Sign up with your email address to be the first to know about new products, VIP offers, blog features & more.

I Bet I Wrote The Raddest Privacy Policy

By Posted on 0 4 m read 217 views

WARNING: I’m about to sound weird.

For a long time, I have dreamed of the day I’d write a privacy policy.

Forces of limitation ensured that it didn’t occur to me that I could actually just write one, if I was so bent on the high that comes with privacy policies. And I have been stalling to put one together for my soon-to-be-launched social enterprise.

Yesterday, however, I decided to write one for this website and it was lit!

First, what is a privacy policy?

A privacy policy is basically a statement made by a website administrator informing visitors or users on what data will be collected from them, why and the extent of use of those data. That was the definition in my head. Now, this is the definition from Wikipedia (meanwhile, do you feel like there’s a love-hate relationship we have with Wikipedia. We go there for almost anything but it suddenly becomes unreliable when we’re writing a paper. Hypocrisy). Anyway, my boo Wiki, says: “A privacy policy is a statement or a legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client’s data. It fulfills a legal requirement to protect a customer or client’s privacy.

 

Now, why is it important to have a privacy policy?

It’s important to have a privacy policy because privacy is important and technology can be invasive. But apart from this seemingly moral reason, you’d see in Wiki’s definition that it’s a fulfillment of a legal requirement.  There are laws, international agreements and generally accepted principles that will require, encourage or guide data controllers on things like this.

Starting at home, you have the Constitution of the Federal Republic of Nigeria which provides that “the privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected.” (Section 37). Suffice to say that the draftsman probably did not envisage this right to be applicable to websites, but I’m thankful that the language is not restrictive because it does apply to every conceivable platform.

Let’s move to the International Convention on Civil and Political Rights which Nigeria acceded est. 1993. Article 17 provides that no one shall be subject to arbitrary or unlawful interference with his privacy…. This also falls within this scope.

In fact, in 2013, the United Nations General Assembly (and yes, Nigeria is represented in the G.A. est. 1960) passed a resolution (resolutions are to non-living corporate entities what decisions are to human beings) noting that the rapid pace of technological improvements will enable the use of ICTs which might enhance the capacity of government, individuals and companies to engage in surveillance, data collection and other privacy-infringing activities. So in that resolution , the Assembly called on all states to respect the right to privacy in the context of digital communications, to review procedures, practices and legislation that may enable surveillance and to ensure transparency.

There’s also the African Declaration on Internet Rights and Freedom which pointedly states that

“The collection, retention, use and disclosure of personal data or information must comply with a transparent privacy policy which allows people to find out what data or information is collected about them, to correct inaccurate information, and to protect such data or information from disclosure that they have not authorized. The public should be warned about the potential for misuse of data that they supply online. Government bodies and non-state actors collecting, retaining, processing or disclosing data have a responsibility to notify the concerned party when the personal data or information collected about them has been abused, lost or stolen.”

And if you were still in doubt as to the importance of privacy or a privacy policy, shall I remind you of GDPR!  You’ve probably gotten at least one email about the GDPR but it may seem like it doesn’t concern you, Nigerian. Perhaps, perhapsn’t. I’ll do a post about GDPR hopefully, but here’s what you should know about it.

  • It’s short for General Data Protection Regulation;
  • It comes into force on the 25th of May 2018;
  • It basically regulates the use of personal data of its specific data subjects;
  • The data subjects it envisages are EU residents;
  • But don’t be deceived and think that because you run a Nigerian entity, you’re not captured;
  • It also applies to you, as long as you process the data of EU residents; whether or not you’re in the EU or the processing takes place in the EU. As long as you offer good or services to those data subjects OR you’re monitoring a behavior that takes place in the EU, you are captured.

 

OKAY, I get the point, How then do I write a privacy policy?

Great question. There are no strict rules for the language you should employ in drafting your privacy policy. You may be angry, emotional, whatever. The idea is to just get the message across. So what is the message to be passed across?

  1. What data you’ll be collecting
  2. What you will do with the data
  3. What you won’t do with the data
  4. Laws that you’re binding yourself to/obeying/letting guide you
  5. That you’ll be updating the privacy policy from time to time.

 

Uh… are there are cool privacy policies we can emulate?

Oh sure. I’ve heard of one really cool one and it’s the one I drafted yesterday!

Check it out here

(P.S. It’s not foolproof! It’s probably more fool than it’s proof 😀 )

 

Merci!

 

Share this article

No Comments Yet.

What do you think?

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.