Do I need a Terms of Service and Privacy Policy for the company’s website? These are two common questions startups ask when they’re building an online presence through their company’s website. Our friends at WilmerHale are providing some useful information about why your business needs these two essential online contracts.
A. Why do I need a Terms of Use for the company’s website?
Terms of Use of a website are a written contract between the company and the users of the company’s website. It governs the relationship between the website and the user. When drafted and implemented properly, it helps protect the company from legal claims that might arise from the operation of the website. More complex and customized Terms of Use will apply when the company provides products or services through its website.
B. What information should be contained in the company’s Terms of Use?
A company’s online Terms of Use is often a key aspect of the company’s interaction with its users or customers and should be drafted accordingly. The contents of the Terms of Use can vary widely depending ont he manner in which you and the public use the company’s website.
If the company is merely providing information to the public through its website, but not providing products or services, then the Terms of Use can be relatively simple. In that case, the Terms of Use should simply describe the permitted users and uses of the website, the rights of the company, and the user in various types of information exchanged through the website, certain prohibited activities, and other general terms. The Terms of Use should also address whether linking to the website is permitted and warn users that links to other sites may be provided, but those other sites are not under the company’s control and are governed by a separate Terms of Use of the separate site owner. Additionally, the Terms of Use may address whether framing or incorporation of the company’s website onto third party sites is permitted.
Additionally, whether users are submitting content to the site, or the site contains content distributed by third parties (including site developers, site owner employees and/or independent contractors), the Terms of Use should include terms necessary to comply with available “safe harbors” under U.S. federal law, particularly the Digital Millennium Copyright Act, which established specific processes (referred to as a “safe harbor”) which, if followed, enable website operators to reduce exposure to liability for copyright infringement arising from content provided by users of the website.
If the website is a portal through which the company provides products and services, such as Software as a Service, then the Terms of Use should be a far more customized services agreement that addresses the issues raised by the applicable products and services, and the company’s business model, in detail. In that case, the Terms of Use may be the primary contract between the company and its customers.
The manner in which you present the company’s Terms of Use to users is important for enforceability purposes. A simple link at the bottom of a webpage is common, but are less likely to be enforceable in some contests and jurisdictions. Where the Terms of Use establish critical protections for the company, particularly where the company provides products or services or receives user contributions through the site, you should consider implementing the Terms of Use as a click-through agreement with a process that ensures clear user awareness of the Terms of Use and a clear acceptance of those Terms of Use by the user.
C. Can I borrow the Terms of Use of other companies whose business is similar to mine?
It is a mistake to assume that all Terms of Use are the same. Do not take a “one size fits all” approach to drafting your Terms of Use. Terms of Use have many provisions that are similar across the Internet. However, your Terms of Use should be drafted to encompass the particular business needs of your company. It is a mistake to simply “cut and paste” terms from another site, even if that site seems to be similar to your website. Ideally, you should draft the company’s Terms of Use in conjunction with an attorney who has expertise in contract and Internet law.
D. What is a Privacy Policy and why do I need a Privacy Policy?
A Privacy Policy is a written document, typically made available through the company’s website, that tells the user how the company will collect and use their personal information. The Privacy Policy establishes the guidelines the company must follow when collecting and using information from users. When drafted properly, a Privacy Policy helps protect the company from claims that it has misused information or misled the user about the company’s collection or use of information.
E. What information should by Privacy Policy include?
Privacy Policies are fairly consistent across many websites, but they need to reflect the specifics of how your company will collect, use, and disclose personal information. As a result, you need to carefully consider your current and future plans when drafting the company’s Privacy Policy. The Privacy Policy should address not only the company’s current practices in collecting personal information, but also permit the activities that the company intends to engage in over time, as it is far simpler to start off with a proper Privacy Policy than to amend it later. The core functions of a Privacy Policy are to:
- explain the types of personal information the company collects through the website or the company’s services, and how the company collects that information;
- make clear that information submitted by users, which is viewable by third parties in the normal operation of the website, will not be protected;
- explain how the company will use the information submitted by users;
- explain to whom the company may disclose that information and for what purpose; and
- provide contact information to any users with questions about the Privacy Policy.
It is important to know, however, that privacy laws differ significantly from country to country. The European Union, for example, has adopted a very restrictive data protection directive that limits how sites may collect and use personal data and that requires use consent before a website can use cookies. So if your business or website operates in different countries, you will need to ensure that your Privacy Policy accounts for these different laws.
As the company changes over times, its Privacy Policy may need to be adapted to reflect the company’s growth. The Privacy Policy should mention when and where changes to the Privacy Policy will be posted, and you should check with counsel on whether the changes to your Privacy Policy require more significant notification and/or consent steps.
F. Can I borrow the Privacy Policy of other companies whose business is similar to mine?
Don’t assume that all Privacy Policies are the same. While there are many Privacy Policies on the Internet that have somewhat similar terms, your Privacy Policy should be drafted to reflect your specific business needs. You may find samples that offer a good starting point, but you likely cannot simply “cut and paste” and full Privacy Policy from another site, even if that site seems to be similar to your website.
Attorney Advertising. Prior results do not guarantee a similar outcome. Photos within are not of clients or firm personnel. © 2014 Wilmer Cutler Pickering Hale and Dorr LLP.