Visitor Uploads

■ All visitors who upload material should accept submission agreements or accept such terms in the terms and conditions whereby the visitor accepts all liability for any infringement, misuse, claims, or issues otherwise associated with such upload.

■ Chat/discussion rooms disclaimers. The terms and conditions should prohibit unlawful, offensive, harassing, discriminatory, or other improper conduct. Tire terms and conditions should also give the website owner broad rights with respect to enforcing these prohibitions and restrictions.

■ The Digital Millennium Copyright Act (“DMCA”). Title II of the DMCA is entitled “Online Copyright Infringement Liability Limitation.” In brief, Title II provides virtually complete protection from damages resulting from copyright infringing material placed on or passed through a website by its users. A website must include:

  • - Terms and conditions of use for its users that permit the operator to terminate service if a user commits copyright infringement.
  • - Terms and conditions that do not interfere with any technical measures taken by the copyright owner to identify and/or protect its works.
  • - Identification of a designated agent to receive notification of potential copyright infringement. The designated agent should be identified on the appropriate filing with the U.S. Copyright Office.

Applicable Internet-Specific Laws

■ Spamming. If an e-mail address is used for the registration process and the website owner intends to use the e-mail addresses collected for any purpose other than sending the username and password to the visitor, it may run afoul of one or more state anti-spam laws. If additional uses are anticipated for the e-mail addresses, the visitor should be advised of such uses and afforded the opportunity to opt out of the mailings. Avoid sending unsolicited e-mail to visitors without their permission.

■ Sales. Does the website sell products and collect taxes in states with a nexus to the site operator, such as states with a physical presence?

■ Advertising. Is the website compliant with the Federal Trade Commission’s rules regarding bait and switch, catalogs, childrens advertising, comparative ads, contests and sweepstakes, credit, disclosures and disclaimers, endorsements and testimonials, food ads, franchises and business opportunities, free claims, guarantees, Internet advertising, leasing, mail order advertising, pricing, and rainchecks?

■ COPPA. The Child Online Privacy Protection Act (COPPA) applies to commercial websites or online services (i) directed to children under the age of 13 that collect personal information from children or (ii) that operate general audience websites and have actual knowledge that they collect personal information from children, including hobbies, interests, and information collected through the use of cookies or other types of online tracking mechanisms—whenever such information is associated with a particular child. If COPPA applies to a site, it spells out what the operator of the site must include in a privacy policy, when and how to seek verifiable consent from a parent, and what responsibilities the operator has to protect children’s privacy and safety online. Complying with the requirements of COPPA can be costly and time-consuming. The Federal Trade Commission (FTC) has created an excellent guide for website operators to assist them in complying with the requirements of COPPA: How to Comply with the Children’s Online Privacy Protection Rule. It is available on the FTC’s website at

Terms and Conditions

■ Terms and conditions should be accessible from the home page and accessible via a “Terms and Conditions” link. Generally, the terms and conditions will also link with the privacy policy.

■ Enforceability of the terms and conditions generally depends upon whether the visitor to a site has seen the terms and conditions. Generally, there are four methods to indicate a visitor’s assent to the terms and conditions:

  • - Required online registration. Make sure visitors go through a registration process where they are required to view the terms and conditions before clicking on an “I accept” or “I reject” box to indicate that they have reviewed the terms and conditions.
  • - Prominent notice and required acceptance. When a visitor first lands on the page, in order to access the site, a link to the terms and conditions is provided and the visitor is asked to click on an “I accept” or “I reject” link to access the content.
  • - Prominent notice. The first page of the site has prominent language regarding the terms and conditions (with a hyperlink to the actual contract language), and acceptance is implied through conduct. The relevant language could be: “USE OF THIS WEBSITE IS SUBJECT TO CERTAIN TERMSAND CONDITIONS. YOUR CONTINUED USE OF THIS SITE INDICATES YOUR ACCEPTANCE OF THOSE TERMS AND CONDITIONS.”
  • - Basic notice. A hyperlink to the terms and conditions is included at the bottom of the first page of the website: “Click here for Terms and Conditions.” However, some courts have found this type of basic notice insufficient to form a binding agreement with website visitors. Although this method is very popular and found on many of the most frequently visited websites, it is the least likely to be found enforceable, because there is no evidence that the visitor agreed to the terms and conditions or even read them.

■ Every time there is a change to the legal notices, the date of such change should be recorded and copies of prior posted versions should be retained for at least six years.

■ The terms and conditions should specify the applicable law and venue for disputes related to the website.

■ The terms and conditions should contain an arbitration clause requiring a visitor to seek binding arbitration to settle disputes.

Data Security and Privacy

■ Is there a privacy policy? Some states, for example, California, now require websites to have a posted privacy policy.

■ The privacy policy should be accessible from the homepage and accessible via a “privacy policy” link. Generally, the privacy policy will also link with the terms and conditions.

■ Is the privacy policy strictly followed and do the employees know and understand it?

■ Is it appropriate to obtain third-party online privacy certification?

■ Is there an agreement with the website hosting provider regarding the use and protection of the website’s visitor’s information?

■ Does the website use appropriate firewall technology?


■ Does the website owner have the proper insurance based upon the online activities of the website? Consider insurance coverage for:

  • - intellectual property infringement
  • - invasion of privacy
  • - defamation
  • - breach of personally identifiable information, protected health information, or personal financial information

■ Misuse of information by site or employee

General Considerations

■ Keep accurate records of modifications and amendments to the terms and conditions and privacy policy.

■ Although use of a copyright notice is no longer required under U.S. law, its use provides the copyright owner with a number of benefits (e.g., avoiding claims of innocent infringement). The copyright notice should be placed on the website such that it gives reasonable notice of the claim of copyright. This notice should be visible to an ordinary user of the site under normal conditions of use and should not be concealed from view upon reasonable examination.

■ Websites, even simple ones, are a complex amalgamation of content and programming. One of the key questions every business should ask is “can I take this website elsewhere?” The problem is that the website may have been developed by one vendor, hosted by another, and contain third-party content and programming from dozens of other licensors and vendors. If the business decides to move the website to another host or, potentially, host the website on its own internal servers, does the business have all rights necessary to do that? Tire answer can be incredibly complex. Every business should ask that question now and do an audit of its website to determine whether it has all necessary rights or not.


Developing a website requires significant consideration of the background risks and potential liabilities associated with participating in the Internet community. By asking the questions outlined in this chapter, a company is in the best position to evaluate its own site’s potential for development, inherent risks, and potential conflicts with regulations and governance for the Internet.

< Prev   CONTENTS   Source   Next >