• Why Does My Website Need Terms of Use and a Privacy Policy?
  • July 14, 2015 | Author: Larry A. Silverman
  • Law Firm: Dickie, McCamey & Chilcote, P.C. - Pittsburgh Office
  • “Doing business online is not like a traditional brick-and-mortar business.” “The internet is the Wild Wild West. Anything goes, so why does my website need ‘Terms of Use’ and a ‘Privacy Policy.’" As counsel for a number of small to mid-size companies and non-profits, I regularly hear some variation of these statements.

    Let’s begin with what should be obvious. Nearly all companies and non-profits conduct at least some business online. Even if a company is not selling its goods and services on its website, mobile app, or social network site, it is promoting its business and making representations about its business on these platforms, posting advertisements from third-parties, allowing users to post User Generated Content thru blogs and other interactive features, and conducting other activities such as contests and sweepstakes. Contrary to the common misperceptions highlighted above, each of these activities expose companies and non-profits to a myriad of legal risks that can cause even the most sophisticated executive to shake his/her head in disbelief. The good news is that these legal risks can be minimized by carefully crafted “Terms of Use” and a “Privacy Policy” tailored to your business or non-profit. In an earlier post, I listed some of the basic provisions that must be included in any “Terms of Use” and any “Privacy Policy” if a company or non-profit is going to begin minimizing the legal risks of doing business on its website. In this post, by responding to some of the common misperceptions I often hear from clients, I will try to highlight the most serious of these legal risks.

    “NO ONE SIGNS ANYTHING BEFORE THEY USE MY SITE; THEREFORE, I AM NOT ENTERING INTO A CONTRACT WITH USERS OF MY SITE.”

    Nothing could be further from the truth. While it is sometimes an uncomfortable fit, traditional contract principles do apply to transactions conducted online. Particularly if you are selling goods and services online, each contract requires an offer, acceptance, and consideration so that care needs to be given to insure that these basic contract requirements are met. If you wish, for example, to enforce choice of law or arbitration provisions contained in your “Terms of Use,” you may need to employ what is known as a “click-wrap” agreement where the purchaser checks a box stating he/she has agreed to your “Terms of Use.” Otherwise, as some courts have recently held, there is no “meeting of the minds,” and therefore some or all of the terms are not enforceable. Additionally, even if you are not selling goods and services online, contract-related principles such as intentional and negligent misrepresentation are applicable so that it is important to include language in your “Terms of Use” disclaiming liability based on these contract-related theories.

    “I CAN’T CONTROL HOW PEOPLE USE MY SITE SO I AM NOT RESPONSIBLE IF A USER POSTS CONTENT OWNED BY SOMEONE ELSE OR POSTS INAPPROPRIATE CONTENT.”

    This may be the most common misconception about doing business online. While there are statutory “safe harbors” that limit the liability of website owners from certain copyright violations and from defamation and certain other state law claims that result from User Generated Content, in order to secure the maximum benefit of these protections, the site must contain “Terms of Use” that meet a number of detailed requirements. These requirements include:

    • language prohibiting users from posting inappropriate, defamatory, harmful or offensive material;
    • language that disclaims responsibility for User Generated Content;
    • language and “take down” procedures that comply with the Digital Millennium Copyright Act (DMCA); and
    • affirmative promises that the user is not posting the trademarks of third persons without their permission.

    “THE PERSONAL INFORMATION I COLLECT FROM USERS OF MY SITE IS PROVIDED VOLUNTARILY SO I DON’T NEED TO BE CONCERNED ABOUT THE PRIVACY RIGHTS OF THOSE PERSONS.”

    Again, this commonly held perception is not accurate. The fact is that any time your website collects personal information (name, address, phone number, e-mail address, etc.), your site should have a “Privacy Policy” disclosing what information you collect, how that personal information will be used, how it will be kept secure and, most importantly, whether it will be shared with any third parties. Additionally, depending on the nature of the business, various privacy laws designed to protect medical records, financial information, and information about children or teenagers may be applicable to the information collected online. In order to avoid claims brought by state attorneys general and/or agencies such as the Federal Trade Commission (FTC), your site should have a separate “Privacy Policy” that fully and accurately discloses what personal information you collect, how it is used, how it is kept secure, and who it is shared with. While claims founded on data breaches get most of the headlines, your business can also be liable if your “Privacy Policy” makes representations regarding the nature of its data security efforts that is different from the security protocol you actually employ or if your “Privacy Policy” fails to accurately disclose that certain information, even in aggregate form, may be shared with third parties. As regulatory agencies such as the FTC have reasoned, website disclosures that fail to fully and accurately make these disclosures in their “Privacy Policy” are engaging in unfair and deceptive trade practices.

    "SO WHAT CAN I DO TO PROTECT MYSELF?"

    Every business is different and therefore every business’s “Terms of Use” and every business’s “Privacy Policy” must be tailored to fit its online activities. “Off the shelf” terms may afford some protection, but the best way to minimize your risks is to make sure counsel understands the nature of your business, the types of activities you conduct online, and the what, how, and who of the personal information you collect. Armed with this knowledge, counsel can prepare “Terms of Use” and a “Privacy Policy” that will greatly lessen the legal risks of conducting business online.