I have a system setup on my server where users who consistently refresh the page at a ridiculously high rate are redirected to a special page where they have to wait a certain amount of time or to enter a special code to continue.
As I was using powermapper to test the normal site for compliance in other factors, the testing utility apparently got filtered out and it ended up testing my flagging page instead. One thing it reported to me is this:
"This page has no privacy policy. If your web server logs visits, then every page reachable by a search engine should have a privacy policy explaining what is logged and how the logs are used.
Line 1 EU Privacy Regulations"
"This page uses cookies and has no obvious privacy policy. Companies in the EU using cookies must comply with the Privacy and Electronic Communications (EC Directive) Regulations 2003 by providing a privacy policy. Cookies: UBC=YSWWSTT
Line 1 EU Privacy Regulations"
"The EC Privacy Regulations carry a maximum fine of £5,000 / €7,000 for failure to comply. To comply, place a link on every page labeled "Privacy Policy" referring to a page describing how your site uses cookies, and how to disable them."
I just think its nonsense to enable a separate privacy page to the screens that potential hackers and high-speed bots can see. Currently I have it set so the page only appears to anything that makes over 15 requests within a one-second time frame to a domain where the normal requests per second is roughly 4.
So I'm curious. Is a privacy policy on such pages a necessity?
I do have a privacy policy with terms and conditions on my normal site.