A privacy policy is a written statement of a website about how to treat personal information of its website visitors. In case the website visitors consent to or rely on the privacy policy, its enforceability shall depend on whether it meets the requirements of online standard-form contracts. Unless the content of a privacy policy is ambiguous or unconscionable, it shall constitute a browsewrap contract between a website and its respective visitors in case the privacy policy is conspicuously noticed or posted to enable website visitors to have reasonable opportunity to read and understand its terms and conditions and, then, they accept the offer of such a privacy policy by the website through continuing the use of webpage even without express consent. In the United States, only a court admitted that a privacy policy constituted a contract. However, most claims for breach of privacy policies were rejected by courts because privacy policies were not deemed as contracts or damages were not validly evidenced. Consequently, an unfair or deceptive privacy policy will be normally enforced by the Federal Trade Commission. In Taiwan, pursuant to the Consumer Protection Law, in case the terms of a standard-form contract are expressly illustrated or posted in a conspicuous manner to enable website visitors to have reasonable opportunity to read and, then, expressly or impliedly consent to them, such terms shall constitute part of the contract. Therefore, a privacy policy meeting the aforementioned requirements shall constitute a browsewrap contract. However, pursuant to the Personal Information Protection Act of 2010, a written consent of the data subject shall be obtained for collecting, processing or using his/her personal informaton. It is doubtful whether to deem the simply continuing use of webpage by a visitor as consent to constitute a browsewrap contract. Consequently, a consent of the data subject may not obtained in written form according to the newly-revised Personal Information Protection Act in 2015.