305 Broadway, 7TH Floor, New York, NY 10007
212-537-4436 / Toll-free 866-871-8655
Natoli Legal, LLC. The home of Lantern Legal Services.

Launching Your Web Based Business Part Two

Terms of Use, Privacy Policies, and User-Generated Content Agreements

In the second of a three-part series on launching an Internet business, we discuss some of the basic contracts you will need to protect yourself, your website, and your intellectual property with a Terms of Use Agreement. The first article, which addressed considerations at the start-up phase, including operating, ownership, and indemnity agreements, is available here.

Terms of Use Agreements

These are the terms to which visitors to your site must agree before they can fully access your site. In other words, it’s the box of legalese that nobody reads and that users would prefer not to have to scroll through in order to “agree” to your terms. Despite the misnomer in the word “agreement,” these terms are binding, even though everyone knows that users rarely, if ever, read them. But you have to follow a few simple rules.

  • Make the notice of terms immediately available when users visit the site.
  • Explicitly state that the agreement is binding.
  • Require that the user take some action in order to agree to be bound. For example, click an icon or enter data.
  • Make sure the user can read the terms, be able to navigate back and forth from the terms and other areas of your website, and be able to revisit the terms. A pop-up window that appears for a pre-programmed time and then disappears will not work.
  • Use a large enough and readable font to display the terms.
  • Terms of Use that are “subject to change without notice” may not be enforceable.

Anyone who owns and operates a website needs a Terms of Use Agreement. You do not have to engage in e-commerce to need one. You want to protect your copyright in the information and material you provide on your website. You might want to include a disclaimer that you do not control any third-party content and that users download at their own risk.

If you have user-generated content on your site, you want to explain that users must abide by certain guidelines and that the website owner may remove content.

If you are collecting personal data in any way, you must include a privacy policy that addresses how you will handle the personal information of users.

Privacy policies and User-Generated Content Agreements are discussed in more depth below.

Privacy Policies

Most Internet users are concerned about their Internet privacy to some degree, so disclosure of data policies is important. The need for a privacy policy applies to websites engaged in e-commerce as well as informational websites using third-party services for serving advertisements—in other words, everyone. In addition, a privacy policy should be an accurate and specific portrayal of the manner in which users’ data may be used. This means that, when constructing your privacy policy, you 1-must consider all the ways in which your business gathers data, including offline methods, and 2-cannot simply copy and paste a privacy policy from another website.

The laws governing privacy policies fall under the purview of consumer protection, and as such are enforced by the Federal Trade Commission and state attorneys general. Inaccuracy in your privacy policy can therefore be expensive, due to the possibility of a government cause of action. Though you may want to assure users that you will not be selling their personal information, promising not to share any information with any third parties is almost certainly false. There are numerous legitimate third parties with whom customer/user information must be shared, such as the website host and the user’s own Internet Service Provider (ISP). If a monetary transaction takes place on your website, you have also involved a credit card company or bank, and a courier delivering the purchased products.

Another privacy policy trap is a statement that the owner only collects personal information through a form users complete on the website. As discussed above, you need to mention the offline ways in which your organization gathers data, such as through email, mail, telephone or fax communications directly with the customer, or through third parties such as credit card processors and database vendors.

One further consideration is that you also want a policy that can be flexible enough for future uses. If your privacy policy does not remain accurate, you will have to update to a current policy. Keep in mind that any “material changes” in your policy cannot be made to apply to previous users without first getting their permission.

Crafting a sound privacy policy can be cumbersome initially, but it comes with the positive side effect of helping you gain a full understand of how your organization collects data, how it uses the data, and how it shares the data with others. This in turn allows you to better market your product and/or services to your customers.

User-Generated Content Agreements

Also known by the lengthier name of Third-Party User-Generated Content Agreements, these contracts allow you to communicate rules for contributing content, and to disclaim responsibility for the content uploaded by users of your website. Such content also includes comments, not just uploaded pictures and videos, or contest submissions.

In the terms of the agreement, you may also control the content uploaded by, for example, stating a policy of removing comments and content that violate your policy. The terms should be broad enough, however, that you do not lock yourself into policing user-generated content on your website.

Some basic provisions to include in a User-Generated Content Agreements include the following:

  • A statement that users may not post material that is unlawful, infringing; vulgar, obscene, pornographic, or hateful, to name a few.
  • A statement that uploaded content is not reviewed and does not reflect the opinions of the site owners.
  • A statement that posted content may be used by the website owner for commercial purposes, and may therefore be present on other areas of the Internet.
  • A statement that the website owner does not ensure the accuracy of any user statements made on the website.
  • A statement that, by posting content, the author grants a non-exclusive license to the website owner to use, copy, display, edit or distribute the submitted work and to create derivative works.
  • An indemnification clause that the website owner is not responsible for any and all claims arising from user-generated content, including damages.

Think about how you want users to interact with your website when drafting your User-Generated Content Agreement. Your policies can be as restrictive or permissive as is best for your website. Continue to monitor how users actually do interact with your website so that your contract is current and keeps you covered. Keep in mind that the safe harbor provisions under the Digital Millennium Copyright Act (DMCA) apply only to “service providers” as defined by the Act, and only after meeting certain eligibility requirements. Compliance with the DMCA will be further examined in the next article of this series.

Having addressed preliminary concerns in launching a website, and now with these policies in place and presented on your website, you are ready to operate. Stay tuned next quarter for the final article in this series, which will discuss operational concerns pertaining to DMCA take-down notices, trademark protection, and the ongoing relevance of privacy policies.