Privacy Policy Guidelines for Safeguarding Listener Data

When was the last time you read your radio station’s privacy policy?  Do you have one listed on your station website?  If you don’t, we will give you a very important reason why you should later.  Information privacy is a major concern today as more and more people fall victim to identity theft.  So, your radio station must inform your listeners and website visitors about how you handle their personal information when they give it to you.  This could contest information, form details, or simply information extracted from website cookies.

Important: Before continuing, we must ensure you know this article should not be considered legal advice. Our findings are based on our research on privacy and are intended to inform and assist you in understanding general privacy principles.

Over the past few years, several privacy laws have been created in response to increasing public concern over personal data security and privacy, especially given the vast amounts of data collected and processed by businesses and the frequent occurrences of data breaches and misuse.  The two biggest laws that protect privacy are the GDPR and the CCPA.

What is the GDPR?

The General Data Protection Regulation (GDPR) is an essential regulation for any business or organization operating within the European Union (EU) or dealing with the data of EU residents. The regulation strictly handles personal data and gives citizens significant control over their personal information.

To comply with CDGR guidelines, many websites now have banners at the bottom that tell you what information they receive and how they use it. You can “Accept” that it’s happening or click “Decline” and, most likely, be sent somewhere off-site.

Who Needs to Display GDPR Banners?

Businesses that Meet Any of the Following Criteria:

• Have a Presence in the EU: Any entity with an office, branch, or establishment within the EU that processes personal data in the context of its activities.
• Offering Goods or Services to EU Residents: This includes online services. It needs to comply if a website targets consumers in the EU (e.g., by allowing them to order goods or services in European languages other than English or enabling payment in euros).
• Monitoring the Behavior of Individuals in the EU: This includes tracking internet activity to analyze or predict personal preferences, behaviors, and attitudes. Common examples include using cookies for behavioral advertising or analytics that track EU residents.

What is the CCPA?

The California Consumer Privacy Act (CCPA), inspired by the GDPR, aims to provide similar protections within California. It gives residents the right to know about, delete, and opt out of the sale of their personal data. It represents a significant step towards consumer privacy rights in the U.S., where privacy regulation is otherwise fragmented.

Who Needs to Display CCPA Banners?

Businesses that Meet Any of the Following Criteria:

• Annual Gross Revenues Exceed $25 Million: Any business with annual gross revenues over $25 million, regardless of where they are based, must comply if they collect personal data from California residents.
• Buy, Receive, or Sell Personal Information of 50,000 or More California Residents, Households, or Devices Annually: This includes direct transactions and passive data collection through website visits, app usage, or device interactions.
• Derive 50% or More of Annual Revenues from Selling California Residents’ Personal Information: If a significant portion of a business’s revenue comes from selling data collected from California residents, it must comply with the CCPA.

Does this Affect Most US-based Radio Stations?

Since most radio stations that listen to this podcast do not target an EU audience, you typically wouldn’t need to include GDPR or CCPA consent banners for cookies and data processing. However, it’s important to consider other factors regarding privacy notice pages, especially when using third-party services like Google, which collect and process user data.

Several plugins and services you can use will cover all your bases on privacy concerns, like providing the necessary popup, establishing your privacy page, and even keeping it updated as laws change.  Some free tools are available, but the more robust ones, like CookieYes and TermsFeed, come with a monthly fee. We’ll leave you to research those since the need will change depending on your location.  We can talk about establishing your privacy notice page, though.

U.S. Privacy Laws and General Best Practices

Privacy Policy agreements are required by law worldwide if you’re collecting data that can be used to identify an individual.  Here are several key considerations and general best practices regarding privacy notices:

1. General Data Privacy: It’s good practice to have a privacy policy on your website that details how you handle personal data, regardless of the audience’s geographical location. This policy should include information about the types of data you collect, how it’s used, and the security measures to protect it. This includes contest form entries, regular form entries, newsletter information, etc.
2. Disclose Third-Party Services (like Google): If you use Google services that track user behavior (like Google Analytics, Google Ads, and even YouTube videos), you typically need to disclose this in your privacy policy. Even if you are not targeting any location that has laws in place, informing users about cookies and obtaining consent is considered a standard “best practice” of transparency and respect for user privacy.
3. Children’s Online Privacy Protection Act (COPPA): If any part of your audience could reasonably include children under 13, you must comply with COPPA. This includes having a clear privacy policy that details the information collected from children, how it’s used, and ensuring parental consent is obtained before collecting data from children.
4. State-Specific Law Compliance: Depending on your audience’s location within the U.S., you may need to comply with state-specific privacy laws. For instance, Virginia’s Consumer Data Protection Act (CDPA) and Colorado’s Privacy Act (CPA) also emphasize consumer privacy rights akin to the CCPA.
5. Display User Rights: Depending on the state, users might have specific rights regarding their data, such as the right to access, delete, or opt out of the archive or sale of their data.
6. Include Contact Information: How users can contact you for further inquiries or exercise their data rights.

Conclusion

Again, this article is provided for informational purposes only and does not constitute legal advice. Privacy laws vary widely, so we strongly recommend consulting a qualified legal professional to ensure your specific privacy practices comply with applicable laws.

Although specific privacy laws may not apply to your station or group, transparency about privacy practices through a comprehensive privacy notice page can help build trust with your audience. It ensures compliance with applicable U.S. laws and fosters a positive user experience by keeping visitors informed about their data rights and privacy.