Where Should Privacy Links Appear on a Website?
A practical guide to the optimal placement of privacy links on a website, based on legal requirements and user trust principles.
This question matters more than it seems. Many businesses publish a privacy policy, but make it hard to find. In practice, that is not only a potential legal weakness. It is also a trust problem. A visitor who sees a form, a cookie banner, a checkout flow, or a booking request wants to understand quickly how their information will be handled.
In Quebec, when an organization collects personal information through technological means, a confidentiality policy must be published on the website, in clear and simple language. More broadly, in the spirit of Canadian privacy rules, privacy practices should be understandable and readily available. That does not mean everything must live in the footer, but it does mean the information should not be hidden.
Sources:
- https://www.legisquebec.gouv.qc.ca/en/document/cs/p-39.1
- https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/p_principle/principles/p_openness/
- https://www.priv.gc.ca/en/privacy-topics/collecting-personal-information/consent/gl_omc_201805/
Short answer
Privacy links should appear in several strategic places:
- in the footer
- in the cookie banner or preferences center
- near forms that collect personal information
- in sensitive steps such as checkout, booking, or demo-request flows
The footer remains the strongest universal location, but it should not be the only one.
1. In the footer
The footer is the most expected place for visitors to find:
- the privacy policy
- terms
- cookie preferences
- contact information
- sometimes a data-request path
It is the best default location because it is visible across the site and matches common user behavior.
Common mistakes
- the privacy link appears only on a secondary page
- the label is vague or unclear
- the footer exists but contains no trust-related links
- the policy is published but not easily reachable from the homepage
Recommendation
At minimum, include in the footer:
- Privacy Policy
- Contact
- Cookies / Preferences
- Access or delete my data, where relevant
Sources:
- https://www.legisquebec.gouv.qc.ca/en/document/cs/p-39.1
- https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/p_principle/principles/p_openness/
2. In the cookie banner or preferences center
When a site uses cookies, trackers, pixels, or analytics tools, visitors should not need to hunt for more information. The cookie banner is a strong place to point people to:
- the privacy policy
- the cookie policy
- the preferences center
It is especially useful because the visitor is already asking the right question at that moment: “what is this site collecting and why?”
Common mistakes
- the banner offers only “Accept” with no explanation link
- there is no way to review or update preferences later
- the cookie policy is missing even though trackers are active
- the language is too vague about what is actually used
Recommendation
From the banner or preferences center, provide:
- a link to the privacy policy
- a path to cookie preferences
- plain-language explanation of the main purposes
Sources:
- https://www.priv.gc.ca/en/privacy-topics/collecting-personal-information/consent/gl_omc_201805/
- https://developers.google.com/search/docs/appearance/page-experience
3. Near forms that collect personal information
This is one of the most overlooked placements. When someone fills out:
- a contact form
- a quote request
- a booking form
- a newsletter signup
- a demo request
they are usually sharing personal information. That makes it a very logical moment to display a privacy link or short explanation.
Common mistakes
- no privacy link appears near the form
- checkboxes or consent language are poorly explained
- the form asks for a lot of information with no explanation
- marketing signup forms do not link to privacy or explain future communications
Recommendation
Near or below the form, add:
- a privacy policy link
- a simple sentence about how information will be used, where needed
- a clear indication if the person is subscribing to marketing communications
Sources:
- https://www.priv.gc.ca/en/privacy-topics/collecting-personal-information/consent/gl_omc_201805/
- https://crtc.gc.ca/eng/com500/faq500.htm
4. In sensitive steps like checkout or booking
When a person is about to pay, book, sign up, or submit more sensitive information, trust expectations rise. At that moment, visible links to privacy, terms, or security can make a real difference.
Common mistakes
- checkout or booking flows show no trust-related links
- no privacy or security information is visible in critical steps
- the visitor has to leave the flow to search for answers
- the page asks for significant information with no context
Recommendation
On checkout, booking, or critical signup pages, show at least:
- Privacy Policy
- Terms, where applicable
- Contact
- optionally Security or a trust FAQ
Sources:
- https://developers.google.com/search/docs/appearance/page-experience
- https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/p_principle/principles/p_openness/
Does everything have to be in the footer?
No.
The important point is not “put everything in the footer.” The important point is:
- the information really exists on the site
- it is understandable
- it is easy to find
- it appears at the right moment in the user journey
In practice:
- the footer is the strongest universal location
- forms are the strongest contextual location
- the cookie banner is the strongest tracking-related location
- checkout or booking is the strongest high-trust moment
What this means for Canadian SMBs
An SMB does not need to turn its website into a legal portal. It mainly needs to avoid the classic mistake: publishing a privacy policy somewhere and assuming that is enough. On a strong site, privacy links appear where visitors expect them and where they are actually useful.
A simple structure to follow
For an SMB website, a good minimum setup is:
- Footer: Privacy Policy, Contact, Cookies, Terms
- Forms: privacy link + short explanation where needed
- Cookie banner: privacy link + preferences path
- Checkout / booking: privacy + terms + contact
Conclusion
Privacy links should appear where they improve understanding and trust, not only where they technically exist. The footer remains the strongest base location, but it should be reinforced by contextual placements in forms, cookie interfaces, and sensitive conversion steps.
