According to the European Commission:
“The information may be provided in writing, orally at the request of the individual when identity of that person is proven by other means, or by electronic means where appropriate. Your company/organisation must do that in a concise, transparent, intelligible and easily accessible way, in clear and plain language and free of charge.”
Keep that “easily accessible” bit in mind, because we’ll be going into the placement of your policy shortly.
Here are a few of those tools to check out:
First of all, on all the main pages of your site, most people choose to put it in either the header or footer so that it’s accessible throughout all pages of your site (that use the header and footer). Since the footer is such a common place to put it, your website visitors know to look there for it and can easily locate it.
Facebook puts theirs on the bottom of their sign-up form:
Spotify does the same:
You can find the same thing here from WordStream to use their free Google Ads report tool:
Why are many companies choosing to feature that information in such a prominent spot? According to TermsFeed:
For more examples of where you can place your policy links, check out this article by TermsFeed.
Now, any platform where you run ads will have its own specific requirements. Those platforms include:
- Google AdWords
Let’s take a look at each of those in more detail.
According to Google, if you’re advertising on their platform, “landing page experience” is a factor that contributes to how well your ads will perform:
“Landing page experience is Google Ads’ measure of how well your website gives people what they’re looking for when they click your ad. Your landing page is the URL people arrive at after they click your ad, and Google Ads analyzes it through a combination of automated systems and human evaluation. The experience you offer affects your Ad Rank and therefore your CPC and position in the ad auction. Your ads may show less often (or not at all) if they point to websites that offer a poor user experience.”
“If you request personal information from customers, make it clear why you’re asking for it and what you’ll do with it.”
Facebook’s guideline here is for a “reasonably prominent” (hello, legal speak) notice about how you’ll use a customer’s information. The term sounds murky, but they do provide an informative help page about what that means.
LinkedIn’s policies are a little bit more difficult to find and not as clear to understand — as in, they’re not translated out of legal speak.
If you use LinkedIn’s conversion tracking, website demographics, or LinkedIn Matched Audiences, you must disclose your use of these services to your users:
“You agree that under Applicable Law, you have provided sufficiently clear, meaningful and prominent notice to, and have the appropriate consent from, the applicable individuals regarding any collection, disclosure, use and security of their information (e.g., Event Data and other Audience Data) for the activities under these terms (e.g., online behavioral advertising or interest-based advertising).”
Read more in the LinkedIn Ads Agreement.
If you’re using Twitter’s conversion tracking or custom audiences functions, then you must comply with their policies. Basically, you must provide “legally sufficient notice” to users about the use of their information:
“Advertisers using these products for their websites must provide their website users with legally sufficient notice that they are working with third parties to collect user data through their website for purposes of conversion tracking and serving ads targeted to users’ interests, including the storing and accessing of cookies, and obtain legally sufficient consent from their users for these activities. These advertisers must also provide their users with legally sufficient instructions regarding how to opt out of Twitter’s interest-based advertising, including through an applicable opt-out mechanism specified by Twitter.”
- “Reasonably prominent” – Facebook
- “Sufficiently clear, reasonable and prominent” – LinkedIn
- “Legally sufficient” – Twitter
- “Our advertising partners should not misuse this information [about Google users], nor collect it for unclear purposes or without appropriate disclosures or security measures.” – Google
Now, a handy tool! The GDPR website provides a checklist for you to use to make sure you’re in compliance. Please note, it’s not for the faint of heart. It’s long, complicated, and involved. However, once you make it through, you’re pretty dang safe.