Privacy policy linked from every page footer

GDPR Art. 13 requires privacy information to be provided at the time personal data is collected, which in practice means the privacy policy must be reachable from every page where a user interacts with the product. The CCPA §1798.100 imposes a parallel obligation for California residents. The FTC's privacy policy guidance treats a footer link as the minimum baseline for consumer awareness. A financial product with authenticated dashboards, account settings, or transaction screens that lack footer privacy links fails to satisfy any of these frameworks — and regulators treat authenticated sections as higher-risk because they process more sensitive data than marketing pages.

Create a shared footer component that includes the privacy policy link and import it into every layout file. In src/components/Footer.tsx:

// src/components/Footer.tsx
export function Footer() {
  return (
    <footer className="page-footer">
      <nav aria-label="Legal links">
        <a href="/privacy">Privacy Policy</a>
        <a href="/terms">Terms of Service</a>
        <a href="/contact">Contact</a>
      </nav>
    </footer>
  )
}

Import and render <Footer /> in app/layout.tsx (root) and in any group layout under app/(app)/layout.tsx or app/(dashboard)/layout.tsx that renders its own layout shell. Authenticated routes are not exempt — they handle more sensitive data and are higher-scrutiny for regulators.

• ID: privacy-footer

• Severity: medium

• What to look for: Count every layout file in the project (root layout, nested layouts, group layouts). For each layout, check whether a footer component is rendered that contains a "Privacy Policy" link. Then count the total number of page routes and verify that all routes inherit a layout that includes the footer.

• Pass criteria: At least 1 shared footer component exists that includes a "Privacy Policy" link with clear text (not "Legal" or buried in a dropdown). The footer is rendered via the root layout or all top-level group layouts so that 100% of page routes display it. Report the count: "Footer with privacy link found in X of Y layout files."

• Fail criteria: No Privacy Policy link in any footer, or the footer is missing from 1 or more layout files, or the link text is ambiguous (e.g., "Legal Stuff", "More").

• Skip (N/A) when: The project is an internal tool with no public pages or user-facing UI (e.g., internal API-only service).

• Detail on fail: Identify which layouts or pages lack the footer link and quote file paths. Example: "Privacy Policy link is in the footer via app/layout.tsx but the dashboard group layout at app/(app)/layout.tsx renders its own layout without the footer, so /dashboard and /account/settings pages have no privacy link."

• Remediation: Add a privacy policy link to your footer component in src/components/Footer.tsx and include it in the root layout at app/layout.tsx:

  // src/components/Footer.tsx
  export function Footer() {
    return (
      <footer className="page-footer">
        <div className="footer-links">
          <a href="/terms">Terms & Conditions</a>
          <a href="/privacy">Privacy Policy</a>
          <a href="/contact">Contact Us</a>
        </div>
        <p>&copy; 2024 YourFinServ. All rights reserved.</p>
      </footer>
    )
  }
  
  // app/layout.tsx
  import { Footer } from '@/components/Footer'
  export default function RootLayout({ children }) {
    return (
      <html>
        <body>
          {children}
          <Footer />
        </body>
      </html>
    )
  }
  

• Cross-reference: For comprehensive privacy compliance evaluation (GDPR, CCPA, data handling), the GDPR Readiness and CCPA Readiness audits cover privacy policy content and user rights in depth.