While a Terms and Conditions agreement is not legally required by law, it's highly recommended that all websites and mobile apps have one.
The 2 legal agreements
The agreement must be easily accessible from your website or mobile app, and easy to read and understand. It must be fully honest, accurate and updated.
Using fancy legal terms or outdated information will make your legal agreement inadequate and may lead to legal issues.
A complete list of exactly what information is collected
What this information is used for
If this information is shared and, if so, with who
The Terms & Conditions agreement
While not legally required, a Terms and Conditions agreement will act as a legally binding contract between you (the owner of your website or mobile app) and those who use them.
You can use this agreement to:
Prevent or block abuses happening on your web site/mobile app.
With this type of legal agreement, you'll be able to limit negative activity such as spamming or screen scraping by prohibiting such activities in the agreement. If someone doesn't follow your terms and rules, you can do something about it.
In your Terms and Conditions agreement, you can go into detail about who is able to use your website or mobile app content, and how this content can be used.
Copyright information and trademarking can be included to protect your intellectual property. Otherwise, your content may be compromised with no or very little legal recourse.
How to get consent
Obtaining consent for your Terms and Conditions is required if you wish to be able to enforce them and have protection against abuse by users of your site who may violate these terms.
While the browsewrap method of obtaining consent used to be common and legally allowed, it's now no longer valid in court. Instead, the clickwrap method has taken hold as the main method of obtaining consent.
In a number of cases, courts found that users must actively be informed about legal agreements they agree to, and this default method of assuming consent became obsolete.
This was the case for Ticketmaster v. Tickets.com.
Tickets.com was found to be taking information from the Ticketmaster website, changing it around slightly, and using it on its website.
Ticketmaster had a clause in its Terms and Conditions that prohibited using information taken from the site for any commercial purposes, and sued Tickets.com to enforce this.
The click-wrap method involves requiring the user to actively click a box to give consent, agree, or accept.
Example from EngineYard linking to its Terms of Service:
This method holds up strongly in court because there is very little ambiguity as to whether consent is given when someone clicks "I consent" and checks a checkbox.
In the case of Scherillo v. Dun & Bradstreet, Scherillo had checked a "Yes" box to agree to Terms of a website. He later said he had not meant to do so and revoked his consent. The court held that clicking "Yes" was evidence that he reasonably intended to consent, and upheld his consent.
How can you obtain valid consent?
When it comes to consent, anything that can be reasonably interpreted as being unambiguous consent is sufficient. Clicking boxes that say "I agree" or "I accept" are common methods of obtaining consent.
This active method of obtaining consent is far more favored than the more passive way of allowing an opt-out method and assuming a person is opted in unless opt-out action is taken.
Consider the following examples:
When installing Microsoft Office, users are prompted to continue through installation, then are stopped and asked to explicitly agree to the presented Software License (sometimes this agreement is also known as a Licensing Agreement or EULA before moving forward with the installation.
It also ask for confirmation:
This makes it clear that by continuing the installation, the user has agreed to the terms and will be bound by them.
By having a box to check and making the next clickable button have the word "Agree" in it, there will be very little doubt that any user who checks that box and continues on is fully agreeing to the legal agreement.
Also, consider putting a pop-up notification that requires consent before allowing a user to move further into your website or mobile app. Link all of your relevant information to this pop-up, and make it clear that by clicking on, the user is agreeing to the linked documents and policies.
Key points to consider
Use language that is easy to understand in these policies.
Consent must be unambiguous.
Be specific when asking for consent.
Require active action such as clicking or typing initials when asking for consent.
Use terms such as Agree, Consent and Accept to make sure a user understands that this is the action he is taking.
Consent isn't limitless.
If you obtain consent to use someone's personal data in one way and then decide you wish to use it in a different way, you must obtain consent for this new use.
Consent doesn't mean consent to everything. It only means consent to exactly what you asked for consent to do.