Website legality – Marina Brocca Bartolozzi
Marina Brocca is 100% legal, having spent years helping companies from all kinds of sectors to adapt their websites to comply with current regulations, including the General Data Protection Regulation (GDPR) and the Organic Law on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD).
She also enjoys sharing her knowledge, collaborating on cybersecurity and user education projects or speaking at conferences and seminars.
In this interview with Marina Brocca Bartolozzi we discuss the relationship between a website’s legal texts and Google’s SEO and E-E-A-T. If you’ve never thought that your website’s privacy policy, cookie policy, terms of use or legal notice could be related to SEO optimization, you’re sure to learn a lot from this conversation. And why not, new strategies for your informational, e-commerce or B2B website.
To give us some insight into your career, how did you get started in the world of digital legality?
I started almost by accident. I was working in quality consulting when the old LOPD (Organic Law on Data Protection) came into force and I had to specialise in it. I had no choice, but thanks to that “accident”, I now earn my living from privacy.
It was precisely in this field that I discovered the need to provide clear and practical answers to the digital world from a regulatory perspective, especially at the intersection between marketing and data protection, which is an area where many mistakes are still made today.
The reality is that there has not been much education on compliance in digital businesses. The little that is published is written to bore sheep or scare grandmothers, so I have had to become a kind of compliance ambassador, trying to explain in a simple language topics that are not very sexy, but very necessary for working and growing in a trusted digital ecosystem.
Can you estimate how many adjustments to the law you have already made on different websites?
More than 1,000, directly and indirectly, for sure. I have been working with all kinds of websites for many years: from small blogs to large e-commerce sites and all kinds of digital businesses. My work requires in-depth knowledge of each type of business, casuistry and strategy in a constantly evolving market, which forces me to stay up to date so that I can advise them and help them to comply strictly with regulations.
In addition, as I have developed a kit of self-compliance templates, which has worked wonders in helping entrepreneurs with low budgets to comply without having to resort to the infamous copy-paste from other websites, the kits have helped hundreds of websites to be adapted.
What legal sections must be included on a website to comply with the GDPR or the LOPDGDD?
At a minimum: legal notice, privacy policy, cookie policy, and consent texts in forms. When it comes to e-commerce or services, you must also include terms and conditions, return policy, and withdrawal policy.
The key is that these are not just ‘filler’ texts, but are adapted to the business and the way in which data is collected and managed.
What risks do we face if we don’t comply with regulations?
Penalties that can be very high, but also losing the trust of your customers. A website without legal compliance conveys a lack of seriousness and amateurism, something that scares users away and reduces credibility. This translates into lost sales that no one can quantify, because no one knows who leaves a website because they don’t trust it enough to leave their personal information or credit card details.
Think about it: if a user visits a website and cannot find the privacy policy, legal notice or clear terms and conditions of purchase, they are likely to leave. Wouldn’t you? And then there are the reputational risks to consider: misuse of data can cause an image crisis that is very difficult to repair.
Do the mandatory legal texts vary depending on if the website is informational, a service provider, an online store or a B2B business?
Yes, absolutely. A corporate website that only provides information does not have the same obligations as an online store that sells products or services. In the case of a B2B business, there are fewer consumer regulations, but data protection obligations still apply. Adapting the texts to the nature of each business is the key. Each business requires a tailor-made legal framework that protects users, but also the business itself, and for that, a high level of customisation adapted to the needs of each website is essential.
‘Copying and pasting can end up being much more expensive than investing in doing it right.’
If a business uses AI on its website, for example by implementing a chatbot, does it have to indicate this in the legal information?
Yes, it is highly recommended. Users must know that they are interacting with an automated system and what happens to the information they provide in that interaction. Transparency is always the key. Furthermore, European AI regulations will reinforce this obligation. I recently wrote a post explaining the main obligations of the new AI regulations.
What would you say to business owners who copy and paste text from their competitors’ websites?
That it’s a bad idea for two reasons: one, because it’s illegal (it’s a copyright infringement); and two, because those texts are probably not tailored to their business or its actual risks. Copying and pasting can end up being much more expensive than investing in doing it right.
Another risk is using ChatGPT to write legal texts without a thorough knowledge of the regulations. I see it every day: it cites repealed laws, fails to report all the essential aspects, resorts to unfair terms, invents articles of law that do not exist. Be very careful with this. AI works if you have a thorough knowledge of the subject, but when it comes to legal matters, it is very reckless to use it lightly.
What options do you offer for companies that are just starting out and don’t have much budget?
As I mentioned before, I created web compliance kits for them. These are downloadable templates that can be easily adapted to any digital business. With a minimal investment, you can be sure that you have legal texts designed to comply with regulations in a rigorous and simple way, both on a website and in all campaigns.
I designed 4 different kits to suit 4 different types of websites, and I have recently updated them to comply with the new legal requirements for AI integrations.
Do legal texts affect a website’s SEO? How do they relate to Google’s E-E-A-T?
Yes, they do, and increasingly so. For a long time, legal texts were thought to be a mere formality, something that had to be done out of obligation and even a nuisance that hindered the user experience.
It was also thought that they contributed nothing in terms of visibility. Today we know that this is not the case: search engines, and Google in particular, value transparency, authority and trust as ranking factors.
When we talk about E-E-A-T (experience, expertise, authority and trust), we are talking precisely about the criteria that Google uses to decide which pages deserve to be at the top of the rankings. In this sense, comprehensive and clear legal texts tailored to your business serve as a clear signal that there is a serious and responsible project behind the website.
This not only affects customer trust, but also metrics that Google measures directly, such as bounce rate, time spent on the page, and user interaction. Good legal work improves the visitor experience, and that indirectly impacts SEO.
Furthermore, in certain sectors—such as health, finance, education, or any business that deals with sensitive data—Google is even stricter. Websites in these areas are known as YMYL (Your Money, Your Life), and legal texts are essential to demonstrate trustworthiness.
‘Each business requires a tailor-made legal framework that protects users, but also the business itself, and for that, a high level of customisation adapted to the needs of each website is essential.’
Can we work on branding in legal texts?
Of course. That is one of the most important aspects of my work, and I have found that it works very well when the texts not only fit perfectly with the language of the website, but also when they are presented as a form of personal commitment to the user.
Legal texts do not have to be boring or incomprehensible. They can convey your brand’s personality, your values and your way of communicating.
In fact, when a user reads clear, human and approachable legal texts, their perception of your brand improves significantly.
For example, when I prepare legal texts for my clients, I seek that approachability, but I also seek to make them very visible to the user. Hiding them and publishing them in a small space on the website is a terrible strategy and contrary to your brand.
In short, your legal texts not only protect you from penalties, but also become a strategic element for your positioning and brand.
When well crafted, they can reinforce your branding, enhance your perceived authority, and set you apart from competitors who continue to view legality as a formality rather than a competitive advantage.
