Things about Privacy Policy, GDPR, and other Laws Every Blogger Should Know

Blogging, like any other business, is bound by the law. Not knowing the law can hurt us financially and emotionally.

We often hear the terms privacy policy, terms of service, and disclaimers. Are these pages essential for your blog? Read on to find out.

Before I begin, here’s a disclaimer. Am I starting to sound like a lawyer? Well, I’m not a lawyer, and this article should not be construed as legal advice. I am writing this article after reading content on websites of government agencies, opinions of other bloggers, and articles that are available freely on the internet. Although I’ve done my best to understand the law, I cannot guarantee the accuracy of this article or be held responsible for any defects (intentional or unintentional).

What are the laws that apply to bloggers?

Two laws that come to mind right away are FTC regulations and GDPR.

FTC is applicable in the US, while GDPR is a European regulation.

Are these laws relevant to you if you are not based in the US or Europe? Read on to find out.

Let’s first start with FTC Regulations.

What is FTC?

FTC stands for Federal Trade Commission. Their mission is to protect consumers and encourage competition. The commission protects consumers by stopping unfair, deceptive, and fraudulent practices; which may include breach in data security, deceptive advertising practices, and identity theft.

What does FTC expect from bloggers?

Reveal who you are sleeping with

FTC believes that truth in advertising is essential in all mediums, whether traditional or new age mediums like blogs and social media.

Although it is common knowledge among industry insiders that bloggers get paid to talk positively about products and services, it may not be evident to your readers.

FTC uses the term ‘significant minority.’

If a reader does not know that a brand is paying you to write about their product, or you will receive a commission for a sale from an affiliate link, it can affect the value he places on your opinion.

FTC believes that bloggers should be transparent about their relationships.

Even if a blogger is compensated in ‘kind,’ and no cash has been exchanged, it should be revealed. FTC defines compensation as anything of significant value.

Bottom Line

Disclose your brand relationships in a prominent place where readers can see it, not hidden in a disclosures page in some dark corner of your website or at the bottom of your blog post. The ideal place is at the top of your blog post.

The wordings needn’t have to be drafted by a lawyer; they just have to be clear and easily understood by your reader.

For example, something as simple as…

I got paid by Y company to write this post.


This post consists of affiliate links, I get paid a commission when someone purchases a product by clicking on the links on this post.

Is FTC applicable to International Bloggers who reside outside the US?

If bloggers foresee that their content will be seen and will affect US visitors, then US law will apply to them.

The way I understand this is that if your promotion activities are focused predominantly on attracting an audience residing in your home country and you have no intention of attracting a US audience, then FTC will not apply to you.

But if you are using promotion activities to attract an audience from the US, then it’s better to comply with FTC.

Is the FTC monitoring you?

The FTC claims that they are not monitoring bloggers. And they are more likely to go after brands, and their advertising or PR agencies, rather than bloggers. But there are instances where the FTC can go after bloggers if they fail to make disclosures even after repeated warnings.


Now coming to GDPR

GDPR stands for General Data Protection Regulation.

The purpose of GDPR is to protect EU citizens from data breaches.

It is designed to harmonize data privacy laws across Europe, protect and empower the data privacy of EU citizens, and reshape the way organizations approach data privacy.

Does GDPR apply to international bloggers?

Even if you reside outside the EU but collect and process data of EU citizens, then GDPR will apply to you. Data means their name, email, phone number, or any personal details about the subject.

GDPR involves consent, notification of a breach, right to access, right to be forgotten, data portability, and data minimization. We’ll discuss all of them below.


As with most data protection laws, subjects must give their consent to companies to process their data. Companies can no longer use consent hidden in long forms filled with full of legalese that is not easily understood by the subject. Consent must be clear, written in a manner that is easily understood by the subject, and companies must mention the purpose of processing their data. It should be as easy to withdraw consent as it is to give consent.

Notification of breach

If data has been compromised or any breach has occurred that could result in a “risk for the rights and freedom of individuals,” then companies must notify their customers, and all parties involved with 72 hours of becoming aware of the breach.

Right to access and Data Portability

Your data subjects have the right to access their data at any point. Further, companies are required to provide a copy of the data requested by their subjects in an electronic format. Subjects also have the right to transmit this data to another controller.

Right to be forgotten

The subject has the right to have his entire data deleted from the controller’s records if the subject withdraws consent, or if the data is no longer relevant to the original purpose of consent.

Data minimization

Controllers and companies are required to collect and process only as much data that is required to fulfill their duties and limit access only to those who need it to perform their responsibilities.

Appointing a Data Protection Officer (DPO) in the EU

GDPR mentions that a Data Protection Officer (DPO) should be appointed in the EU if the controlling company does not have a branch office or a physical presence in the EU. Does this apply to bloggers?

Well, GDPR mentions that controllers (companies) are exempt from appointing a DPO is they fall into one of the below categories: a) public authorities, (b) organizations that engage in large scale systematic monitoring, or (c) organizations that engage in large scale processing of sensitive personal data (Art. 37).

Does this mean bloggers are exempt from appointing a DPO in the EU? Bloggers are not public authorities or organizations that engage in large scale systematic monitoring and processing of sensitive personal data.

My research says that dating sites, cloud service providers, social networks, and companies that sell products and services to EU citizens are not exempt from appointing a DPO. However, it is not completely clear if bloggers are exempt from appointing a DPO. I will need to speak to an authority in the EU to get clarity on this issue. I believe it’s one of those things in the law that is ambiguous and can go either way.

Legal pages you may need to display on your blog

Privacy Policy

Most laws require a privacy policy to be displayed on your website, ideally in the footer of your website. It should contain information related to how you collect and process subscriber data, including information that is collected automatically through cookies, rights of GDPR subscribers like the right to deletion, data access, and portability.

There are a lot of tools on the internet that help you generate a privacy policy page. However, it is ideal to get a good lawyer to draft it for you. Or you could use a boxed template drafted by a lawyer. Amira’s privacy policy template is a good option for bloggers because it is written by someone who is both a lawyer and a blogger, you can purchase her privacy policy template here (It’s an affiliate link, we get paid a commission if you click on the link and buy).

Terms of service

These are the terms and conditions under which your website operates. A terms of service page can include information about your intellectual property rights, how readers can or cannot use your content, dispute resolution, and other legal issues.


The purpose of a disclaimer is to protect the blogger from liabilities that may arise from using the website, or it’s content. It includes limitations of the advice provided on the website, expecting similar results to what was achieved, etc.

The easiest and fastest way to set up your legal pages is to purchase Amira’s legal bundle that consists of a privacy policy template, Terms of Service template, and a Disclaimer template. You can buy all three templates here (It’s an affiliate link, we get paid a commission if you click on the link and buy).


It’s essential for bloggers to know enough about the law so that they are legally protected. I hope you enjoyed reading this article. Feel free to share this article with your blogger friends.

Further Reading

What is plagiarism and how to avoid it?

Using copyright protected images on your blog? Be ready to pay huge penalties

You May Also Like