Is your blog legal?

You may be thinking, what does the law have to do with my blog? Well, if your blog is on a website and collects personal information about your blog’s users and visitors, then you have to comply with the relevant data protection requirements in the UK.

Whether it’s writing a cooking recipe or documenting a health and fitness journey, there are strict legal guidelines that you should be aware of. This week, we discuss what those guidelines are.


What type of personal information is covered by the data protection requirements?

UK data protection laws apply to personal data relating to individuals who can be personally identified from that data, either directly or indirectly. Personal data includes:

  • names
  • addresses, including email addresses
  • dates of birth
  • online identifiers, such as IP addresses

See Data protection for more information.

If you process such personal data (eg by storing or collecting it) you need to ensure that your blog complies with data protection laws. This includes having relevant documents to ensure the safety and security of your visitors’ or users’ data.

When processing personal data, it’s important to have adequate policies such as a Privacy policy and a Data protection and data security policy to inform your users what data is stored, why it’s stored and what you intend to do with it.


What is a privacy policy? 

If you are processing personal data of visitors to your website, by, for example, having a newsletter subscription or email signup form, then you should consider having a Privacy policy in place.

The processing of personal data is any use of such data, other than for personal reasons, and includes storing, obtaining, recording, organising and retrieving personal data. It’s safe to say that if you are doing any of these acts, then your online blog should have a Privacy policy. 

A Privacy policy, amongst other things, explains to website users what personal data is being collected and ensures that you have their permission to collect this information. As personal data is information that makes a person directly or indirectly identifiable, a small snippet of information about a person may amount to personal data, if the person to whom the data relates can be identified from the data.

Your Privacy policy should be visible to your website user and clearly be displayed on your blog page. The best way to inform users of your privacy policy is to have a link in the header or footer of your blog.


Do you know your cookies?

Cookies are small files stored on a computer’s browser by websites that can be used for various purposes, often related to marketing or advertising. They scoop information about the use of a website and can enable the website to recognise if an existing user returns to the website at a later date. For example, Google Analytics tracks how many times a user has visited a page on a website.

There are different types of cookies that vary from necessary cookies, which are essential for a user to use the features of your website, to third party cookies commonly used by advertisers to understand your habits so that the right services are advertised to you. As someone who operates a website, you need to tell your users what cookies are used, what they are doing and why, and most importantly the users’ consent to the cookies.

For your blog, users must know that your website uses cookies and how they can consent to cookies being stored (or refused cookies being stored) on their device. There are a couple of ways that you can get user consent, including:

  • opt-in consent when the user clicks on the website and they select whether they allow or do not allow cookies 
  • implied consent, which enables you as the website owner to automatically add the cookies onto a website and explains to a user how to disable them

Consent to cookies must be freely given, be specific and informed. In other words, the user must fully understand that they are giving consent and what they are giving consent to. Consent must also involve some form of unambiguous positive action, such as ticking a box or clicking a link. 

Care must be taken to ensure that consent to cookies can be as easily withdrawn as it is given. You must therefore enable visitors to change their mind about cookies by providing an opt-out option.

It is important to make sure that your cookies policy is displayed clearly for the visitor or user and you can do this via a pop-up, banner or link. The details within your cookies policy must use clear language and be readable for the user to understand what you are intending to do with cookies. Rocket Lawyer’s Privacy policy contains an integrated cookies policy. 


Setting out website terms of use

As with all websites, you should have Website terms and conditions displayed on your blog. Website terms of use set out the rules that users ‘consent’ to when using your website, especially when it comes to using your intellectual property, for example, your logo and pictures. 

As the website owner, you may want to think about protecting the content you publish and set out in your terms and conditions that users are not allowed to upload, distribute or publish your content on other websites. Similarly, if you have a comment section on your blogs that allows your users to post comments on sections throughout your blog, you may request that users not post anything illegal or which could be considered defamatory, threatening or abusive.

Your website terms of use should be visible from every page on your site. At the very least, a link should be visible from your homepage. The more visible your terms to website visitors, the more likely they will be considered to have been effectively implemented.

For more information, read How to set up your blog.

Start your blog off right by complying with data protection requirements, by using our Privacy policy and Website terms and conditions. Ask a lawyer if you have any questions.