Your checkout page is missing clickwrap

Your checkout page is missing clickwrap

You may not have heard of clickwrap, but it's one of the most important ways you can use to ensure that you're legally protected when a customer purchases something from your store.

It doesn't matter if you sell physical items or digital items. Clickwrap is a way of getting consent from users to your legal agreements, like your Privacy Policy and Terms and Conditions agreement.

Your checkout page is highly likely to be missing a clickwrap checkbox. This is something that you can easily set up on your store's pages.

We're going to take a look at what clickwrap is, why you need it, and how you should use it on your store's checkout page.

First, let's take a look at what clickwrap is.

A clickwrap agreement is a type of legal agreement where the customer explicitly clicks an "I agree" check box or button, whether by way of a pop-up, check box, or button.

Here's an example from HostGator's checkout page of how this looks like:

HostGator checkout form: I have read and agree to

Clickwrap is in contrast to browsewrap agreements, which describes when a customer is presumed to have agreed to the legal agreements simply by browsing the e-commerce store.

Here's an example of browsewrap, from Amazon:

Amazon Footer - Conditions of Use Link Highlighted

You can see the small writing down the bottom with the "Conditions of Use and Privacy Notice".

Now that we've gone through what clickwrap and browsewrap are, let's take a look at why you need to get consent to these agreements in the first place.

Then, we'll examine why you should always choose a clickwrap method over a browsewrap one.

Basically, if you don't have sort of a method of making sure your users agree to your store's Terms of Use, Terms of Sale, Privacy Policy, or Refunds and Returns Policy, before customers checkout, these agreements won't be enforceable in Court.

This means that if a customer has a problem with your conduct or your products, your legal agreements and its terms may not be used to protect you if your customers haven't agreed to those agreements and terms.

Your store's legal agreements can cover aspects such as:

  • Definition of key legal terms
  • Customer's rights and responsibilities
  • Payment terms
  • Intellectual property
  • Warranties
  • Exclusions or limitations of liability
  • Amendment clause for whenever you need to update your agreement

It's also important to get consent to your Privacy Policy agreement, particularly that your users are sharing their personal information to purchase items from your store. This sharing of personal information can be through the checkout page or through a create-an-account page.

"Personal information" can mean your customer's name, address, email address, phone number, or credit card details.

Most countries around the world have legislation that sets out that you must tell customers when you're collecting personal information from them, what you'll do with that collected personal information, and who you'll share that information with, among other things.

For example, the California's state law on data privacy is called California Online Privacy Protection Act 2003 (CalOPPA).

CalOPPA requires businesses to have easily-found and distinctive link to the Privacy Policy. The agreement needs to outline:

  • What kind of personal information your store collects from users
  • How the collected personal information may be shared with other third parties
  • How can customers of your store review and update their personal information

If you are running an online store that has customers from U.S., it's highly probable that some of your users will be from California. This means you need to comply with CalOPPA.

The law in the EU is currently the Data Protection Directive 1995:

  • Your customers must be notified when you're collecting their personal data
  • Your customers' personal data should only be collected for specific purposes
  • Your customers' data should be relevant to the stated purposes
  • Your customers' data should be accurate and kept up to date
  • The data you collected should not be kept for longer than necessary
  • Your online store must have security measures in place to protect the collected data
  • Your customers' personal data must not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory also ensures an adequate level of protection for personal data

EU law on privacy is also about to be strengthened by a new EU Data Protection Regulation, which will bring in numerous legal changes, such as:

  • It will require businesses that are collecting data on EU citizens to have a Data Protection Officer
  • It will apply to all companies and organizations that deal with the data of EU citizens (which means that GDPR will apply to a much broader area than just the EU)
  • It increases fines and sanctions for those businesses in breach of the GDPR regulation.

This means that if you deal with the personal data of EU citizens, it's becoming increasingly important to have good practices in place and ensure that you get consent from users on your Privacy Policy's terms and clauses.

When you ask users for consent over your store's legal agreements, you may also want to ask their permission for sending marketing or sales emails whenever your customers are purchasing an item. Like this example from Drupal:

Drupal and MailChimp: Example of Clickwrap Checkbox

If you don't get permission to send marketing emails to customers, you may be in breach of anti-spam legislation such as the CAN-SPAM law in the U.S.

This is why is clickwrap is the best way to get consent and permissions from users. The clickwrap methods of an agreement are more likely to be legally upheld than the browsewrap methods.

A number of legal cases have established the validity of clickwrap methods, while browsewrap methods are not viewed as enforceable by most courts, except in certain circumstances.

Feldman v Google, Inc. set out that to figure out whether a clickwrap agreement is enforceable, the court will apply "traditional principles of contract law and focus on whether the [customer] had reasonable notice of and manifested assent to the clickwrap agreement".

Specht v. Netscape also set out that the terms that the clickwrap check box or button relates to need to be conspicuous, and it needs to be clear that the check box or button relates to the agreement to the terms.

This means that using a check box or an "I agree" button to gain acceptance is useful, as it clearly shows whether or not the user has "manifested assent" to the agreement.

When you set up your clickwrap checkbox on your checkout pages, ensure that it's clear and obvious what your customer is agreeing to, and include a link to your Privacy Policy in that informative text near the check box so that your customers have had reasonable notice and an opportunity to review the linked agreements.

Here's another example from a mobile app of a clickwrap check box, with links to Samsung's legal documents clearly displayed in the text of each checkbox. You can see that not only does the user have to check all the boxes, but users also have to click an "Agree" button at the bottom to proceed. All these different legal agreements are linked within each check box and users can reach each agreement:

Mobile App of Samsung Account: Accept or Decline Terms & Conditions

This means that there can be no doubt that the user has agreed to those agreements.

All-in-all, it's not too tricky to set up a clickwrap checkbox on most checkout pages for most standard online stores. It can be positioned somewhere near the checkout button and have a clear statement along the lines of "I agree to the store's Privacy Policy and store's Terms and Conditions".

Make sure that you include the links to each of those agreements within that information text, and that the checkbox and links are conspicuous and clear.

Leah H.

Leah H.

Qualified Solicitor. Writer.

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.