When you decide to start a blog, you may need to do more than just start posting.

Legal agreements for blogs may not be fun, but they're in some cases mandatory, and in all cases very important both for you and your blog visitors.

Keep reading to determine if your blog needs a Privacy Policy, a Terms of Service section or both.

Generally, most websites (even blogs) do require a Privacy Policy and a Terms of Service. These legal agreements are required if certain criteria are met by the blog owner.

However, the criteria are such that most blogs will end up on the side of needing these legal agreements in place.

Most blogs have features such as comment forms so that bloggers can easily connect to other people and fellow bloggers. This means that blogs collect at least some personal information from visitors: the email address.

A Privacy Policy is required by the law if you collect personal information from users, regardless if it's just one email address or not.

This kind of agreement needs to cover all the important details of how your blog website collects and uses personal data from visiting users.

As a blogger, you may collect personal data from users in multiple ways, directly or indirectly:

  • Through comments. Most comment forms will require the name and the email address to be filled in order for a comment to appear on a post.
  • Through third parties that you may use. For example, if you use Google Analytics you need a Privacy Policy as required by the Terms of Service agreement of Google Analytics:

    You will not and will not assist or permit any third party to, pass information to Google that Google could use or recognize as personally identifiable information. You will have and abide by an appropriate Privacy Policy and will comply with all applicable laws, policies, and regulations relating to the collection of information from Visitors. You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect data. You must disclose the use of Google Analytics, and how it collects and processes data.


  • Through Google AdSense. If you serve ads, the third-party (in this case Google AdSense) may collect data from users visiting your blog.

    "Section 8: Privacy" of the Terms and Conditions of Google AdSense requires you to have a Privacy Policy at all times:

    You will ensure that at all times you use the Services, the Properties have a clearly labeled and easily accessible privacy policy that provides end users with clear and comprehensive information about cookies, device-specific information, location information and other information stored on, accessed on, or collected from end users' devices in connection with the Services, including, as applicable, information about end users' options for cookie management.


    This is an example on how you could include the "DoubleClick Cookie" clause in your Privacy Policy to start to comply with the AdSense program rules:

    Google, as a third-party vendor, uses cookies to serve ads on our Website. Google's use of the DoubleClick cookie enables it and its partners to serve ads to our users based on their visit to our Website or other sites on the Internet.

    As a user of our Website, you may opt out of the use of the DoubleClick cookie for interest-based advertising by visiting the Ads Preference Manager.

  • Other third parties that are using cookies.

    You may also need to comply with the "EU Cookies Directive" if any third parties that you use on your blog will insert cookies on users' devices, regardless if the cookies are used for remarketing purposes or not.

    Generally, you do this through a separate agreement titled "Cookies Policy", but you can add the necessary information to comply with the EU Cookies Directive inside the Privacy Policy agreement itself.

  • Remarketing. It's extremely important to notify users if any third parties from your blog would use a user's visiting session for remarketing purposes.

Privacy Policy agreements

Privacy Policies are a way to inform your blog visitors of exactly what data or information you collect from them, how you collect it, and what you will be using this data for.

These legal agreements must be detailed, easy to understand, accurate and thorough. Don't leave anything out or be vague.

Your blog is required to have a Privacy Policy if it does any of the following: collects any personal information from visitors.

This can be something as simple as requiring a user to submit his email address when leaving a comment on your blog, or something as obvious as allowing users to register and create an account on your blog where they must submit information (such as real name, email address, zip code, etc.) in order for them to do so.

TNW News Logo

Below is a great example of a Privacy Policy section from TNW News that touches upon site registration and the use of personal information, called Registration and Use of Personal Information.

This section makes it clear that registration isn't required to use the site, but may be required to take advantage of specific features.

Having language like this in your blog's Privacy Policy is a good way to let your visitors know that personal data may be requested from them in certain circumstances and in order to improve their experience while visiting the blog.

Registration Clause in TNW Privacy Policy

The Privacy Policy at Tim Ferriss' blog on Four Hour Work Week describes what information is collected and how it is used in a very clear way.

There's a link to its Terms of Service agreement page within the Privacy Policy agreement itself. This is a great way to let users know that this Privacy Policy is not the only legal agreement in place on the site:

Privacy Policy of Tim Ferris Blog

Note how the blog is owned by a company and not the author personally. This is an important strategic move that limits the personal liability of the author in the event that there is an issue with privacy or a violation of privacy rights of a user.

Now, back to the list of what triggers the requirement of a Privacy Policy for a blog:

  • Using analytics (such as Google Analytics) to track visitors to your blog.
  • Placing or using cookies.

    An example of using cookies is if your blog displays advertising that uses cookies to show personalized ads to visitors based on what types of sites the visitor was browsing before ending up at your blog.

    This is called retargeting or remarketing.

Cookies Policy agreements

If your blog has readers from EU countries (which you should assume it will), you'll need to notify your readers that cookies are used by your blog, and obtain consent to place them to comply with EU Cookies Directive.

You can do this by placing a pop-up notification in the header or footer of your blog that lets readers know that cookies will be used, as well as a link to your Cookies Policy or a section in the Privacy Policy and information on how cookies permissions can be changed or revoked by your readers.

Make the pop-up remain on the screen until a reader actively clicks on something that clearly implies consent for placing cookies is given, such as the "Continue" link in the cookies notice below from the BBC website. This will ensure that proper notice has been given and accepted.

BBC Notification: Cookies on website

You can use the more passive method of alerting visitors that cookies are used, but the more active method described above is recommended.

A passive method involves giving a notification that cookies are in use, but including language that says a user accepts this cookie usage simply by continuing to use the website. If a user to the website simply clicks anywhere else on the site, the notification box goes away and cookies will then be stored by the website.

Below is an example of a more passive notification and acceptance method:

Mirror UK: Notification on website cookies

Cookies placement is something that you will want to look into with whatever third party advertising company or program you use, such as Google AdWords or AdRoll or AppNexus.

Third parties commonly use cookies to create custom advertising campaigns that collect data about what types of websites a user has visited in the past and then use this data to provide relevant, personalized advertising.

If your blog will be using third-party vendors such as Google AdWords or AdRoll or AppNexus to create custom advertising campaigns, you need to let your visitors know this by including a section in your Privacy Policy agreement.

Chances are that at least one of these conditions will be met either immediately or as your blog develops, especially if you wish to have a successful and popular blog that takes advantage of common promotional techniques such as allowing users to subscribe to updates via email, or tracking how many visitors your blog gets.

If any of these conditions are met, a Privacy Policy must be in place and be easily accessible by the readers of your blog. A simple link to this legal agreement in a footer of a website is sufficient, so long as the link is in the footer of all pages of your website:

Box Website Footer

Terms of Service agreements

A Terms of Service page is where a blog or website can lay out all terms and rules that come along with using the blog or website.

Having a Terms of Service is not required by law, but having one in place is very beneficial to both you and your users. It's beneficial because it legally declares and describes exactly what you require and forbid your registered users to do, and can protect your blog against abuses.

Your blog should definitely have this legal agreement if:

  • It has a section that only registered users of your blog can access
  • Users can upload content
  • You offer various services beyond a paywall
  • You wish to or need to limit the way your blog is used (for example, not allowing commercial activity to take place on your blog)

For an example of how a Terms of Service can protect your blog and its content, consider the case of Ryanair versus PR Aviation.

Ryanair sued PR Aviation when PR Aviation was found to be violating the website Terms by "screen scraping" or collecting data from the Ryanair website and using this information commercially on its own website.

Ryanair had explicit language in its Terms of Use that forbade the use of its data for commercial purposes and required registering for use of the site and agreeing to these Terms before a user was able to proceed and view the data.

See image below from Ryanair's Terms of Use:

Ryanair: Screen Scraping Clause

PR Aviation had registered to use the site and had agreed to the terms, which was required before access to Ryanair's flight information was granted. Because of this, PR Aviation was found to be in violation of Ryanair's Terms by doing something that was explicitly not allowed: using an automated system or software to extract data from the website for commercial purposes.

If Ryanair either did not have a Terms of Use section or didn't require actual acceptance of the Terms, there would have been nothing that the company could have done to stop the undesired activity of PR Aviation.

While putting a Terms of Service on your blog is a good move and required if you have people signing up for separate sections that only registered users can interact with, you must make sure that you have your users agree to these Terms in a clear and legally-binding way.

Otherwise, if an issue arises, it may be determined by a court that users never actually accepted your terms and are thus not bound by them.

A great way to get valid acceptance of your Terms of Service is to have a user check an "I Accept" box on the form that is used when registering an account for your blog.

The examples below from Skype and PayPal demonstrate two very successful ways of getting users to accept your Terms of Service agreement:

Skype: I Have Read and I Agree

Require the box to be checked before a user can proceed to register an account or for a specific section on your blog. Provide a link to your legal agreements at the same time that you ask for acceptance.

PayPal: Consent on User Agreement and Privacy Policy

While a basic blog that doesn't allow for comments or has any tracking added whatsoever might not require this kind of legal agreements, most blogs - and all successful blogs - use features and functionality that do fall under the requirement of needing at least the Privacy Policy agreement.

These legal agreements may seem complicated at first, but they really aren't. The benefits of having them in place on your blog will far outweigh the effort you'll need to put forth to create them.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy