information Technology Act, 2000 (Act No. 21 of 2000), as amended by the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2023

Indiana CDPA

Iowa CDPA

LGPD

Article 9 — right to access information about processing.

Lei nº 13.709, de 14 de agosto de 2018 (as amended by Lei nº 13.853/2019 and Emenda Constitucional nº 115/2022)

MODPA

Md. Code Ann., Com. Law §§14-4601 to 14-4616

LFPDPPP

MCDPA

Mont. Code Ann. §§30-14-2801 to 30-14-2817

NJDPA

N.J. Stat. Ann. §§56:8-166 to 56:8-188

OCPA

Or. Rev. Stat. §§646A.570 to 646A.604

PIPA

Personal Information Protection Act (Act No. 10465, enacted March 29, 2011; last wholly amended by Act No. 19234, effective September 15, 2023)

PIPEDA

Principle 8 — openness about policies and practices.

S.C. 2000, c. 5 (Personal Information Protection and Electronic Documents Act)

Privacy Act

Privacy Act 1988 (Cth), No. 119 of 1988

Tennessee IPA

UCPA

Utah Code §§13-61-101 to 13-61-404

VCDPA

Va. Code §§59.1-575 to 59.1-585