Last updated on 09 May 2022 by Robert Bateman (Privacy and Data Protection Research Writer at TermsFeed)
Are you launching a new website? Whether it's a simple blog, an ecommerce store, or a community message board, you must consider your legal position.
From privacy to consumer protection to copyright, there are many ways in which the law can affect website operators.
This legal landscape might not be as daunting as you think. We're going to talk you through the key legal issues you should consider and the practical compliance steps you might need to take.
We're going to look at four areas of law that are particularly important for website operators:
All websites are affected by different laws in different ways. Two main factors determine which laws will affect your website:
Privacy law is a crucial consideration for every website.
If your users are located across several legal jurisdictions, you'll have to comply with several privacy laws. Here's a list of some important privacy laws around the world:
All of these laws have different requirements and standards. It's important to familiarize yourself with the laws affecting your website.
When it comes to privacy, a good rule is to minimize the amount of data you're collecting. This reduces your overall compliance burden and the chances of experiencing a damaging data breach.
Here are some ways you can minimize the amount of data your website collects:
Many websites use cookies to track users' activity. Cookies can be useful for advertising and analytics, but they can intrude on your users' privacy. Depending on where your users are based, you may need to obtain their consent for using certain types of cookies.
If you have users in the US, you may need to comply with the California Consumer Privacy Act (CCPA). If so, you may be required to let users opt out of certain tracking cookies. This means setting up a "Do Not Sell My Personal Information" page.
Here's how Pearson displays its "Do Not Sell My Personal Information" link:
For more information, see our article CCPA: Does Using Third-Party Cookies Count as Selling Personal Information?
In the UK and the EU, you must obtain opt-in consent for any cookies that are not necessary to either make your website function correctly or provide a service requested by the user. All advertising and analytics cookies require consent in the UK and the EU.
You can obtain cookie consent via a consent solution, such as a cookie banner. Here's an example from the BBC:
Some other jurisdictions also require you to get consent for cookies or to allow users the opportunity to opt out of cookies. For more information, see our article: Cookie Consent Outside of the EU.
In addition to allowing users to opt into or out of cookies, you also need to provide comprehensive information about how and why your website uses cookies. You can do this by creating a Cookies Policy.
Your Cookies Policy should explain:
To give you an idea of how a Cookies Policy can look, here's the introduction to Shelter's Cookies Policy:
For more information, see our article How to Write a Cookies Policy or use our Cookies Policy Generator to create your own.
Almost every website needs a Privacy Policy. This document provides your users with a comprehensive overview of how you collect, use, and share personal information. It can integrate your Cookies Policy, if you have one.
The contents of your Privacy Policy will vary according to where you users are based.
Here are the minimum requirements for a Privacy Policy in most jurisdictions:
Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:
Enter the email address where you'd like the Privacy Policy delivered and click "Generate."
You'll be able to instantly access and download your new Privacy Policy.
Practically every legal jurisdiction now has cybersecurity or data breach notification laws. Such laws require businesses to keep personal information safe and notify the authorities in the event of a security incident.
You need to keep hackers out of your system and keep your users' personal information secure. Even lists of email addresses associated with a particular brand can be valuable to hackers, who can use this information in targeted phishing campaigns.
Here are simple ways to improve the security of your website and the personal information you collect:
For more information, see our article: Protecting Personal Data in Your Business.
Consumer protection law, and contract law more generally, are most relevant to ecommerce websites. But even if you don't sell goods or services through your website, you should still consider whether you need to comply with certain aspects of consumer protection law.
Most websites, particularly those which allow users to create an account or make purchases, display a Terms and Conditions, Terms of Service, or Terms of Use agreement (these terms are often used interchangeably).
Creating a Terms and Conditions agreement sets clear rules regarding the use of your website and can provide some legal protection for your business.
Our Terms and Conditions Generator makes it easy to create a Terms and Conditions agreement for your business. Just follow these steps:
Enter the email address where you'd like the T&C delivered and click "Generate."
You'll be able to instantly access and download the Terms & Conditions agreement.
Here are some clauses typically contained in website Terms and Conditions agreements:
Wherever possible, you should ensure your users read and accept your Terms and Conditions (for example, before creating an account). You should also ensure you provide a conspicuous link to your Terms and Conditions on your home page.
For more information, see our article: How to Write Terms and Conditions.
Website disclaimers aim to limit your liability for any harms caused by your website. There are several types of website disclaimers.
Some disclaimers seek to limit your association with any third-party articles or comments on your site.
Here's an example from PBC Foundation:
Disclaimers can also seek to limit liability for factual errors of omissions present on a website.
Here's an example from VSO:
For more information, see our Disclaimer Examples article and use our Disclaimer Generator to create your own disclaimers.
If you sell goods or services through your website, you must ensure you have a Returns and Refunds Policy that aligns with the consumer protection law in the markets in which you operate.
You can set your own Returns and Refunds Policy, but it must be at least as generous as the legal minimum standard. It's important to learn the rules that exist wherever your customers are based.
In the U.S., legal requirements for returns and refunds vary across states. In many states, businesses are required to honor any Returns and Refunds Policy they have in place, but there are no specific requirements as to what the policy must say.
Here are the rules in some other major markets:
See our Return and Refund Policy Generator for more information.
If you use affiliate links to generate income on your website, you must be clear and transparent about this.
When managing your website's use of affiliate links, a good starting point is the guidance provided by the US Federal Trade Commission (FTC), which sets out some rules on making appropriate disclosures.
Here are the basic rules provided by the FTC. Many jurisdictions outside of the U.S. have similar rules:
Here's PCMag's affiliate disclosure, which appears on every page on the PCMag website containing affiliate links:
For more information, see our articles:
Website owners can end up in legal trouble for reproducing copyrighted content without permission. In most cases, this is easy to avoid.
You automatically own the copyright to content you create and display on your website, but there are some benefits to registering your copyright.
You must ensure you have any necessary licenses for third-party content you display on your website. Just because something is freely available online, this doesn't necessarily mean you can reproduce it on your site.
If you don't want to pay for content or create your own, you can obtain free-to-use images from online resource libraries like Unsplash.
In the U.S., the Digital Millennium Copyright Act (DMCA) requires websites to take down content that allegedly infringes copyright.
If an individual believes that your website is hosting their copyrighted content, they request that you take it down. If you do so in an "expeditious" (reasonably quick) manner, then you can avoid being prosecuted for copyright infringement.
Note that the DMCA covers user-generated content hosted on your website.
You should create a system for facilitating DMCA takedown requests and explain to users how they can make a DMCA takedown request.
Here's how GitHub does this:
You should also consider adding a DMCA clause to your Terms and Conditions.
In the EU, online copyright law is mainly covered by the eCommerce Directive (available here). You can comply with takedown requests to minimize your risk of legal issues, but you can also ask the supposed copyright owner to substantiate their request. Similar rules apply in the UK.
If you run a content-sharing platform that operates in the EU, you must comply with Article 17 of the Copyright Directive.
To avoid issues with defamation law, you should, of course, avoid making any defamatory statements on your website. But what if you allow users to share user-generated content?
User-generated content can include:
Websites aren't like traditional news media. The law generally views websites as "intermediaries" when they host content created by third parties. This means that website owners are usually protected from defamation claims, to some extent.
However, when it comes to user-generated content, you should always proceed with caution. To minimize risk, many websites choose not to allow user-generated content at all.
Here are some of the laws covering intermediary liability that you should be aware of:
For more information, see our article Legal Issues with User Generated Content.
We've looked above at how to create legal documents such as a Privacy Policy, Cookies Policy, and Terms and Conditions agreement. You also need to display these prominently on your website.
Here's an example from the home page of TechRadar that displays many legal agreements nicely in one section (typically the website footer):
You should provide a link to your Privacy Policy whenever you collect personal information from your users. You can also use such opportunities to ask your users to agree to your Terms and Conditions.
Here's how Trending Travel does this:
Your Terms and Conditions are unlikely to be enforced by a court unless your users have accepted them. It's important to require that your users accept your Terms and Conditions before taking actions such as creating an account or making a purchase.
We've looked at four areas of law to consider when launching a new website. Here's a recap:
Privacy law:
Consumer protection law:
Copyright law:
Defamation law:
While there will surely be other legal considerations you'll need to explore and address when launching your new website, the issues discussed above are the most common ones that will affect the widest range of people.
By addressing each of them, you'll be on your way to having a compliant website.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
09 May 2022