Privacy policies might be the most ignored part of an ecommerce site, but they’re also one of the most important. As Bushy puts it in this week’s Playbook, they’re on every page, linked in every footer, and can save your brand from serious damage when things go wrong. Yet, most businesses treat them as a checkbox task: copied, pasted, and forgotten. The problem isn’t having a privacy policy; it’s having one that doesn’t reflect how your business actually operates.
Start With Practice, Not Policy
Marianne Marchesi, founder of Legalite, turned the traditional approach on its head when she told Nathan, “Don’t even bother with T&Cs and privacy policies if you’re not going to do the work in the background to make sure that you’re actually practicing what you preach.” It’s a simple but confronting truth. Too many retailers publish policies promising safe, limited data storage, yet keep untracked customer information sitting in old systems. The first step isn’t writing. The first step is mapping what you really do with customer data, from collection to deletion.
Trust Is Built in the Details
What Marianne is really saying is that trust isn’t built by the words on your site, but by the systems behind them. When customers hand over their information, they expect brands to handle it carefully. If your privacy policy says one thing and your operations show another, you’re not just breaking trust: you’re inviting legal trouble. And with changes to Australia’s Privacy Act coming, the cost of getting it wrong is only going up. A policy that reflects reality protects both your reputation and your bottom line.
Audit and Simplify Your Data
Chris Brinkworth from Civic Data backed this mindset long before it was fashionable. In his Add To Cart appearance, he warned that any data collected without clear permission is “a sunk cost and a huge risk.” It’s advice that’s only become more relevant. Gai Le Roy from IAB Australia echoed the same sentiment: “Clean out your data. Get rid of anything you don’t need.”
The best defence against privacy headaches is a clean database. Every piece of data you hold should have a purpose. If not, it’s clutter and liability.
Get Clear Consent, Before It’s Too Late
Marianne’s legal perspective lines up perfectly with where the industry is heading. Don’t wait for the government to force you into reform. Instead, get ahead of the game and ask for explicit consent now. Whether you’re collecting emails, cookies, or customer preferences, ensure your opt-ins are clear and compliant. It’s a chance to reset relationships with your audience, proving you’re not just data-hungry but genuinely respectful of their privacy. When the privacy reforms finally land, brands that have already done this work will be miles ahead.
From Policy to Practice: The Real Advantage
This Playbook’s biggest lesson is that privacy isn’t paperwork, it’s practice. Marianne’s challenge to “get the foundations right first” is a reminder that every brand decision, from refunds to data storage, tells customers whether to trust you. As Nathan wraps it up, the path forward is simple: start with practice, audit your data, get clear consent, and keep it honest. In a world where trust drives every conversion, a real, working privacy policy might just be your strongest growth tool.
In this Playbook:
- How to write a privacy policy that reflects your real data practices
- The simple audit every ecommerce brand should run before updating policies
- Why “cleaning out your data” could save your business
- How to get clear, explicit consent from customers before privacy laws change
- What Legalite, Civic Data and IAB Australia all agree builds true trust
🎧 Listen to the full Playbook with Marianne Marchesi from Legalite, now on Add To Cart.
Before you leave…
Join the Add To Cart Community. We’ve got deep dives, events, and practical inspo for ecommerce operators who are playing the long game.
