Upcoming Issue Highlights
Home Subscribe Advertise Sourcebook Free Product Info Home

Is It Time to Update Your Website Terms?

Albion Minerals®
 
CapsCanada
Website Terms Website Terms

Today, virtually every business is an e-business. Whether a business’ website looks much like it did when it was launched 10 years ago or has recently been updated to an e-platform offering the latest interactive tools, websites are often the first and best method of educating consumers about the business and its products and services. Most businesses understandably focus on ensuring that website marketing content is accurate, up-to-date, and attractive. In doing so, they may overlook the importance of website terms and offer website terms, if any, that they are out-of-date and difficult to find.

There are obvious reasons for that. Website terms are often boring, legal documents. Website terms may go unread by many consumers who visit the business’ website—unless or until the consumer has a question or issue that needs to be resolved. When that happens, website terms, especially when tailored specifically to each business’ practices and products, provide essential guidance, and define the rights and responsibilities of the business and the consumer. Website terms may also provide disclosures regarding the business’s products, programs or practices that may be required by law or regulation or as a matter of best practices.

Website Term Components

There are several components for website terms that every e-commerce platform should consider. The exact terms that are needed and how they are provided depend on many factors, such as the culture of the business, its products, its target audience, its website and even the business’s brick and mortar location, if any.

A. Terms and Conditions

Although not strictly required by law in all cases, it is recommended that all websites have what is known as “Terms and Conditions” (T&Cs), “Terms of Use,” “Terms of Service,” “General Conditions” or “Legal Notice.” All of these names refer to the same type of document. The particular name used is simply a matter of the business’ preference. Whatever name is chosen, T&Cs is a contract that sets out what is expected from the business and the user/consumer and the rules that apply when fulfilling the contract between them.

The specific terms of the T&Cs should be unique to each business. T&Cs should include a brief description of the business, its location, and the products or services that the business offers. In the case of the nutrition industry, T&Cs provide a place for the business’ mission statements, and those reminding users that products have not been approved by the FDA (U.S. Food and Drug Administration), that the contents of the website do not constitute medical advice, and that no result is guaranteed. If the website allows customer endorsements, chats or blogs, or links to other websites, the business may want to disavow that content by stating it does not endorse the contents of material posted by other users of the website or that content that is accessed through clicking on third party links.

T&Cs provide the business with an important opportunity to disclaim warranties that might otherwise apply by law or based on an interpretation of the business’s marketing materials, but only to the extent that the business is legally permitted to do so. T&Cs may also establish the limit for the business’s liability in the event a dispute arises, such as by limiting the consumer’s recovery to the amount paid to the business in the six months prior to the dispute or to a finite amount such as $500. While it is true that the effectiveness of the disclaimers or limitations on liability may differ depending on the state in which the consumer lives or the nutritional product that is sold, a blanket policy in T&Cs generally states that disclaimers or limitations will be enforced to full extent permitted by the law of the specific jurisdiction.

Another important purpose of T&Cs is to explain that any copyright, trademark or other intellectual property in regard to the website, its contents and the products and services offered are owned or licensed to the business and that any user/consumer has only a “limited license” for the use of that intellectual property as provided as strictly defined in the T&Cs. T&Cs may also include prohibitions as to user/consumer’s conduct while on the website (such as not spreading spam or malware or disparaging another user) and even as to products or services (such as prohibiting resale or stockpiling).

Retail businesses often include the general commercial terms that they offer for the sale of their products. For example, a user/consumer visiting a website regarding the purchase of nutritional products, may visit the T&Cs to find out the business’s order process, return policy, guarantees, shipment, etc. Relatedly, T&Cs notify the user/consumer of what to do in the event a dispute arises. It is especially important to select a jurisdiction with which the business has a relationship (such as location of incorporation or headquarters) and whose law favors enforcement of online website terms, including waivers and limitations, when properly presented. The T&C should state what law governs their interpretation any other relevant contracts. A provision requiring defining the jurisdiction where a suit may be filed, lessens the risk that the business will be hauled into court any place in the U.S. or the world. If the business desires the dispute to be decided in consumer arbitration, that fact, the process to be followed, and the fact that the user/consumer is waiving trial by jury in a court of law must be set forth prominently and completely.

Finally, it is important the user/consumer be advised that T&Cs are a binding agreement with the business to which they consent to be bound by clicking on an “I agree” button, establishing an account, or visiting restricted portions of the website. Moreover, because it is important that T&Cs be kept up-to-date to accurately reflect the business present business practices, the T&Cs should state how the business will notify user/consumers about changes to the T&Cs and how and when they will be bound by the new T&Cs.

In sum, it is important for the user/consumer to always be advised that he or she has a choice as to whether to agree to the business’s T&Cs and that choice is manifested by the user/consumer’s right to not purchase the business products or interface with the business’s website.

B. Privacy Policy

A privacy policy explains to user/consumers how the business collects and uses personal data, what steps will be taken to secure it and how the individual may exercise rights over their own personal data. Unlike T&C’s, privacy policy is often legally required, but what exactly is required to comply is particularly confusing. What must be included in a privacy policy will vary depending on geographic location, the nature of the data collected, and how it is used, shared, stored and discarded. In addition to a variety of state laws, like the California Consumer Privacy Act, there are federal laws and regulations, such as The Children’s Online Privacy Protection Act (“COPPA”) or the Health Insurance Portability and Accountability Act (“HIPAA”), and voluntarily adopted industry standards (such as the Payment Card Industry Data Security Standard (“PCI DSS”) that may impose obligations on any particular website. Indeed, even definitions of such core terms “personal data,” “use,” “marketing,” “sharing,” etc., will differ depending on which law applies.

The privacy policy must accurately describe the business’ collection and use of personal data. Since every business does things their own way, there is no simple cookie-cutter form privacy policy that can be included in a business’ website terms. Instead, the business must undertake the often-difficult task to accurately describe its own particular practices. At a minimum, the privacy policy should explain:

• What personal data is collected from or about the consumer/user, their accounts, their electronic devices, or through electronic tools such as “cookies” or “analytics.”

• How the business uses, stores or “processes” the personal data, including with whom and for what purposes it is shared with third parties.

• How the business uses personal data to communicate with the consumer/user and their options regarding those communications.

• How a consumer/user may exercise its choices concerning the collection, deletion or correction of personal data.

Other terms, such as concerning children’s data, “do not track” signals and data security may be required or recommended.

It is too often the case that a business may be reticent to fully explain their privacy practices. First, it is a daunting task to accurately ascertain and describe the amount, location and use of personal data that a business has accumulated over the years. Also, businesses are often concerned that consumer/users will respond negatively to disclosure of the fact that a business is using their personal data for business or marketing purposes. However, the legal and good will consequences of inaccurate or untruthful privacy policy are potentially much greater than the infrequent rejections by the rare consumer/users who chose not to do engage with a business based on privacy disclosures.

C. Miscellaneous Terms

There are additional topics that businesses should address in their website terms. These terms may be set forth as part of the T&Cs or in separate website documents linked to the T&Cs.

First, any website that contains any content (articles, photographs, user comments) that are not exclusively authored by the business should provide a notice of procedures to be followed under the Digital Millennium Copyright Act (DMCA). The DMCA relieves “internet service providers” (in this case, nutrition industry websites) from liability regarding website content that is alleged to infringe on another’s rights, if the website posts and follows certain procedures provided by the DMCA, such as prompt “takedown” of the allegedly offending content after receiving notice. To benefit from this safe harbor, the business must prominently post a statement describing the procedure and provide contact information for an individual, registered with the U.S. Copyright Office, who is the business’ registered agent for this purpose. The cost of registration and follow-through is modest and well spent, given the potential astronomical cost of being embroiled in intellectual property litigation.

Businesses may also wish to address the accessibility of their websites to disabled individuals. Literally thousands of class action lawsuits have been pursued claiming that business websites are not accessible to visually impaired or other disabled individuals. Websites that offer products or services to consumers should particularly be aware of the need to make their websites accessible and offer an appropriate accommodation to an individual who is nevertheless unable to access the functions of features of the website despite the business’ reasonable efforts. An explanation of the accommodation and who to contact for help should be available on the website.

Finally, some websites contain descriptions of the security measures that have been undertaken to render the website relatively secure from data breach or other malware attack. For example, a business may need to explain that it has followed recommendations to require multi-factor authorization before allowing a consumer/user to make purchases or access a user account. The extent of the security employed and the need to reassure consumer/users about website security depends on a variety of factors, such as the scope of the website’s interactivity, the sensitivity of the data that could be accessed, and whether the business’ target audience will feel comfortable doing business online without it.

Going Forward

There are both benefits and challenges to updating business website terms, some of which we have discussed above. Most importantly, it is essential that website terms be honest, accurate and fairly depict the business’ actual online practices. It is not unusual for consumers to sue for fraud, breach of contract or other claims when they believe that a business’ dishonesty or failure to abide by its website terms has caused harm to the consumer. Additionally, the Federal Trade Commission may consider untruthful disclosure and/or failure to live up to procedures promised in website terms, especially in a privacy notice, to be an “unfair or deceptive act or practice affecting commerce” under Section 5 of the Federal Trade Commission Act.

Website terms are not the place for a company to set forth its aspirations about how it will interact with consumer/users or restrict personal data usage in the future. Nevertheless, once posted, website terms should be revisited regularly and updated when needed to reflect the business’ evolution.

Once formulated, there are means to increase the likelihood that the website terms will be enforced in any specific circumstances. Enforcement of website terms, like any contract, requires certain formalities to such as that the parties know that they are entering into an agreement, are given an opportunity to read the terms and manifest their intention to be bound by the agreement. Most courts now recognize that “click-wrap agreements” and even “browse-wrap agreements” are essential to online commerce. Accordingly, website terms should be easily located and accessible to the consumer/user on the website. Use of “voting buttons” to click on “I agree” or similar language is warranted when the consumer/user first establishes a user account, makes an online purchase, or as a condition of using any interactive website feature and should be renewed thereafter when an updated T&C or privacy policy is posted. It is often possible to incorporate online T&Cs into individual sales contracts, orders, receipts or other transactional documents by stating that the parties to the written documents are bound by the incorporated terms and providing a web address for a link to the website terms.

In the end, working with appropriate technology, marketing and legal consultants, the inconvenience and cost of updating and correcting website terms will provide payoffs to any business in the form of legal protections and predictability and, perhaps, good will from consumers who will appreciate the business’ honesty and candor. NIE

Shari Claire Lewis is a partner with Rivkin Radler and a member of its Complex Torts & Product Liability; Privacy, Data & Cyber Law; and Professional Liability Practice Groups. She has focused her practice on the intersection of law and technology, often advising and representing clients on 21st Century technology challenges they face.

K2VITAL®
 
Albion Minerals®