Registration forms are used in a number of places, such as lead generation landing pages, as well as sign-up pages, getting quotes for services, event sign-ups, membership forms, competition entries, and even patient information online for medical clinics.
As these forms have so many uses, they are very ubiquitous.
But many of these registration forms are missing one key thing: the legal agreements that users need to agree to are not linked through what is called the clickwrap method.
First, let's take a look at what clickwrap is, and why you might want to use it on your registration form.
First, what is clickwrap?
Clickwrap is a method of getting agreement to your legal agreement, where the user actually clicks a "I agree" or "I accept" check box in some way.
This is an example of clickwrap, as mentioned by FormAssembly:
Most websites don't use clickwrap. What most websites actually use is something else, called browsewrap.
Here's an example of what browsewrap looks like from BusinessWire:
A recent case looking at the browsewrap method in the US was the 2012 Zappos case.
The Court was not convinced and said that the customers did not have "actual or constructive knowledge" of the terms. The Court said:
Browsewrap is a method where the user is assumed to have agreed to a legal agreement by virtue of their browsing the website and clicking on the small links at the bottom of the web page. Many users don't even see these links, let alone click on them and read them. This is partly why browsewrap is not legally enforceable.
This means that clickwrap is the better choice in terms of making sure that you're covered legally.
Now that you know what clickwrap is, let's take a look at why you'd want to set up the clickwrap method for a legal agreement on your registration forms.
Why registration forms need clickwrap
In many jurisdictions, if you collect personal data, you must also notify your users that you are doing so, and let them know what purpose you are collecting their data for. This is why Privacy Policies are required by law.
Let's take a look at some of the different privacy laws in a couple of jurisdictions - the UK and EU, and the US - and why it's important to get consent from your users when they register on your website/mobile app.
In the UK and Europe, the Data Protection Directive and the Data Protection Act 1998 requires that several data collection principles must be followed when companies collect personal information of users in the EU.
These data collection principles are:
- Users must be notified when or before you collect their personal data. This can be done by setting up legal statements.
- Users' personal data should only be collected for the stated specific purposes
- Users' personal data collected should be relevant for the stated purpose
- Users' personal data should be accurate
- Users' personal data should not be kept longer than necessary or longer than stated in your agreement
- Security measures should be put in place to keep users' personal data secure
- Users' personal data must not be transferred to a country or territory outside the European Economic Area unless that country or territory also ensures an adequate level of protection for users' personal data
In a few months, the Data Protection Directive will be replaced by the General Data Protection Regulation (also known as GDPR), which will make some of these principles even more strict. The GDPR regulation will also apply to anyone collecting the data of EU citizens, not just businesses based in the EU.
In the US, there's no federal privacy law that applies generally to online data collection. There is, however, a Californian state law (the California Online Privacy Protection Act 2003) which applies to the data of California residents.
- What type of personal data/information is being collected from users
- How this collected personal data/information is (or may be) shared with other third parties
- The effective date of the agreement
- How can users review and update their collected personal data you have on them
If you're running a business that has international or users from the US, it's likely that some of your users will be from California, so it's important to consider whether or not you need to comply with CalOPPA.
Now that we've looked at what clickwrap is, and why you need it, let's briefly cover some of the key things you need to include when you set up this on your web forms, regardless if these web forms are used for registering users, logging users, and so on.
Tips to follow
First, when it's time to set up your web forms, make sure that to clearly hyperlink to your legal agreements that you want users to agree to.
A clear and visible link to these legal agreements is a requirement of the CalOPPA law and also has been noted by several courts to be an important factor in whether or not the clickwrap has been effective.
Next, ensure that your clickwrap checkbox is in close proximity to both the web form and the link to the legal agreements.
Here's an example of a checkbox that's in a great position on the Salesforce's free trial registration form:
You can see from Salesforce's example that the checkbox is right near the "Start free trial" button. Their checkbox also clearly states "I agree to the Master Subscription Agreement", and the "Master Subscription Agreement" words are hyperlinked in that text.
This is a clear example of a clickwrap that could be legally enforceable.
Registration forms are a common way of collecting user data, but they need to be more closely examined to ensure that they use clickwrap methods when linking legal agreements.