Most websites collect personal information. Personal information may for example be collected by website forms, as a result of the use of website services, or through the use of tracking technologies such as cookies. EU data protection law and US data privacy law (and similar laws in other jurisdictions) protect individuals from the misuse of their personal information. These laws regulate not just the collection of personal data, but also the storage, use, cross-border transfer, retention and disposal of that data.
The key purposes of a website privacy statement are: (i) to help website owners to comply with the disclosure requirements of data protection and data privacy laws; and (ii) to reassure users that their information is being lawfully and properly collected, stored and used. In addition, a privacy statement will usually communicate to users some of the legal rights that they can have in relation to their personal information.
The types of personal information collected, and the uses to which it is typically put, depend in part upon the type of website and business that is collecting the information. An ecommerce store, for example, will collect or generate customer name and address information, payment information and order information. The classes of personal information will be put to different uses. For example, address information will be used for delivering products, and may also be used in marketing; whereas payment information will be used to collect payments and for accounting purposes. Some kinds of website – notably social networking websites and websites with social networking features – may collect and process huge amounts of personal information.