This is not an exhaustive list of privacy issues or website policies but rather a general overview of the basic legislation and regulation that applies to all websites.
Gathering Non-Personal Data about Users
The first step to gathering information about your users is to not gather any data about your users. It may appear that you are gathering a lot of information, but if you have not specifically requested or required the users provide this information then it is non-personal data that you are gathering. It doesn’t matter how much information you actually gather because it’s only personal data if they choose to share it with you.
Disclosure of Non-Personal Data
Once the company is gathering non-personal data, that information can be used in different ways. For example, when a user voluntarily discloses information on their facebook page, then the company is allowed to use that information in their marketing campaigns. However, if they did not voluntarily disclose the same information then it would not be possible to use this information for marketing purposes.
Gathering Personal Data
In British Columbia, Canada it is illegal for an individual or company to collect any personal information about an individual unless they have explicitly consented to the collection of that information. For example, if you are running a charity and want to collect money from users who may want to donate money, then you will need to obtain consent from the user before collecting their personal information.
In the United States, you are allowed to collect personal information without the user’s consent if it is considered “simple data”. There are two parts to this simple data definition that could apply to your website. The first part of this definition is whether or not you are collecting information for commercial purposes. The second part of this definition is whether or not personal information was gathered from a voluntary disclosure by the individual or if it was gathered as a result of an official government request or governmental request.
In the United States, for example, if the user is required to provide a username and password when signing up for an account on a website, this information would be considered “voluntary disclosure by the individual” because a username and password are information that most people voluntarily disclose to other entities. If no personal information is being collected through this process then it would not be necessary to obtain consent from users before collecting their personal information.
Cookies are small files that are sent to your computer when you visit a website and stored on your computer so that the website is able to recognise whether you have visited the website previously. Cookies can be used for any purpose and this is exactly why cookies are often used for gathering data about users and their online habits.
Advertising on websites can generate a lot of data that could be used to profile users and treat them differently depending on the type of user they are. In the UK, it is against the law to use personal information for advertising campaigns if you have not explicitly consented to this. It is a criminal offence in the United Kingdom if you use someone’s personal information without their consent.
Cookies are used in on-line advertising as a method of tracking browsing habits in order to deliver targeted advertising to users. Tracking online adverts helps advertising agencies and advertisers identify which websites users have visited, afterwards, advertising agencies and advertisers can analyse this information and use it for marketing purposes.
If you are concerned about the use of personal information within your online advertising campaigns you should discuss this issue with your advertising agency and ask them to ensure that they comply with British Columbia, Canada’s Data Protection Act (the Act).
As we continue to work to improve our product, services and website content, we may change the policies that govern our Site. We will post those changes to this privacy statement and update the effective date below. If we make any material changes in the way we treat personal information, those changes will apply only prospectively.
This policy is effective as of May 12th, 2022 (the “Effective Date”) and applies to all previous versions.