It’s hard to escape the unending sea of consent check boxes that bombard you when browsing online. Legal policies are everywhere on websites today. Whether it’s long scrolls through terms of service, or pop-ups asking to collect your personal data. We’ve all hastily scrolled and clicked, but how often do you really pay attention to legal policies on the sites you visit? Probably not unless there was an issue; which is one major reason why they are beneficial for a business to have. So what legal policies should your website have in place?
It’s the Law in Much of the World
|State||Right to Delete||Right to Access||Legislation Status|
|California||In effect Jan 2020|
|New York||On hold|
|North Dakota||Pending approval|
Canada has PIPEDA or the Personal Information Protection and Electronic Documents Act and Australia has legislation called the 13 Privacy Principles. Most countries have their own laws about privacy policies, you can read more about each one that may be relevant to your business in this article from Website Policies.
Failure to comply with the GDPR can have fines of up to $11.8 million, or 2% of a company’s global annual revenue – whichever is higher. Other countries have different rules and penalties, but they all come with a hefty fine. Imagine now that someone from each of these places visits your site at the same time if you aren’t compliant with any of their rules – it could be a very expensive visit. It’s probably best to just skip that situation all together and have a policy that covers your bases.
Trust and Credibility
Terms of Service
Prevent Abuse and Content Theft
Terms of service sets the expectations of users who are considering using your product or service. That’s where you’ll address issues such as language use, spamming, defamation etc. It’s also the place to set the punishment (or a termination clause), for those who break the agreement. This helps to establish clear and legally-binding boundaries to protect both your business and your clients.
Terms and conditions also tend to include an Intellectual Property Clause. IPCs state that content created by the business is owned solely by the business, and is protected by international copyright laws. This includes anything that you’ve created on your site, whether it’s the logo, images, diagrams, you name it. This helps to prevent anyone from trying to steal your content and use it as their own without your permission.
Limiting Liability and Setting the Governing Law
Include a disclaimer in your terms of service to cover any potential errors on the businesses end. Terms of service protect you from being held responsible for issues with product availability or others using your content inappropriately. As well as being clear that you can reserve the right to cancel orders or discontinue services for whatever reason you see fit.
The Governing Law refers to the country you are doing business from. Many countries have different rules and regulations. Rules that users that are expected to follow on your site and what rules they can expect you to operate under are established in Governing Law.
If you’re curious about what else to include in your own Terms of Service, try reading this helpful article from Legal Nature.
Consent for Information Gathering
You may have seen that little pop-up when first visiting a site that asks about cookies and other onsite-tracking. Cookies are little snip-its of code that remember things you’ve clicked on, how long you stayed on a site or other places you’ve visited. While these trackers are useful for advertising they do contain personal information about your browsing habits. Some countries now have laws that require user consent before these tracking tools to be used. The rules can be strict when it comes to the information being collected by your site and how it’s being used.
Under the previously mentioned CCPA, California has a mandate that privacy policies contain a “DNT” or do not track clause. That means you must indicate if your site will follow suit with do not track requests. Nevada and Maine have similar legislation in the works and will likely follow suit. Federally, the the Gramm-Leach-Bliley Act also addresses the collection of personal information by financial institutions, including cookies (Bloomberg Law, 2019).
The EU’s ePrivacy Directive, requires that websites ask users to accept cookies, and other tracking files before installing them. The United States’ CCPA allows cookies, but requires you to provide an opt-out option for selling user data to third parties. It also states that if a third party has cookies on your website, that you must employ methods to protect user’s information. As a site owner, you’re responsible for keeping users information safe, even through third party services.
Wondering if your site is compliant? Cookiebot offers a free test to see what cookies your site is using.
Here are a few basic rules to make sure you’re in compliance:
- Identify the user information being collected and explain how it’s being used
- When you make site additions, check to see how they’ll effect your policy
- Make sure your policy is specific and updated
- Users should give consent without the threat of negative consequences if they opt-out
- Have a required action to knowingly apply consent (must click to check a box or the like)
- Inform people how they can easily withdraw their consent or opt-out
- Make sure that information is secure, especially if you utilize third-party services
The Legal Policies that Your Website Should Have
Though there is no US federal data privacy law (yet), your business may still be effected laws in California and the EU. With that in mind, we recommend these three legal policies for your site:
- Terms of service agreement
- Clear data collection consent and refusal
It helps to create clear expectations for yourself and your consumers. As well as limiting your risk of liability, and legal issues in the future. Being as clear and honest as possible will help to foster trust with your users. And it can help to build credibility for your business as a whole.
Bright Space Creative is not a legal firm. We do not claim to have full knowledge of every law or statute, nor do we advise on them. This article is based on popular opinion and potential outcomes.