Website Privacy Validation (1/6): Is my Privacy Policy link present on all pages?

September 16, 2022 Cameron Cowan

The one thing every website in the world should have in place is a privacy policy. But this simplest of privacy requirements can be hard to get right, especially if you have a large, complex website. 

This is because the privacy policy needs to be accessible from any possible entry point into your site. However, you may have a global footer that gets overwritten, you may have a section of your site that’s not managed by you, or a new landing page template that wasn’t built with the footer included; so validating that your privacy policy is indeed universally accessible is the first step in website privacy validation.

To show you how tough it can be to get this right, let’s look at the website of the global leader in trust and privacy technology, OneTrust – a consent management platform (CMP) that many of our customers use. If there's anyone that should be doing this right, it’s our friends over at OneTrust, so we’re going to use them for illustrative purposes. 

As expected, they do have a consent banner that’s showing up. And all the way at the bottom of the page, we can see that they have the link to their privacy policy, which they’ve labeled “Privacy Notice.” (You might see “Privacy Policy” or “Your Rights” on other sites.)

Using the ObservePoint platform, we set up a high-level Discovery Audit to scan 1,000 pages on OneTrust’s public website. (Because OneTrust is great at privacy compliance, we had to dig a little deeper into their site to find anything we could actually discuss!) An ObservePoint custom tag can be configured to detect whatever we want, so we set it up to look for the phrase “privacy notice” on each page. If you go into the settings for this Audit and look at the On-Page Actions, you would see something like this little script here. 

You don’t have to know what all this code means, but you will note there are specific lines to look for the phrase “privacy notice.” That's the specific standard that OneTrust uses on their website. So, hopefully, we would find that specific phrase on every page. 

To review the results of this kind of scan (keyword search via the OP Custom Tag), you then would want to look specifically at variable-level data. This can be done in the Variable Inventory audit report, shown here: 

As you drill into the specific tag (‘ObservePoint Data’) and variable (‘privacy notice’) we’ve set up, you can see any associated values found on each page for that check. In this Audit for OneTrust, we see for the “privacy notice” there are two unique values. 

That means there are some pages with that link and some without… yikes! 

If we click into the “privacy notice” variable, we can see that yes indeed there are 935 out of 1000 pages with a value of TRUE. Those are the pages where we found the words “privacy notice.” That's good. Unfortunately, there are also 62 that return with a value of FALSE. These pages do not have this phrase detected on them. At a high level, this usually tells me one of two things: either no privacy policy link is present on these pages (not good!) or at very least those pages are using some other term/phrase that isn’t aligned with my site-wide standard (at best, not ideal).

The good news is that ObservePoint’s Audit can tell you not only how many pages these issues have been detected on, but also exactly which pages they are so you know exactly where immediate action can be taken to remediate problems.

Now in this example, all we’ve configured this Audit to look for is a specific string of words. You can also go further and configure Audits to look for a specific link that goes to the webpage where your privacy policy resides. (This will help weed out false positives if ever you use specific phrases associated with your privacy policy link in places on your website other than just that required link’s text.)

In this case, a quick keyword check found that OneTrust may have some gaps in compliance as there are about 6% of pages on which we did not detect this required element – the most basic data privacy requirement that every website in the world should be meeting.

So, if even OneTrust – a leader in the data privacy industry—has a small percentage of pages potentially missing their privacy link, how do you think all other websites across the Internet fare in this same regard? How is your company’s website doing?

Auditing privacy policy presence is the first and most basic thing all organizations should be doing on a regular basis to ensure compliance with data privacy regulations. Follow along as we discuss the subsequent use cases in this series of posts.

 

If you’d like to see how your own website fares in delivering consistent coverage of your privacy policy links, reach out about getting started.

About the Author

Cameron Cowan

Cameron is the Sr. Director of Product Strategy & Marketing at ObservePoint and a veteran of the marketing analytics, digital advertising, and enterprise software industries. He has joined the ObservePoint family via the recent Strala acquisition and plays an active role in product management, technical marketing, and GTM execution. Prior to his time at Strala, Cameron spent 13 years working for Adobe (via the Omniture acquisition), and gained experience in account management, consulting, and technical sales before establishing himself as a leader in product management, technical marketing, and business strategy. His career has included living overseas on multiple occasions and collaborating with marketers and technologist on four continents.

More Content by Cameron Cowan
Previous Article
Website Privacy Validation (2/6): Is my “Do Not Sell/Share” link present on all pages?
Website Privacy Validation (2/6): Is my “Do Not Sell/Share” link present on all pages?

Is your "Do Not Sell/Share" link accessible from all entry points?

Next Article
What Are Piggybacking Tags and What Threats Do They Pose?
What Are Piggybacking Tags and What Threats Do They Pose?

Piggybacking tags are enough to keep the compliance officer or attuned marketer up at night. But what threa...

Get a free 14-day trial with ObservePoint

Start Your Trial