Update Notice for Changes in Legal Agreements

The legal agreements of your website or mobile app govern the relationship between your company and your users.

When you update any of your legal agreements, be it a Privacy Policy or a Terms and Conditions, you should notify users about the upcoming changes.

They should be made aware of the changes you're going to make to your legal agreements and how these changes would affect them and their accounts with your website or mobile app.

This is important.

An update notice give users the chance to opt-out or close their accounts if they don't agree with the changes.

Always Provide an Update Notice

Companies are making changes to their legal agreements for a variety of reasons: to make them more streamlined or readable, to be more descriptive, to inform users about new functionality of the website or mobile app, to adhere to legal requirements of new laws such as the GDPR and so on.

Regardless of the reason for the change, the updates to your legal agreements should be announced to your users before they become effective.

• Asking for more personal information from users than you previously did is a change that could affect users.
• Using personal data from users in a new way than wasn't previously stated in your Privacy Policy is another change that might affect users.
• Updating your legal agreements to include a class action waiver is a major change that can affect the rights of your users.

In any of the above, the changes in a legal agreement can be substantial to users and it might affect their rights.

It's important how you get your users to agree to your original agreements as well as your updates. This is related to the browsewrap vs. clickwrap distinction:

• Browsewrap refers to legal agreements placed somewhere on your website, mostly in the footer section of the website. The links are visible, but users may not be aware of the legal agreements they're agreeing to.
• Clickwrap, on the other hand, is when you require users to confirm that they have read and agreed to your legal agreements before they sign-up, log-in, submit a form, download an app etc.
• Clickwrap is the classic "I agree to" checkbox.

A clickwrap agreement is an enforceable agreement, while a browsewrap agreement isn't.

Two court cases - Specht vs. Netscape and Zappos Inc. Customer Data Security Breach Litigation - give more information on why:

• In Specht v. Netscape the court found that "a consumer's clicking on a download button does not communicate assent to contractual terms if the offer did not make clear to the consumer that clicking on the download button would signify assent to those terms"
• In Zappos.com Inc., Customer Data Security Breach Litigation the court found that browsewrap Terms of Use done by Zappos.com was not prominent and that no reasonable user would have read the agreement.

Not providing an update notice about upcoming changes to your legal agreements is similar to a browsewrap agreement: if the user isn't aware of the changes, the user can argue that she/he couldn't have agreed to the new terms because the terms weren't presented properly.

Providing a notice that you'll update your legal agreements isn't limited to only a few agreements, but to any agreements that governs the relationship between you and users:

• Terms and Conditions
• Privacy Policy
• Cookies Policy
• EULA
• Community Guidelines
• Code of Conduct
• Acceptable Use Policy
• Terms for the API
• Service Level Agreement

Email Notices

Email is the most popular method used to provide notice, but this requires you to have the email address of your users. If you do use email to inform users about the changes, make sure to:

• Make it clear what the announcement email is about
• State why the changes are required
• State how the changes will affect the users and their accounts
• State when the changes will come into effect

Elance provided a notification that eight of their legal agreements will be changed. The email contained links to the updated sections of the agreements and it even summarized each section to provide a really neat overview.

Elance also stated when the updates were going to take effect:

As you can see, Elance outlined every change very well, from users' obligations to indemnities and disputes.

How should your email announcing changes to your Privacy Policy and Terms and Conditions should look?

Here are a few tips:

• Start with a clear subject line: "We're changing our Privacy Policy" or "We're updating our Terms and Conditions"
• Mention why the update is needed: improved user experience, to give access to new services that requires a new set of rules to be accepted etc.
• Provide a summary of the major changes
• Individually mention why each of the major change was needed
• Link to the new agreements directly from the email
• Mention the date when the new agreements will be in effect
• If possible, provide a comparison between the new agreements and the old agreements

Other places that you can use to announce the updates are:

• Your Facebook and Twitter official accounts. Link to the legal page on your website detailing the upcoming changes
• A blog post in which you discuss the changes
• A banner pop-up on your website

On Websites

Regardless of what kind of legal agreement you'll update, these are the most strategic places where you can place a notification about upcoming changes to your legal agreements:

• When the user creates an account on your website:



• When the user orders a product or pays for your services, i.e. before checkout
• Before the user can send you a request to perform a certain service
• Whenever you place links to your legal agreements:

A top bar placed across all your web pages that inform users about the changes is the most popular tactic but make sure to link to a page where users can find more information.

This kind of top bar is similar to the method used by companies that must comply with the EU Cookies Directive:

For SaaS Apps

Because most SaaS apps involve some version of an account dashboard, you can use the dashboard to properly notify users about any upcoming changes.

DigitalOcean, for example, updated its Terms of Service and used the dashboard section of its user accounts to notify them about the change:

For Mobile Apps

If your business is only done through a mobile app and not through a website, you're still going to have agreements for that mobile app which will need to be updated at some point.

Follow the same practices as website owners to provide notice to users whenever you need to update the agreements.

When Airbnb updated its Terms of Service, the notification wasn't only through email but through its mobile app as well:

Users were required to check the "I agree to the updated Terms" button and then click the "Accept" before they could continue to Airbnb:

GDPR Notices

The GDPR gives your users far more rights when it comes to how their personal data is handled. One of the key aspects of the GDPR is its push for transparency.

A huge part of being transparent is sending notices to your users that let them know about any updates and changes you've made or will be making in response to the GDPR.

You likely noticed a huge amount of GDPR-related emails from companies earlier in 2018, letting you know that Privacy Policies and Terms and Conditions had been updated all over the place - like this one from Avira:

Some of these notices will give users the option to opt out of having their personal data collected, or at least tell them how to do so.

For example, here's a GDPR Privacy Notice that lets users either agree to allow cookies or make a number of edits and adjustments to cookie settings:

Some notices, as with repermission campaign emails (emails used to collect records of consent to email your users), give users the option to give consent for something (or not consent by not taking an action):

GDPR notices can be as basic as other update notices and simply let users know in a short sentence that a policy has been updated for the GDPR:

Always provide a link to the updated policy, a brief summary of what has been changed and how:

Examples of Update Notices

App Annie announced via email some changes to its Terms of Service and its Privacy Policy that reflect their new products and features. They wanted to make the agreements more "streamlined, readable, and descriptive" on how they provide their service to users.

In the email, App Annie mentioned when the updates would take effect and gave users the chance to opt out if they do not wish to be bound by the new terms. The notification itself wasn't lengthy, but App Annie provided links to the legal agreements that were about to be changed.

Contact information was placed at the end of the email for if a user wanted to contact the company for questions regarding the changes.

Twitter engaged in an informative campaign to get the word out about its new Terms of Service agreement.

As you can see from the screenshot below, Twitter notified users that the changes were made in light of a new feature that allows users to buy merchandise within Twitter:

Any users who accessed Twitter's Privacy Policy page would have seen this notification as well:

Twitter added new provisions in its legal agreement about the following:

• Users relationship with sellers and their responsibility as buyers
• That they will collect more information, including sensitive information such as credit card number and shipping address
• Why they will collect more information
• How they will collect information
• That they may share your information to corporate affiliates such as Vine and MoPub, a mobile-focused ad exchange. MoPub and Vine are both owned by Twitter.

Pinterest updated its Privacy Policy in part because of the new "Promoted Pins" which at the time were being tested with a small group of advertisers.

In order to target users on Pinterest with more accurate Promoted Pins, Pinterest had to track their users' activities online. This new functionality meant that their Privacy Policy had to be updated.

In the notification email, Pinterest notified users when the new Privacy Policy will take effect and how users can opt out if they wish to not have their activities tracked across the Internet.

When Bing Ads updated its Terms and Conditions agreement, the Bing Ads Support Team sent emails to all Bing Ads customers announcing these updates. The email included a summary of each major change of the legal agreements:

The email makes it clear that the Terms and Conditions agreement was updated. The email gives a summary of the changes, but also why the changes were needed:

• Better access to new Bing Ads offerings
• Reach more of Microsoft's audience
• Consolidated billing and payment
• Management of your account

Bitly updated its Privacy Policy and sent emails to all its members detailing why the change was needed and what the major changes were.

The new and updated Privacy Policy brought changes that could have affected users, so Bitly clarified each one:

• A clear explanation of data Bitly collects
• Assurance that the data is not linked to any Personally Identifiable Information
• How the anonymous data is shared
• The new Privacy Policy included a link to "Consume Choice" opt-out page

Summary

Privacy laws around the world, including the GDPR, require you to provide a Privacy Policy to your users. A Terms and Conditions agreement is optional, but highly recommended. Cookies Policies may be required if you fall under the EU Cookies Directive.

You need to inform your users whenever you make updates to your policies and legal agreements.

Do so through emails, website banners, mobile app pop-up windows and any other way that can get the message across successfully to your users. Don't forget to link your updated agreements to your update notice.