As mentioned above, every website which collects PII for commercial or otherwise purposes needs to give a general disclosure to its users that it is in fact collecting information for so and so reasons and (where applicable) may share with such and such individuals, businesses or partners (for example, logistic partners like DHL or TCS for E-Commerce businesses). This disclosure in turn acts as an implied permission from the user as the policy also states that continued usage of the website shall establish consent from the user against data collection. It also guides the user what to do in case they do not wish to share their information and thereby operates as an absolute defense from any potential claim or resulting liability that could be brought against your business by any of its visitors.
Compliance with Google
As mentioned earlier, every website is legally bound to provide its users an option to decline the collection of their information. The policy also provides for this right to refusal and in some cases the option to request the website to return/delete such user’s information. These options and how to use them are detailed in the privacy and cookie policies respectively.
General Data Protection Regulation (GDPR) is a regulation that requires businesses to protect the personal data and privacy of primarily European Union (EU) citizens for transactions that occur within EU member states. However, the GDPR not only applies to businesses located within the EU but also applies to businesses located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. This means that any company that stores or processes personal information of EU citizens must comply with the GDPR even if they do not have a business presence within the EU which effectively translates into a worldwide applicability. For example, if someone from Germany visits your website then by default you are subject to the GDPR. Hence, no matter the geographical location almost all businesses, as long as they have an online presence, have to comply with the GDPR otherwise they are subject to hefty fines and penalties as well as a grave hit to their brand reputation.
THE LEGALITY OF IT
DOWNSIDE OF NON COMPLIANCE