News & Events


Privacy Policy: Do your terms & conditions turn off consumers?

Protection of personal data has never been considered the "sexiest" of subjects. Even as an enthusiastic commercial lawyer, I have to admit that the topic of data protection would be more likely to send your guests running for the hills than to stimulate conversation at a dinner party (although I’ve yet to try it). And in this fast-paced culture where almost anything can be purchased at a click of a button (but only if it can be delivered yesterday), do people even know what a privacy policy is, let alone take the time to read these statements and consider what may happen to their personal data? Surprisingly for many, a recent report from research group Forrester seems to indicate that the answer is yes.

Forrester has reportedly questioned 37,000 consumers in North America, and over half of the respondents over the age of 55 are said to have indicated that they had failed to complete a transaction with a company because of what they read in that company’s terms of use and privacy policy. This is a 25% rise from the 2008, when the same question was put forward to individuals of the same age group. And the younger generation are also becoming more discriminating with whom they share their personal information, with the total number of individuals who have clicked away from a transaction due to privacy policy fears haven risen from 38% to 44% over the same period.

It appears then that, across the pond at least, customers are aware of the implications of disclosing personal data and are prepared to "vote with their feet" (or their computer mouse) if they do not agree with the way in which a company processes the information it collects about its customers. Whilst everyone appears to becoming ever-more reliant on the internet, and even the older generation are becoming increasing computer-literate (yes, my Grandfather does have his own Facebook profile), this does not mean that the general public are becoming any less discerning. As competition increases, so does the need to provide "the complete package", including peace of mind when it comes to data security.

All this is handily summarised by the author of the Forrester report, Fatemeh Khatibloo, who remarks "A leaky, bloated, or hidden privacy policy and/or terms-of-use statement will cost your organisation substantial revenues,". So, if you are an online retailer how can you ensure that your organisation’s terms do not scare off potential customers?

First of all, do you have a privacy policy? Any organisation which collects, stores and/or uses personal data in the United Kingdom (and/or in a large number of other countries) will need to inform the subject of such data what information it collects, why it is collecting such information and to who it may disclose this information in order to comply with data protection legislation. Not only that, but the more savvy customer will want to know what is going to happen to their information when they hand it over to you. If you don’t have a policy in place, make sure you get one drafted for you, now.

If you already have a policy, take the time to really look through it and make sure it reflects your business practices, and whether your business practices in fact need to be reviewed. Consider not only the extent of the data you are collecting (and whether a customer has to put a week aside just to set up an account on your website) but the type of information you are collecting. If you were the customer, would you be happy to provide such information? The Forrester report shows that consumers are prepared to share their data in exchange for value, but they need to understand why you want to know their dress size / star sign / Aunt’s favourite type of biscuit when purchasing a book.

The Forrester report also suggests that individuals are more hesitant to disclose their identity data (which, for example, includes contact and payment details) than their behavioural data (such as how that individual came to know about an organisation or how often it purchases certain items). So bear this in mind when deciding what information to collect.

Also consider providing a variety of different options when it comes to allowing consumers to "opt out" of receiving further communications if you are collecting personal data. Some may want to receive a monthly newsletter by email for example but do not want to be contacted by phone. If you only have an "all of nothing" option, people are more likely to go with the "nothing" option, and leave the website.

Finally consider whether your privacy policy (and the way in which you collect, store and use personal data) is compliant with data protection legislation. The UK Information Commissioner (i.e. the man in charge of making sure that companies pay attention to data protection) has recently indicated that he will be getting tough on those that fail to toe the line, and consumers are becoming more aware of their rights (and how to complain if these are not met).

Privacy policies may not be glamorous, but they can be another way of promoting your organisation if drafted in the right way, showing your commitment to looking after your customers and valuing their individual needs. What you do need to ensure is that your privacy policy is not the reason why potential customers are deciding not to use your business. So, what does your privacy policy say about your business?


These notes have been prepared for the purpose of an article only. They should not be regarded as a substitute for taking legal advice.


Get in touch

Talk to us about your legal challenges and discover how our expert, pragmatic legal advice and broad commercial acumen can help.