As data privacy regulatory obligations continue to expand, more and more organizations are integrating privacy centers within their public-facing websites. Privacy Centers are portals embedded within the organizations’ websites where consumers can find everything they need to know about an organization’s Privacy Policies in one convenient location. 

A typical Privacy Center contains:

• Privacy Policy/Notice
• Cookie Policy
• Terms & Conditions
• FAQs
• Marketing or Communication Preferences
• Privacy Rights Request Choices
• Support and Contact Information for the organization’s privacy team

Privacy Centers offer a chance for organizations to demonstrate their commitment to privacy and gain brand loyalty. It allows organizations to convey their privacy vision in a much more clear and straightforward way. Privacy Centers can include short-form privacy notices in addition to more detailed privacy notices required by individual State and/or International requirements such as the EU’s General Data Protection Regulation.

If the proposed Federal Privacy Law titled the American Data Privacy and Protection Act (ADPPA) passes, in addition to the more detailed privacy notices, organizations defined as "large data holders” must also provide a short-form privacy notice that is no more than 500 words in length.[1] We sampled a few California consumer privacy notices of organizations that are likely considered “large data holders” and most were over 3,500 words in length. Using a Privacy Center is a way for organizations to include a short-form notice and layer the more detailed notice underneath for consumers who want that additional granularity.

Even if the ADDPA does not pass, we believe there is a high likelihood that the next round of State privacy laws will include some of the proposed requirements that were in the ADPPA. As a result, we expect a short-form version of a privacy notice likely to be required in the future. 

Organizations that include technology platforms as part of their core offerings will also likely include privacy notices for the website and separate privacy notices for each platform given the data collection and uses practices varies across each and a Privacy Center is a great place to house these additional notices. 

Emerging privacy technology allows organization to structure these Privacy Centers in a manner to promote integration with privacy compliance and other marketing functions such as email frequency and/or opt-outs, text marketing preferences, postal mail preferences, and phone call preferences. 

Below are some good examples of Privacy Centers:

• https://www.marriott.com/about/privacy.mi
• https://www.facebook.com/privacy/center
• https://www.spotify.com/us/privacy
• https://contentsquare.com/privacy-center/
• https://www.johnsoncontrols.com/privacy-center
• https://www.homedepot.com/privacy/overview

Privacy Centers are not currently mandatory but in our experience continue to grow in popularity as organizations balance clear and concise messaging to their customers with the detailed and complex regulatory requirements of an online privacy policy. The introduction of Privacy Centers represents a good practice for large brands to adopt as they promote organization, ease of use and transparency. 

[1] https://docs.house.gov/meetings/IF/IF00/20220720/115041/BILLS-117-8152-P000034-Amdt-1.pdf