I wonder how often do privacy policies change, for the average site, to merit investing in a dedicated library that renders them dynamically. Assuming that the default solution is a static page.
jamie_davenport•1h ago
I think most apps don't update often enough. We've seen products with privacy/cookie policies that are 5+ years old and totally out of sync with the product itself.
We're building OpenPolicy not necessarily to reduce the risk companies have of litigation, but instead to be more transparent with users and to build trust.
In the next version we'll be releasing auto-instrumentation that tracks data/third parties to always keep things in sync.
rafram•1h ago
> We're building OpenPolicy not necessarily to reduce the risk companies have of litigation
Privacy policy is one thing, but that’s what terms of service are for!
weird-eye-issue•1h ago
Terms of service don't override laws so only a fool thinks that they have any effect on litigation.
9dev•15m ago
My problem is mostly that I lack the legal expertise to be able to a) write up a coherent policy with full coverage, and b) follow up on changing legislation, of which there has been quite a lot in recent years (at least in Europe).
The best option until now have been generators found online, which mostly seem to have pivoted to lead generators or demos for paid products now. Considering that in Germany, for example, any website affiliated with a company or pursuing any economic purpose is required to have both a proper imprint and privacy policy, this is something you have to care about. There are even lawyers writing specialised crawlers to find websites with linked Google Fonts but no privacy policy notice, and send automated litigation to the owners. This only became possible after a court decided (as shortsighted as stupidly) loading fonts from Google's servers constituted a privacy violation, given that visitors had no way to consent.
Following these changes and reacting in a timely way is a continuous effort, and a framework to automate this is very welcome IMHO.
NylonMeltdown•4m ago
"Zero-build privacy policies": "Everything runs at build time", what?
Rygian•1h ago
jamie_davenport•1h ago
We're building OpenPolicy not necessarily to reduce the risk companies have of litigation, but instead to be more transparent with users and to build trust.
In the next version we'll be releasing auto-instrumentation that tracks data/third parties to always keep things in sync.
rafram•1h ago
Privacy policy is one thing, but that’s what terms of service are for!
weird-eye-issue•1h ago
9dev•15m ago
The best option until now have been generators found online, which mostly seem to have pivoted to lead generators or demos for paid products now. Considering that in Germany, for example, any website affiliated with a company or pursuing any economic purpose is required to have both a proper imprint and privacy policy, this is something you have to care about. There are even lawyers writing specialised crawlers to find websites with linked Google Fonts but no privacy policy notice, and send automated litigation to the owners. This only became possible after a court decided (as shortsighted as stupidly) loading fonts from Google's servers constituted a privacy violation, given that visitors had no way to consent.
Following these changes and reacting in a timely way is a continuous effort, and a framework to automate this is very welcome IMHO.