Personal Website Privacy Notice

Does your personal website/blog need a Privacy Notice?

I recently realized this personal website did not have a Privacy Notice, even though personal data is being collected here. Was it a problem? Using the word “need” makes most people think about some external factor, such as a law or regulation. Businesses in almost all parts of the world are now concerned with data protection and privacy laws and regulations. Those businesses that are not should be. What about personal websites and blogs? Does your website or blog need a Privacy Notice?

Let me take GDPR as an example: In its article 2, Material Scope, it says:

  1. This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.
  2. This Regulation does not apply to the processing of personal data:

(a) in the course of an activity which falls outside the scope of Union law;

(b) by the Member States when carrying out activities which fall within the scope of Chapter 2 of Title V of the TEU;

(c) by a natural person in the course of a purely personal or household activity;

(d) by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

  1. For the processing of personal data by the Union institutions, bodies, offices and agencies, Regulation (EC) No 45/2001 applies. Regulation (EC) No 45/2001 and other Union legal acts applicable to such processing of personal data shall be adapted to the principles and rules of this Regulation in accordance with Article 98.
  2. This Regulation shall be without prejudice to the application of Directive 2000/31/EC, in particular of the liability rules of intermediary service providers in Articles 12 to 15 of that Directive.


If, like me, you keep a personal website for purely personal purposes, you’ll probably agree that the regulation doesn’t apply to your website. Others would say that if you’re processing personal data, you should have a privacy policy, as well as cookies disclaimers and everything else. (Most of those would take the first opportunity to sell you their correlated products or services).

If you got here just to know if you need a privacy notice or policy in your noncommercial personal website, the simple answer is, most likely you don’t need it. I won’t say you never do, I’m not a lawyer, and I don’t know all the laws and regulations worldwide. Legislators can be very creative. So, generally, you are not required to have a privacy notice on your personal website. But why not have one?! By being transparent to your visitors and readers, you can earn extra “trust points”. People are getting more conscious about their privacy, allowing them to understand what kind of data you may be collecting and for what purposes can be significant. It doesn’t need to be something long, fancy, in legal terms. (You won’t necessarily have to buy something from that guy I’ve just mentioned). It can be as simple as letting people know what kind of data you collect, for what purposes, and how you process it. This is precisely what I did for my Privacy Notice. You can read it here or in the footer of any page on this website. Am I saying it is always that simple?! Of course not! Creating a privacy policy is a tough job for most companies. But it doesn’t need to be tough for you.

Even though you may not be required to have a privacy notice, you know (or should know) what kind of data you process. Why not share that with your visitors?!

Tiago Kiill
Tiago Kiill
Manager, enthusiast and lifelong learner of Information Security

Manager, enthusiast and lifelong learner of Information Security.