Privacy laws around the world increasingly require clear and active consent to data collection. In the GDPR in particular, consent must be "freely given", clear, and affirmative.
Using clickwrap to gain agreement to your Privacy Policy helps you to meet your legal obligations, and show that your users have agreed freely and clearly. This article covers what clickwrap is, why it's good to use it, and how to display a clickwrap agreement.
Let's begin.
"I Agree" Checkbox by TermsFeed tool can help you enforce your legal agreements in 3 easy steps.
-
Step 1. Adjust the settings in order to display your legal agreements properly.
-
Step 2. Customize the style to match your brand design.
-
You're done! Just copy the generated code from Step 3 and copy-paste it on your website.
What is Clickwrap?
Clickwrap is a term used to refer to the process of agreeing to a legal document through clicking a checkbox or "I Agree" button.
It is usually contrasted with the term "browsewrap", which is when a legal agreement is assumed to be agreed to by the user simply browsing.
One example of browsewrap would be displaying Terms and Conditions in your website footer, and expecting that users see it and agree to it through their continued use of your website (browsing).
Browsewrap is not enough for showing clear and active consent, while clickwrap is.
Benefits of Using Clickwrap in the EU
There are a number of benefits of using clickwrap in the EU. Most importantly, it helps you to comply with your legal obligations.
The General Data Protection Regulation (GDPR) is a strict data privacy law that applies to any organisations that process personal data of individuals in the EU.
The GDPR requires that you gain clear, affirmative consent to your Privacy Policy. You then have to explain (in your policy) how you collect data, what you collect, for what purposes, and outline users' privacy rights.
If your website could have EU users, you'll need to comply with these rules.
Other laws around the world such as the California Online Privacy Protection Act (CalOPPA) require you to display a Privacy Policy, although they don't require active consent. However, even if you're not in the EU, most privacy laws are increasing in "strictness" as time goes by. It's likely that complying with EU rules will become the gold standard for privacy on a global scale.
By meeting the highest requirements (that are becoming the norm), you can ensure that you don't run into any legal troubles, and don't have to constantly update your website, either.
In addition, using clickwrap makes it easier to enforce your legal agreements, including your Terms of Use or Privacy Policy. Finally, it creates more trust and transparency with your users.
Let's take a look at each of those in more detail.
Comply with Legal Obligations
Under the GDPR, data subjects need to consent to the collection of their data freely, unambiguously, and with a clear affirmative action.
Here's the definition of consent from Article 4 of the GDPR:
This means that when you get consent to data collection, you need some way of proving that consent was clearly and affirmatively given.
Clickwrap is one way of gaining this clear, affirmative consent.
In 2015, the European Court of Justice heard a case between Mr El Majdoub, a car dealer, and CarsOnTheWeb.Deutschland GmbH. The case was about whether a clickwrap agreement was enough to form a "durable record" of a binding agreement to the CarsOnTheWeb Terms and Conditions on their website. The court decided in this case that clickwrap was sufficient.
Using clickwrap shows that users have had an opportunity to see and review your Privacy Policy (which outlines the data you collect, for what purposes, and data subjects' rights). It also shows that they have taken a specific, unambiguous action to affirm their agreement.
Make sure your Privacy Policy also meets all of the requirements for the GDPR and what you need to disclose to users.
Easier Enforcement of Agreements
When you have a legal agreement or Privacy Policy, it's also important to be able to show that your users have agreed to it if you ever need to enforce its provisions.
You can also see that Article 7 of the GDPR requires you to be able to demonstrate that your user has consented:
When you use a clickwrap agreement, you can prove that a user has agreed to your Privacy Policy much more easily. This puts you in a stronger legal position if any issues arise.
Transparency with Users
Having clear, available links to your Privacy Policy also helps to build trust with your users.
When you provide your Privacy Policy in a transparent way, with a clear option to agree or disagree, you show your users you are committed to your legal obligations, openness, and accountability.
If you hide your Privacy Policy away and don't encourage users to read it and actively agree to it, it can look like you're collecting data in an intrusive or even potentially illegal manner.
Now let's take a look at how best to display your Privacy Policy with clickwrap.
How To Display a Clickwrap Agreement
There are two primary ways in which clickwrap agreements can be displayed:
- Through a checkbox
- Through an "I agree" button
For both options, make sure your checkbox or "I agree" button is clearly and obviously displayed. Make sure the user cannot continue with their use of your website or sign-up process until they have checked the box or clicked the button.
Let's take a look at each of those.
Checkboxes
Displaying a clickwrap agreement using a checkbox is the most common way to display it.
Here's an example from BaxEnergy. In this example you can see a clear checkbox on the left side, with a link to the Privacy Policy:
The box must be checked before the user can press the submit button, as you can see in the image below:
Here's another example from HAIBIKE. You can see that for a newsletter subscription, which would require collecting personal data, HAIBIKE has included a link to its Privacy Policy and a checkbox for the submission of the user's email address:
Now let's take a look at "I Agree" buttons.
I Agree Buttons
Another common option is an "I Agree" button. This is used less often than a checkbox, although it is still one way that you can show a user has taken an affirmative, clear action.
Here's an example from LinkedIn:
You can see the button includes text above it, with links to LinkedIn's User Agreement, Privacy Policy, and Cookie Policy. The button states "Agree & sign up". It may be harder with this kind of approach to show that a user has agreed specifically to the documents (rather than just wanting to sign up).
Here's another example of using buttons and sliders, which are typical options for agreeing to a Cookie Policy (another component of data collection and disclosure). This example is from Oatly:
Sliders and buttons can also be used to show agreement in this way, as long as users can see clearly what they are agreeing to. As in this example, you should make sure that "Agree" and "Reject" buttons are displayed the same (i.e. not a much bigger or bolder "Agree" button).
Summary
European data privacy rules outlined in the GDPR require you to gain clear, affirmative consent from your users when you collect their data. By using clickwrap, you provide a way for your users to affirmatively and clearly consent to your Privacy Policy.
Whether you choose to use a checkbox or an "I Agree" button, using clickwrap helps you to comply with your legal obligations, ensure easier enforcement of your legal agreements, and shows your users you care about privacy and transparency.
The first step to compliance: A Privacy Policy.
Stay compliant with our agreements, policies, and consent banners — everything you need, all in one place.