First it was Microsoft and now Google is getting into the Privacy Policy Enforcement business. Microsoft has been rather heavy handed and inconsistent on their policy enforcement shutting down accounts for what it deems to be a problem. It seems if your page takes input from the visitor there is very exact language required in your privacy policy.
Here is Google Blog Posting from Inside AdWords on this:
If your site requests payment, financial, or personal information from visitors, please review the new requirements and make any needed changes to avoid having your ads suspended.
- Clear, accessible disclosure before visitors submit personal information
Our existing policy requires you to clearly describe how any personal information you solicit will be used. Soon, we’ll require that your description must also be easily accessible before site visitors submit their details. - Option to discontinue direct communications
In the same description of how personal information will be used, you’ll also be required to describe how people can opt out of future emails, phone calls, or other direct communications. - SSL when collecting payment and certain financial and personal information
Many websites use what are known as Secure Sockets Layer (SSL) connections to encrypt sensitive information that travels between the user’s browser and the website’s servers. To help ensure user safety, AdWords policy will require all advertisers to use SSL when collecting payments and certain financial and personal information (like bank account and social security numbers).
Source: https://adwords.blogspot.com/2011/05/upcoming-adwords-policy-changes-to.html
Microsoft’s policy appears to be very similar especially on item 2. We had a situation with them where they shut down two accounts over the exact words in the privacy policy. It seems that the magic words are “You may opt out of any future communications including but not limited to emails, phone, or mail. By sending a notice to via email to <email address> or by mail to <business name and address>.
Both Google and Microsoft are requiring that the advertiser states in their privacy policy that they will obey the law. The CAN-SPAM law specifically requires that you honor an opt-out request within 10 days. It seems that Microsoft and Google are now assuming the role of the Government in this area. The timing is such that I wonder if the Government is pulling the strings on this one.
For the SEO only people in our audience you have to wonder. What they will do to your organic score, if you do not have a privacy policy? My gut tells me that it will not be very pretty.
The bottom line here is if you have no privacy policy and have any input on your site you need to fix this before something bad happens to your site. If you have no policy https://www.freeprivacypolicy.com/ can generate a policy for your site and it’s free.