Cutting and Pasting Privacy Policies vs. Policy Generation Services

When you are getting your store ready for launch, one of the things you are going to need to do is create your policies, of which there will be a number of them. In this post I would like to share a bit about your Privacy Policy.

Don’t Cut and Paste

It’s really that simple. With legalese we may tend to get lazy and want to find the easy way out, and the least costly. But in the long-run that could be the most costly thing you do. For example, your privacy page.

In a past podcast I asked Donata from Termageddon about those who cut and paste. From a lawyers perspective, her advice is spot on.


We had asked her, When dealing with policy generators, dealing with generators, how do you standardize the parts that need to be standardized, but how can you at the same time make it accessible to people, or not feel so cookie cutter from one to the next?

I think one great example of this is compliance with the US-EU Privacy Shield Framework. So it’s basically a framework that allows companies to take data from the European Union to the United States. And a few years back, a bunch of companies decided that they were going to comply with the privacy shield and they were going to comply with the privacy shield framework by saying that their privacy policies are complying and then they do literally nothing about it, which is wrong.

Basically some of these privacy policies that are still floating around from back in the day, people are copying and pasting them and saying that they comply with this framework. Well, the federal trade commission decided to crack down on this practice and hence they do about 60 lawsuits per year about this particular framework, because people copy and paste stuff. Don’t look at it, don’t read it and then put it on their site.

So copying and pasting somebody else’s privacy policy without reading it, and without making sure that it’s exactly what your privacy practices are, is actually considered unfair trade practices to consumers, which can lead to very high fines in almost every state, because you are deceiving a consumer about your practices.

When it comes to having a generator, you can have a generator that asks somebody five questions. What information do you collect? What do you do with it? Who do you share it with? Do you use cookies? What’s your contact information, right? You answer those five questions and then you paste that on your website.

And that’s what you get when you were referring to something that’s a poor product, a poor experience, both for the user and for the company. That’s what those generators do. Well, we decided to do something quite different.

We actually start our process by figuring out what privacy laws applied to you. And then we will ask very granular information. So not just what purposes you get this from, but what you use this information for, and depending on what laws apply to you and the sources you get it from? Who do you share it with? Do you sell it?

So we will have dozens and dozens of questions depending on what laws apply to you and hundreds of thousands of different combinations. You don’t necessarily get the same privacy policy cookie cutter, this website gets the same thing, that website gets the same thing. No, you’re actually making sure that we know what laws apply to you, that you have all of the required disclosures when it comes to that particular law and that your privacy policy is completely customized to your website and to privacy practices.


If you would like to hear the full podcast or read the transcript, just visit the post Privacy Policies with Hans Skillrud & Donata Kalnenaite from Termageddon.

I also recommend that you check out Termageddon for all your policies as their service is priceless. You can see my own privacy policy here on BobWP generated by Termageddon.