Privacy Policy for Podcasters | Respect Your Audience & Their Data

What are the CCPA and GDPR, and what do they mean in terms of privacy policy for podcasters?

In a nutshell: what kind of privacy policy for podcasters do you need to use?

  • This is not legal advice, just discussion of the GDPR and CCPA, and how they affect online publishers
  • Check the privacy policies of companies you work with (such as your media host, website host, analytics provider, and monetization site)
  • Add a cookie compliance widget to your site
  • Mention privacy concerns in your mailing list

As you're making, promoting and/or monetizing your podcast, you'll have to deal with users' personal data. Whether this is a curated mailing list, or download stats, this information is important to you, and precious to marketers. It's so precious, in fact, that now there are legal policies which affect how companies can store and use personal data.

What does this mean, for you ‘o podcaster, my podcaster? If you drop a hint that a Twitter influencer listens to your podcast, will you be clapped in irons and thrown into the deepest dungeon? Fear not. In this article, I'm going to talk about privacy policies for podcasters, and how you can take a few simple steps to comply with big data laws.

A Tale of Two Privacy Policies

Please note that this article is not, in any way, shape, or form, legal advice, or even a substitute for legal advice. I am not an attorney, nor do I pretend to be one. I'm simply going to tell you what I've researched, so that you can use that as a base for your own research. Speak to a lawyer to make sure you get this right!

The CCPA

The California Consumer Privacy Act went into effect in January of 2020. This act will probably be used as a template for other states in the US to draft their own data privacy laws. It applies to any company operating in California that:

  • makes more than $25K in revenue
  • gathers data on 50,000 users or more
  • makes more than half of its income from user data.

For California residents, the CCPA provides the right to:

  • know what data companies gather,
  • refuse to provide that data and/or to have that data deleted,
  • sue, if a company doesn't take adequate steps to prevent a breach in data privacy.

If you use a website from any company based in California (such as publisher Condé Nast), you're more than likely to see a popup banner with a button reading, “do not sell my personal information,” or something similar. This can include cookies. The information websites track can go to a third party vendor, such as Google AdSense. The result is, say for example, you look up companies that sell dog food, and then use the same browser to look at a site with embedded ads, you might see ads for dog food.

The data gathered can refer to things like IP addresses and personal preferences. This particular privacy policy generates a lot of notice because so many businesses in the tech industry are based in California.

The GDPR

The General Data Protection Regulation is a EU policy, which took effect in May of 2018. The UK has its own data protection act, which is mostly the same as the GDPR. The CCPA, in many ways, is based on this policy. Essentially, companies with more than 250 employees have to:

  • document what personal data they're keeping, how they're storing it, and why
  • prevent data breaches
  • in the case of large companies that use personal data as most of their business, they have to hire a data protection officer
  • provide a specific and clear “positive opt-in” for users, so that they can consent.

This brings us back to the “this website uses cookies” popup, or a popup that requires your consent before continuing.

What Does This Mean for Privacy Policies for Individual Podcasters?

Your podcast might have a small audience, but its reach is global. Even if your home location doesn't have strict laws about privacy policies, your audience could be in a place which does. If you seek out sponsorship, your sponsors might choose whether or not to work with you, based on your adherence to privacy collection standards. It's best to err on the side of caution. Here are some ways to implement a privacy policy for podcasters.

Tools You Use

You might work on your podcast alone, or with fewer people on your staff than it takes to play basketball. However, you might use services (i.e., a media host, website host, or podcast directory) of companies that are big enough for these privacy laws. It's best to check their privacy policies, and see how they comply with data protection laws.

Spotify, for example, has a dashboard for podcasters which displays more user data than most. It shows age and gender identification, along with geographic region. They have a clear policy about how they gather and use data. Are these companies' policies your responsibility? Again, I'm not an attorney, nor do I play one on tv. It's never a bad idea to read the terms and conditions and privacy policies of the companies whose services you use. Please don't settle in to read these while driving or operating heavy machinery.

Media Hosting Services

Your media host (where your podcast's files live) will have its own privacy policy, and of course it's worth your time to read. Not only should you know what audience data they collect, and what they do with it, but you should know how they can help you respect your audience's data privacy.

Captivate, for example, have a great feature called “Full Transparency Mode.” Enable this, and it places a short statement at the end of your show notes for each episode. It lets your audience know which third-party analysis tools are used within your podcast.

Libsyn recently announced that podcast creators will be able to add their own prepends (a URL that's a prefix to your media URL), when they want to have a third party company track their download stats. Prior to rollout, Libsyn contacted third party data tracking companies, and asked them to comply with the CCPA and GDPR. Companies who wouldn't agree to partner with Libsyn to ensure compliance, are not supported by Libsyn. So, if you host with Libsyn, and use Podtrac to track listener demographics, you can add the prepend within the Libsyn dashboard.

Your media host wants to keep your business, and for your podcast to succeed. They don't want to have data breaches, or for your audience to lose confidence in your podcast. Read their privacy policies, and follow your media host's company newsletter, podcast, or social media to keep up to date with changes.

privacy policy for podcasters - respect your audience and their data

Chart Analytics

Your podcast hosting service can show you different kinds of stats, including download numbers by country. However, it can't show you data from podcast listening apps. For example, if you live in the US, you only see reviews and rankings from the US version of Apple Podcasts by default. This is where a chart-analytics service such as My Podcast Reviews, Podkite, or Chartable, can be helpful.

Chart-analytics services can show your podcast's reviews from Apple Podcasts in other countries. They can show your podcast's ranking on foreign Apple Podcast or Spotify charts. Your podcast could be ranked at #246 in its category in the US, but in another country, your podcast could be in the top 10 on the same day. Good to know, right? Right!

The privacy policies of some chart-analytics companies can be incredibly specific. In some cases, they can use your data (how many downloads, where they come from, and so on), unless you contact them to opt out. However, policies such as the GDPR and the CCPA require that you opt in to sharing your data (and, in the aggregate, your audience's).

For example, some of these chart analytics companies provide an option for you to link to social media profiles. The flow of data, in those cases, goes both ways. Not only could a company tell your social media profile that your podcast ranks at #5 in the Health and Wellness charts, the company could also retrieve information about you that you have made available to those social networking services. That includes information about your contacts on those social networking services. As I read this, it seems that by linking your social media profile, you opt in to share that data.

Chart-analytics services can be incredibly helpful when it comes to planning and promoting your show. The information they provide can bolster your confidence and help you add value to your podcast. It's worth it to check through their privacy policies carefully, and learn what data they use, and how.

Websites That Use Cookies

Website providers have their own privacy policies, for cookies and data collection. WordPress (for example) uses cookies. When you're making your podcast web site, WordPress puts the responsibility on the site designer to add a widget or plugin that lets the user consent to the use of cookies. Here are two possible ways to do this. You can:

A secure website has a good privacy policy and data protection for its users.
  • Use WordPress' Cookie & Consents Banner Widget. You can customize this a bit. You can type in your own message, and you can let your user consent by either clicking the button, scrolling, or after a set length of time.
  • Download and install a cookie consent plugin, such as Complianz. It can be configured for your home region. This plugin also blocks iFrames (inline frames that allow an external webpage to pop up on a document. iFrames are vulnerable to privacy problems…).

Mailing and Monetization Lists

If you're using an email list management tool, check its privacy policies for the latest information. If you maintain your mailing lists manually, you definitely want to tell the recipients what you're going to do with their email addresses. Best case scenario is to tell them that you won't sell, rent, or trade their data, and keep your promise. An easy way to deal with this is to include it in the signature file when you compose the email.

Sometimes you might use a service like Patreon to monetize your show, and rely on their privacy policies, but export the backer data to a spreadsheet so that you can mail merchandise to your backers. Or, maybe you have a live show or event, and get people to sign up for your mailing list on paper. If it were me, I'd keep any and all lists to myself.

What Can Podcasters Do to Protect Data Privacy?

You might feel that you're not “big” enough to make a difference, whether you follow legal privacy standards or not. But, taking the extra steps makes you seem more professional to sponsors and your audience. In general, it's best to work with companies who have ethical data practices, and follow local laws. You can stick to good principles by keeping private any contact lists you may have generated. Again, this isn't intended to be a comprehensive examination of how to implement good privacy policies. These are pointers to guide you to being smart and ethical with your audience's data.

Podcasting is a medium that's always changing and growing. It's a big endeavor to keep up with new technology and ideas. The Podcast Host Academy has comprehensive courses, with exercises and downloadable resources, to help you with all aspects of podcasting. Also, you can always get help in our weekly Live Q&A sessions. We're here to help you get your voice out into the world, and make a positive impact.