GDPR Art. 13 requires privacy information to be provided at the time personal data is collected, which in practice means the privacy policy must be reachable from every page where a user interacts with the product. The CCPA §1798.100 imposes a parallel obligation for California residents. The FTC's privacy policy guidance treats a footer link as the minimum baseline for consumer awareness. A financial product with authenticated dashboards, account settings, or transaction screens that lack footer privacy links fails to satisfy any of these frameworks — and regulators treat authenticated sections as higher-risk because they process more sensitive data than marketing pages.
Medium because absence of a privacy link on authenticated pages violates GDPR Art. 13 and CCPA §1798.100 notice requirements, but does not directly expose user data or enable unauthorized access.
Create a shared footer component that includes the privacy policy link and import it into every layout file. In src/components/Footer.tsx:
// src/components/Footer.tsx
export function Footer() {
return (
<footer className="page-footer">
<nav aria-label="Legal links">
<a href="/privacy">Privacy Policy</a>
<a href="/terms">Terms of Service</a>
<a href="/contact">Contact</a>
</nav>
</footer>
)
}
Import and render <Footer /> in app/layout.tsx (root) and in any group layout under app/(app)/layout.tsx or app/(dashboard)/layout.tsx that renders its own layout shell. Authenticated routes are not exempt — they handle more sensitive data and are higher-scrutiny for regulators.
ID: finserv-disclosure.terms-legal.privacy-footer
Severity: medium
What to look for: Count every layout file in the project (root layout, nested layouts, group layouts). For each layout, check whether a footer component is rendered that contains a "Privacy Policy" link. Then count the total number of page routes and verify that all routes inherit a layout that includes the footer.
Pass criteria: At least 1 shared footer component exists that includes a "Privacy Policy" link with clear text (not "Legal" or buried in a dropdown). The footer is rendered via the root layout or all top-level group layouts so that 100% of page routes display it. Report the count: "Footer with privacy link found in X of Y layout files."
Fail criteria: No Privacy Policy link in any footer, or the footer is missing from 1 or more layout files, or the link text is ambiguous (e.g., "Legal Stuff", "More").
Skip (N/A) when: The project is an internal tool with no public pages or user-facing UI (e.g., internal API-only service).
Detail on fail: Identify which layouts or pages lack the footer link and quote file paths. Example: "Privacy Policy link is in the footer via app/layout.tsx but the dashboard group layout at app/(app)/layout.tsx renders its own layout without the footer, so /dashboard and /account/settings pages have no privacy link."
Remediation: Add a privacy policy link to your footer component in src/components/Footer.tsx and include it in the root layout at app/layout.tsx:
// src/components/Footer.tsx
export function Footer() {
return (
<footer className="page-footer">
<div className="footer-links">
<a href="/terms">Terms & Conditions</a>
<a href="/privacy">Privacy Policy</a>
<a href="/contact">Contact Us</a>
</div>
<p>© 2024 YourFinServ. All rights reserved.</p>
</footer>
)
}
// app/layout.tsx
import { Footer } from '@/components/Footer'
export default function RootLayout({ children }) {
return (
<html>
<body>
{children}
<Footer />
</body>
</html>
)
}
Cross-reference: For comprehensive privacy compliance evaluation (GDPR, CCPA, data handling), the GDPR Readiness and CCPA Readiness audits cover privacy policy content and user rights in depth.