Understanding LinkedIn Ads privacy policies for lead generation forms
LinkedIn Lead Gen Ads provide marketers with an efficient way to collect valuable data from potential customers. With customizable forms, businesses can gather details like names, email addresses, and job titles, all without prospects needing to leave the platform. It’s no surprise that 89% of B2B marketers rely on LinkedIn for lead generation, with 62% reporting successful results.
The challenge lies in balancing data collection with user privacy. Privacy-Led Marketing addresses this by focusing on responsible data collection, respecting user consent, and enabling compliance with regulations. Privacy policies are a key part of Privacy-Led Marketing, delivering on the transparency and notification requirements of global data privacy regulations, and enabling consumers to make more informed decisions about access to and use of their data..
In this article, we’ll look at LinkedIn ads privacy policies: why they matter, what they should include, and how to avoid common mistakes so you can stay privacy-compliant.
What is a privacy policy?
A privacy policy is a legal document that outlines how organizations collect, store, use, share, and protect users’ personal data, whether it is collected via websites, apps, or other methods. The policy also informs users of their rights regarding their data and how to exercise them.
This transparency is required for compliance with regulations like the European Union’s (EU) General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), and others. A privacy policy also helps build trust with users by communicating data practices, ideally in clear language.
Is a privacy policy mandatory for LinkedIn Lead Gen Ads?
Yes, a privacy policy is mandatory for LinkedIn Lead Gen Ads. When users click on these ads, LinkedIn may automatically populate details like the user’s name, contact details, location, job title, and other information into a form to share with the business. LinkedIn may also display mandatory fields for additional information, such as years of experience.
Much of this information is classified as personal data under laws like the GDPR and the CPRA, which require businesses to provide a privacy policy detailing how this data is collected, used, and protected.
According to LinkedIn’s policies, businesses cannot run Lead Gen Ads on the platform without publishing a privacy policy. By ensuring your LinkedIn Ads privacy policy is in place, and kept up to date, your business is not only complying with data protection laws but also meeting these social media platform policy standards.
LinkedIn Lead Gen Ads privacy policy requirements
Businesses must meet certain privacy policy requirements in order to run effective LinkedIn Lead Gen Ads that maintain transparency and protect users’ data.
Mandatory privacy policy URL
When setting up a Lead Gen Form, marketers will be prompted to enter a URL linking directly to their business’s privacy policy. This is a required field and must link to a web page that is solely dedicated to the policy. Businesses that don’t have a website can use tools like Google Docs to host the policy.
There is also an option to include additional privacy policy text that will be displayed on the lead generation form below the link to the privacy policy. There are no specific requirements for what should go into this optional text box. So businesses can use it to highlight key provisions from the privacy policy or provide additional context and clarity about how they will use the collected information.
Purposes of collection
LinkedIn’s official documentation does not go into detail about what should be included in a privacy policy. It only specifies: “You should also describe how you’ll use the collected leads.” The privacy policy should, therefore, describe the specific purpose(s) for which the collected data will be used.
Based on other best practices and regulatory requirements, the privacy policy should also include:
- types of data being collected
- how long the data collected will be retained
- third-party data sharing practices (who else may access the data)
- users’ rights to access or manage their data
This transparency enables prospects to understand how their information will be used and make informed decisions about whether to share their data.
Obtaining user consent
To gain specific consent for additional data uses, businesses have the option include disclosure checkboxes on Lead Gen forms. For example, a business may ask users to consent to receiving newsletters or service updates.
For EU users, LinkedIn has removed the default consent checkbox to comply with the GDPR requirement for granular consent for each distinct purpose. Businesses can add disclosure checkboxes for up to five different purposes to enable users to explicitly opt in for each specific use of the data.
Common mistakes to avoid with a LinkedIn Ads privacy policy
Below, we’ve outlined the common errors businesses often make when setting up a LinkedIn Lead Gen Forms privacy policy, which can hinder privacy compliance and disrupt campaigns.
Missing or broken privacy policy link
Linking to a privacy policy is mandatory for running LinkedIn Lead Gen Ads, and having a broken link violates this requirement. The result can be that your ads are prevented from running. Businesses should check the link’s accuracy before submitting an ad for approval. If the URL on the hosting website changes, the business needs to make sure any subsequent ads contain the correct URL.
Unclear or generic policies
Using a one size fits all privacy policy can hurt compliance efforts and erode user trust. Businesses should make sure their LinkedIn Lead Gen privacy policy is specific to their data collection and usage, and clearly explains how the data collected via LinkedIn Lead Gen Forms will be handled.
Using complex legal language
Overcomplicated legal language can make a privacy policy hard to understand, and is prohibited under many privacy laws. Using simple, user-friendly language fosters transparency and makes it easier for users to understand their rights and how their data will be handled.
Outdated information
A privacy policy that isn’t regularly updated may not reflect the business’s current practices or updates to regulations. Maintaining privacy policy accuracy is also required by many data privacy laws. Businesses should regularly review their data handling practices, including for advertising, as well as their privacy policy, to make sure it reflects current data collection, usage, and protection practices, as well as alignment with evolving legal requirements.
Consequences of not having a valid privacy policy
Not having a valid LinkedIn Ads privacy policy can damage your business’s reputation and jeopardize regulatory compliance. Below, we’ve outlined the consequences that can come from failing to maintain a valid privacy policy.
Ad rejection
LinkedIn mandates that all Lead Gen Forms must include a privacy policy URL. Failing to provide a link to the valid privacy policy can result in the advertisement being rejected, effectively pausing lead generation efforts and disrupting a campaign’s continuity, which can negatively impact business growth.
Compliance risks
Collecting personal data without providing access to a privacy policy puts businesses at risk of violating laws like the GDPR or the CCPA/CPRA. These regulations exist to inform individuals and protect their personal data, and failure to comply can cause significant legal problems for a business, including substantial fines and disruption to operations.
Loss of trust
As people become more aware of data privacy issues, the absence of a clear privacy policy can cause a loss of trust. Individuals who could be leads may be hesitant to engage with ads, fearing that their personal data isn’t secure or that the company may use their data in ways they don’t want.
This lack of trust can reduce conversions and affect the brand’s ability to build trust with potential customers, ultimately harming the brand’s reputation and revenue in the long term. Transparency through a clear privacy policy helps avoid these issues by maintaining user confidence.
How to create a LinkedIn Ads privacy policy
There are several options available for a business to create a LinkedIn Ads privacy policy, depending on its needs and available resources.
Hire an expert
We strongly recommend working with a data privacy expert and/or qualified legal counsel to create your privacy policy. An expert can help you craft a policy that aligns with relevant data privacy laws and LinkedIn’s requirements, reducing your risk of legal complications or business disruption, and improving user trust by addressing specific privacy concerns.
Write your own privacy policy
If a business has personnel that are knowledgeable about data privacy laws, the company’s advertising operations, and LinkedIn’s ad guidelines, they can draft the company’s privacy policy. The policy should include a few key aspects, such as the type of data being collected, how it will be used, who may access it, and the measures in place to protect it. It should also explain how long the data will be retained, any third-party sharing practices, and the rights users have to access or manage their personal information.
Use a privacy policy generator
For businesses that need a quick, tailored solution, privacy policy generators offer an efficient way to get started creating policies as part of efforts to comply with global data protection regulations. Tools like the Usercentrics Cookiebot Privacy Policy Generator guide you through a series of questions about your data collection and usage practices to create a customized privacy policy based on your inputs. However, it’s strongly recommended to get any generated policy reviewed by a qualified expert, as well as to ensure it’s regularly updated.