Table of Contents Hide
- Adapt to your audience, and write in simple language.
So why spend time on it?
- It showcases the nature of the processing you put in place and therefore has a reassuring effect on your audience simply by its existence.
- It provides savvy eyes with a potential overview of your level of GDPR compliance. It is also easy for the CNIL to audit. Poorly written, this document can unnecessarily increase the risk of being audited.
Don’t reduce it to a legal document. Don’t write only for lawyers: it’s neither a contract nor a legal conclusion.
Therefore, avoid formats that aren’t appealing:
- the pdf file that makes you think you’re downloading a contract;
- the .doc file that requires you to load your word processing software to inform yourself;
- the text format, TXT, was trendy, but not anymore…
It is, therefore, best to adopt the same standards you use for your other pages:
- Break down your policy into sections with bold titles and a substantial size. The plan should appear clearly, and each title should evoke the content of the relevant paragraph.
- Write short and spaced-out paragraphs.
- Space out your text. Isolate your ideas in bullet-pointed lists.
- Adopt a very readable font size and typeface. Write in black on a white background, not in beige, white, or light gray.
Adapt to your audience, and write in simple language.
Many privacy policies are written in technical language, with legal jargon.
Unfortunately for you, the policy itself encourages it:
- You will have to talk about the legal basis or foundation and certainly about legitimate interest. Behind these false friends (of course, your processing is lawful. And we can imagine that you have an interest in processing data…) hides a proportionality test.
- Your audience has rights, and based on their titles, there is no doubt they are unaware of them: portability, limitation of processing…
- The right to dispose of one’s data post-mortem. Nothing better to sell than to remind your audience that they will die someday…
Prefer understandable vocabulary for legal jargon. The objective is to make your visitors understand the scope of your data processing.
Sometimes, you publish a specialized site for audiences considered particularly vulnerable.
- A press or gaming site for children or adolescents;
- An association site hosting people with mental disabilities;
- The showcase site of a structure hosting senior citizens who are not very familiar with the internet;
There are also other possibilities, some of which are low-cost or even free:
- Automatic generators allow you to edit a policy that automatically integrates certain legal information.
These methods simplify the production of the document, but not to the point where you can take the text and distribute it as it is on your website. Remember to adapt it to your specific needs.
The goal is to make your visitors understand the extent of your data processing.
- Adopt simple sentence structures and avoid abstract images.
- Adopt an affirmative tone and avoid vague phrases such as “it is possible that” or “data may/will be used for.”
- Describe specific uses of the data, not general purposes such as historical and statistical research, service improvement, new service development, or personalization. Of course, these purposes are not prohibited, but you will need to clarify their meaning.
- Avoid multiple references to other documents. Information should be made available in 1 or 2 clicks. Not 5. Certainly not 10.