Website Privacy Validation (1/6): Is my Privacy Policy link present on all pages?

Website Privacy Validation (1/6): Is my Privacy Policy link present on all pages?The one thing every website in the world should have in place is a privacy policy. But this simplest of privacy requirements can be hard to get right, especially if you have a large, complex website.

This is because the privacy policy needs to be accessible from any possible entry point into your site. However, you may have a global footer that gets overwritten, you may have a section of your site that’s not managed by you, or a new landing page template that wasn’t built with the footer included; so validating that your privacy policy is indeed universally accessible is the first step in website privacy validation.

To show you how tough it can be to get this right, let’s look at the website of the global leader in trust and privacy technology, OneTrust – a consent management platform (CMP) that many of our customers use. If there's anyone that should be doing this right, it’s our friends over at OneTrust, so we’re going to use them for illustrative purposes.

 

Website Privacy Validation (1/6): Is my Privacy Policy link present on all pages?

As expected, they do have a consent banner that’s showing up. And all the way at the bottom of the page, we can see that they have the link to their privacy policy, which they’ve labeled “Privacy Notice.” (You might see “Privacy Policy” or “Your Rights” on other sites.)

Using the ObservePoint platform, we set up a high-level Discovery Audit to scan 1,000 pages on OneTrust’s public website. (Because OneTrust is great at privacy compliance, we had to dig a little deeper into their site to find anything we could actually discuss!) An ObservePoint custom tag can be configured to detect whatever we want, so we set it up to look for the phrase “privacy notice” on each page. If you go into the settings for this Audit and look at the On-Page Actions, you would see something like this little script here.

 

Website Privacy Validation (1/6): Is my Privacy Policy link present on all pages?

You don’t have to know what all this code means, but you will note there are specific lines to look for the phrase “privacy notice.” That's the specific standard that OneTrust uses on their website. So, hopefully, we would find that specific phrase on every page.

To review the results of this kind of scan (keyword search via the OP Custom Tag), you then would want to look specifically at variable-level data. This can be done in the Variable Inventory audit report, shown here:

 

Website Privacy Validation (1/6): Is my Privacy Policy link present on all pages?

As you drill into the specific tag (‘ObservePoint Data’) and variable (‘privacy notice’) we’ve set up, you can see any associated values found on each page for that check. In this Audit for OneTrust, we see for the “privacy notice” there are two unique values.

That means there are some pages with that link and some without… yikes!

 

Website Privacy Validation (1/6): Is my Privacy Policy link present on all pages?

If we click into the “privacy notice” variable, we can see that yes indeed there are 935 out of 1000 pages with a value of TRUE. Those are the pages where we found the words “privacy notice.” That's good. Unfortunately, there are also 62 that return with a value of FALSE. These pages do not have this phrase detected on them. At a high level, this usually tells me one of two things: either no privacy policy link is present on these pages (not good!) or at very least those pages are using some other term/phrase that isn’t aligned with my site-wide standard (at best, not ideal).

The good news is that ObservePoint’s Audit can tell you not only how many pages these issues have been detected on, but also exactly which pages they are so you know exactly where immediate action can be taken to remediate problems.

Now in this example, all we’ve configured this Audit to look for is a specific string of words. You can also go further and configure Audits to look for a specific link that goes to the webpage where your privacy policy resides. (This will help weed out false positives if ever you use specific phrases associated with your privacy policy link in places on your website other than just that required link’s text.)

In this case, a quick keyword check found that OneTrust may have some gaps in compliance as there are about 6% of pages on which we did not detect this required element – the most basic data privacy requirement that every website in the world should be meeting.

So, if even OneTrust – a leader in the data privacy industry—has a small percentage of pages potentially missing their privacy link, how do you think all other websites across the Internet fare in this same regard? How is your company’s website doing?

Auditing privacy policy presence is the first and most basic thing all organizations should be doing on a regular basis to ensure compliance with data privacy regulations. Follow along as we discuss the subsequent use cases in this series of posts.


If you’d like to see how your own website fares in delivering consistent coverage of your privacy policy links, reach out about getting started.

Read the next blog post in the Website Privacy Validation series: Is my "Do Not Sell/Share" link present on all pages?

Related Posts

ObservePoint Use Case Library

Discover 21 tips to improve your Adobe Analytics implementation and analytics data. Download your free copy.
Read More

Website Privacy (6/6): Are requests coming from unauthorized countries, regions, or domains?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, whether or not the consent management platform (CMP) is respecting user preferences, and where new or unapproved cookies are showing up on your site. The final question we address in this series is, “Are there network…
Read More

Website Privacy Validation (5/6): Where are new and/or unapproved cookies and technologies showing up on my website?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, and whether or not the consent management platform (CMP) is respecting user preferences. The next thing you should ask is, “Where are new and/or unapproved cookies and tags showing up on my website?” Essentially,…
Read More

ObservePoint Use Case Library

Discover 21 tips to improve your Adobe Analytics implementation and analytics data. Download your free copy.
Read More

Website Privacy (6/6): Are requests coming from unauthorized countries, regions, or domains?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, whether or not the consent management platform (CMP) is respecting user preferences, and where new or unapproved cookies are showing up on your site. The final question we address in this series is, “Are there network…
Read More

Website Privacy Validation (5/6): Where are new and/or unapproved cookies and technologies showing up on my website?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, and whether or not the consent management platform (CMP) is respecting user preferences. The next thing you should ask is, “Where are new and/or unapproved cookies and tags showing up on my website?” Essentially,…
Read More