Written by

Jocelyn Mackie
Former civil litigation attorney. Content legal strategist at TermsFeed.

On this page

As more privacy laws require affirmative consent from users, clickwrap becomes more and more essential. Unlike the passive acceptance long advanced by browsewrap, clickwrap provides certainty when it comes to ensuring users accept your online terms.

This is especially true if your company operates within the EU. You risk substantial fines if you fail to provide notice of your privacy practices. Also, without strong notice regarding your Terms & Conditions, you may find it difficult to enforce that agreement.

If you have not integrated clickwrap into your website or app, now is the time to accomplish that. Here is why clickwrap is effective and vital for legal compliance and straightforward business practices.

"I Agree" Checkbox by TermsFeed tool can help you enforce your legal agreements in 3 easy steps.

  1. Step 1. Adjust the settings in order to display your legal agreements properly.

    TermsFeed Free Tools: I Agree Checkbox - Settings - Step 1

  2. Step 2. Customize the style to match your brand design.

    TermsFeed Free Tools: I Agree Checkbox - Customize - Step 2

  3. You're done! Just copy the generated code from Step 3 and copy-paste it on your website.

    TermsFeed Free Tools: I Agree Checkbox - Copy your Code - Step 3



Preference for clickwrap

In the early days of the Internet, users accepted the terms of agreements through browsewrap - provided the site contained any agreements at all. This was the idea that mere use or access of a website showed acceptance of terms.

The basis of browsewrap was the availability of links to agreements. These are normally located in the website footer and included all online agreements, including Terms & Conditions (T&C) also known as Terms of Use or Terms of Service, Privacy Policies, and other agreements.

This example is from BBC. Notice the footer includes the Terms of Use, Privacy Policy, Cookies Policy, and a separate Parental Guidance Policy. No matter where a user accesses a website, these links are available:

BBC website footer showing agreement links

Most T&C's start with a reference to browsewrap by describing that use of a website indicates acceptance of the terms. Upwork provides this example from the first paragraph of its terms:

Upwork

While these practices continue, they are rarely used alone. Now that the Internet has grown, website owners want better guarantees for enforcing their online agreements.

That lead to the development of clickwrap. While browsewrap is passive, clickwrap is more active and direct. It involves users receiving direct notice that use or purchase constitutes acceptance of terms or provides checkboxes and other tools where users affirmatively confirm that they accept terms.

Clickwrap is common during the sign-up process. This example from Makr explains to a user at sign-up that creating an account means accepting the Terms of Service:

Makr sign-up page: By signing-up you agree to Terms of Service (example of clickwrap)

Checkboxes are even more direct and clear. Users cannot move forward with account creation unless they indicate they read and agreed with online agreements by checking a box.

The best platforms also include links to the agreements so users are given every opportunity to review them before agreeing to them.

A good example is provided by Adobe:

Adobe ID Sign-up screen: Clickwrap example with agree to Terms and Privacy Policy

Another common practice is to use clickwrap when a T&C or Privacy Policy changes or is updated.

Airbnb did that when it revised three online agreements. Users received three links to review the new policies and needed to click "Agree" before continuing:

Airbnb: Mobile app Terms of Service update notification screen with clickwrap "Agree"

Current laws encourage the use of clickwrap over relying only on browswrap. Clickwrap proves especially useful for privacy compliance, but may also make a big difference in whether your agreement is found to be enforceable.

Laws encouraging clickwrap

Advantages of clickwrap over browsewrap are shown consistently through both U.S. and EU law.

U.S. case law

The U.S. started evaluating the differences between browswrap and clickwrap early in the Internet's history. These cases started changing how much of the world addresses websites.

Most cases focused on accessibility. An early case, Groff v. America Online, Inc., arose in 1998 after America Online went from a per-use billing system to flat rate billing. Plaintiffs brought the suit because they paid a low rate for limited access which increased when the flat rate was instituted. America Online responded with a change of venue action because the Terms of Service required disputes to be filed in Virginia (its corporate headquarters) and not Rhode Island.

Since there were no laws regarding online transparency and limited case law addressing online agreements, the suit was brought under the Rhode Island Unfair Trade Practice and Consumer Act. The court granted the change of venue because even then, America Online effectively used clickwrap. Users had to click an "I agree" button every time they logged on which held them to the company's terms of service.

Courts continue to affirm clickwrap cases today. A case filed this year, Meyer v. Uber Technologies, Inc., involved the enforcement of Uber's arbitration clause in its Terms of Service. When plaintiffs filed suit, Uber filed a motion to compel arbitration. Users argued that the arbitration provision was not enforceable because they never had the opportunity to access the Terms of Service and see the provision.

The court focused on Uber's sign-up page and determined otherwise:

Uber

Uber indicates early on that creating an account means agreeing to be bound by its Terms of Service. The dialog includes links to that document and the Privacy Policy. This was adequate for the court to enforce the arbitration clause.

While there are no examples of the original America Online sign-up page, the service currently takes the same approach as Uber, likely learning from its past experience:

America Online

The advantage of clickwrap is not limited to the U.S. It also works well with laws, regulations, and case law in EU member states.

EU case law

A case from 2015 indicates the EU's preference for clickwrap. Like the Uber case, El Majdoub vs. CarsOnTheWeb.Deutschland GmbH involved an arbitration clause within a T&C.

Plaintiffs brought the action to the Court of Justice of the European Union (CJEU) under Brussels I Regulation which addresses cross-border cases in the EU. Article 23(2) requires online agreements to be "durable records" that are the equivalent of a written contract.

The claim disputed an arbitration clause on the theory that since CarsOnTheWeb only provided links to the agreement rather than a pop-up containing the agreement text, it was not enforceable. Plaintiffs argued that the matter could be tried in a court of law rather than be limited to arbitration.

The court disagreed. Links were considered adequate even if agreements did not pop up, download or print. Since the presence of the link made downloads and printing possible, the CJEU found that presentation was adequate to enforce the arbitration clause.

This was unsurprising since CarsOnTheWeb offers a thorough sign-up process. Users must indicate "Yes" to agreeing with the T&C or it is impossible to move forward on the site:

CarsOnTheWeb

The EU does not have the same extensive case law history for clickwrap as the U.S. However, its privacy laws are stricter, which makes clickwrap a useful compliance tool. A recent regulation includes the EU General Data Protection Regulation or GDPR, and clickwrap is likely the best way to meet its requirements.

EU General Data Protection Regulation (GDPR)

The GDPR replaces a similar law that came into effect in 1995. This newer version becomes enforceable on May 25, 2018 but companies are adapting to its requirements now.

Privacy laws within the EU always emphasized transparency between website owners and users, but the new GDPR requires developers to provide more information to users. Users must be told why data is collected, how long it is kept, and their rights to request changes or remove the data. If any data is transferred out of the EU, users must receive notice.

The law expands responsibilities for data protection to other parties other than the original data collector. Any third parties, like cloud providers, must also meet these duties. If they fail to do so, they may be held liable for compliance violations and any data breaches.

Another requirement includes the Data Protection Officer (DPO). This is a staff member whose sole role is to assure regulatory compliance with privacy matters. Once appointed, this individual is registered with the EU Data Protection Officer's Network which maintains a public database.

The GDPR does not directly address clickwrap, but its notice requirements make it essential.

Users must be informed of how information is used, collected, and stored and given more notice for their rights under the privacy laws. The best way to meet these requirements is with a thorough Privacy Policy.

Once drafted, users need to accept it. Since the CJEU already indicated that clickwrap creates enforceable agreements, taking the same approach to sign up as Uber and CarsOnTheWeb assures you will comply with this law when it becomes effective this year.

Advantages of clickwrap

There is little doubt that clickwrap creates enforceable agreements. Browsewrap rarely exists by itself because better web design and more privacy awareness makes clickwrap the better option. If you have not integrated clickwrap with your sign-up or log-in processes, here is why you should change that today--especially if you operate in the E.U.

Better compliance with privacy laws

Like the GDPR, most privacy laws do not mention clickwrap. But they do discuss notice extensively.

Besides the GDPR, state privacy laws in the U.S. require notice to users regarding privacy practices. California, Delaware, Nevada, and Connecticut all have notice requirements if a company collects personal data. These laws also require Privacy Policies to be present and conspicuous on websites.

Other countries have federal privacy laws. The UK, Australia, and Canada also require extensive Privacy Policies that are accessible to users.

That means any company operating in the EU needs to be prepared to provide notice and details of privacy practices. With laws like the GDPR basically requiring Privacy by Design throughout its member states, it is a good idea to make transparency a habit now so it is easy to stay current on these laws as they develop further.

When you use clickwrap, you not only provide transparency with links to the agreements but also assure users are informed of your practices. Even if they do not actually read the agreements, a court is more likely to consider them enforceable despite that if your clickwrap is clear that terms are accepted on sign-up.

Transparency with users

Being clear about your data and business practices is good business. Making your T&C and Privacy Policy visible shows that you have nothing to hide and gives users the opportunity to review your agreements.

Using clickwrap offers another opportunity for users to take a closer look at your agreements. This does not mean they will take advantage of this, but providing links at sign-up and making it clear that creating an account shows assent with the terms is a straightforward approach to providing notice.

Assured acceptance

Agreements protect you, too. T&C's contain provisions that allow you to delete accounts after nonpayment or conduct violations occur. Privacy Policies explain the collection and use of data so users know what to expect and cannot hold you liable for practices already explained in that document.

If users read the documents, you will face much less resistance when you enforce the policies. Even if users blindly accept the policies without reading them, courts will not consider that relevant if policies are disputed later. It's up to you to present the agreements, but it's ultimately up to your users to read them.

Clickwrap is a means of assured acceptance. When you use it, you can show positive assent to the agreements and that makes it difficult to challenge them.

Reduced doubt regarding enforcement

Enforcing browsewrap is questionable. In this day of modern Internet design, a court may be hard-pressed to believe the presence of a footer link is adequate when it is possible to provide links throughout any stage of sign-up or log-in. It just might not be enough anymore.

Providing clickwrap removes this doubt. It offers multiple opportunities to read agreements and that makes them enforceable, even if users do not take advantage of the opportunity. Anytime a user clicks "yes" or "submit," you can rest assured that you may enforce your terms when necessary and preserve the quality of your product or service.

As privacy regulations in the EU become stricter, clickwrap becomes essential. It is an excellent way to obtain evidence that users were notified of your data practices and consented to them.

Besides privacy laws, clickwrap makes your T&C a stronger document. When a user assents to them through clickwrap, you can enforce your rules and move forward assuming a user knows what to expect.

There are very few websites that do not use clickwrap, and for good reason. If you have not integrated it into your online agreements, now is a good time to do so before the GDPR becomes enforceable in May of 2018.