You may not have heard of clickwrap, but it's one of the most important ways you can use to ensure that you're legally protected when a customer purchases something from your store.
Your checkout page is highly likely to be missing a clickwrap checkbox. This is something that you can easily set up on your store's pages.
We're going to take a look at what clickwrap is, why you need it, and how you should use it on your store's checkout page.
First, let's take a look at what clickwrap is.
A clickwrap agreement is a type of legal agreement where the customer explicitly clicks an "I agree" check box or button, whether by way of a pop-up, check box, or button.
Here's an example from HostGator's checkout page of how this looks like:
Clickwrap is in contrast to browsewrap agreements, which describes when a customer is presumed to have agreed to the legal agreements simply by browsing the e-commerce store.
Here's an example of browsewrap, from Amazon:
You can see the small writing down the bottom with the "Conditions of Use and Privacy Notice".
Now that we've gone through what clickwrap and browsewrap are, let's take a look at why you need to get consent to these agreements in the first place.
Then, we'll examine why you should always choose a clickwrap method over a browsewrap one.
This means that if a customer has a problem with your conduct or your products, your legal agreements and its terms may not be used to protect you if your customers haven't agreed to those agreements and terms.
Your store's legal agreements can cover aspects such as:
- Definition of key legal terms
- Customer's rights and responsibilities
- Payment terms
- Intellectual property
- Exclusions or limitations of liability
- Amendment clause for whenever you need to update your agreement
"Personal information" can mean your customer's name, address, email address, phone number, or credit card details.
Most countries around the world have legislation that sets out that you must tell customers when you're collecting personal information from them, what you'll do with that collected personal information, and who you'll share that information with, among other things.
For example, the California's state law on data privacy is called California Online Privacy Protection Act 2003 (CalOPPA).
- What kind of personal information your store collects from users
- How the collected personal information may be shared with other third parties
- How can customers of your store review and update their personal information
If you are running an online store that has customers from U.S., it's highly probable that some of your users will be from California. This means you need to comply with CalOPPA.
The law in the EU is currently the Data Protection Directive 1995:
- Your customers must be notified when you're collecting their personal data
- Your customers' personal data should only be collected for specific purposes
- Your customers' data should be relevant to the stated purposes
- Your customers' data should be accurate and kept up to date
- The data you collected should not be kept for longer than necessary
- Your online store must have security measures in place to protect the collected data
- Your customers' personal data must not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory also ensures an adequate level of protection for personal data
EU law on privacy is also about to be strengthened by a new EU Data Protection Regulation, which will bring in numerous legal changes, such as:
- It will require businesses that are collecting data on EU citizens to have a Data Protection Officer
- It will apply to all companies and organizations that deal with the data of EU citizens (which means that GDPR will apply to a much broader area than just the EU)
- It increases fines and sanctions for those businesses in breach of the GDPR regulation.
When you ask users for consent over your store's legal agreements, you may also want to ask their permission for sending marketing or sales emails whenever your customers are purchasing an item. Like this example from Drupal:
If you don't get permission to send marketing emails to customers, you may be in breach of anti-spam legislation such as the CAN-SPAM law in the U.S.
This is why is clickwrap is the best way to get consent and permissions from users. The clickwrap methods of an agreement are more likely to be legally upheld than the browsewrap methods.
A number of legal cases have established the validity of clickwrap methods, while browsewrap methods are not viewed as enforceable by most courts, except in certain circumstances.
Feldman v Google, Inc. set out that to figure out whether a clickwrap agreement is enforceable, the court will apply "traditional principles of contract law and focus on whether the [customer] had reasonable notice of and manifested assent to the clickwrap agreement".
Specht v. Netscape also set out that the terms that the clickwrap check box or button relates to need to be conspicuous, and it needs to be clear that the check box or button relates to the agreement to the terms.
This means that using a check box or an "I agree" button to gain acceptance is useful, as it clearly shows whether or not the user has "manifested assent" to the agreement.
Here's another example from a mobile app of a clickwrap check box, with links to Samsung's legal documents clearly displayed in the text of each checkbox. You can see that not only does the user have to check all the boxes, but users also have to click an "Agree" button at the bottom to proceed. All these different legal agreements are linked within each check box and users can reach each agreement:
This means that there can be no doubt that the user has agreed to those agreements.
Make sure that you include the links to each of those agreements within that information text, and that the checkbox and links are conspicuous and clear.