How Not to Do Website Terms of Use

Client: Hi Paul, we need website terms of use and a privacy policy. We want to save money, so we’ve copied the terms of use and privacy policy for XYZ company, which has a similar product. Please review it for us so we can post it when we launch next week.

Me: [facepalm repeatedly]

This is the classic and all-too-common scenario, and it’s completely the wrong way for a startup to do their website terms of use and privacy policy. First, it’s blatant copyright infringement. Just swapping out your company name for their company name isn’t exactly going to fool anyone.

Second, just because XYZ has a similar product, or operates in roughly the same space, doesn’t mean that they operate exactly how you operate in every single respect. Nor does it mean that their policies and practices will suit your tastes. So unless you plan on copying all of XYZ’s internal policies and practices and operating procedures, much of what is in that terms of use and privacy policy simply won’t be an accurate reflection of your company.

Third, who’s to say that the terms of use or privacy policy that you copied from someone else’s website is any good? It could be a hot mess. They could have copied their terms of use from some company that’s completely unrelated in every way.

As the CEO of a startup, your job is much bigger than just writing software code. You have to run the company. That means putting the time into things like what will go into your terms of use, and developing information collection and handling practices that are accurately reflected in your privacy policy. You have to be intentional about this. When you just send me a terms of use that you copied from someone else, I’m going to push back, and ask you to describe your business model and practices. If you can’t do that, it tells me you haven’t put the time into it yet.

This is an important process, and you cut corners at your risk, and the risk of your investors. Terms of use, if done right, form a binding contract between your company and its customers, a contract that favors you and puts your company in a strong position. Done poorly, and you’re litigating with a customer in a court in Fairbanks, Alaska in February. Privacy policies are increasingly important as states like California, with 38 million residents, pass more and more restrictions on how you can collect and use customer data. You don’t just face the risk of class-action lawsuits, you also have to worry about FTC investigations and fines. Spending your time and money to do things right from the start will save you money, time, and headaches down the road.


Copyright Office To Require Online Registration of DMCA Agents

If you have a website with any user-generated content, you want to take full advantage of the protection provided by the Digital Millenium Copyright Act (DMCA). This has two components. The first is posting (and following) a takedown policy for potentially infringing content in your terms of use. The second, often-overlooked, component is registering an agent with the US Copyright Office. The agent is the person designated to receive notices of claimed infringement. If you fail to do both, you lose the benefits of the safe-harbor protection under the DMCA. In the past, registering an agent required filing a paper form and paying a fee of at least $105, plus $35 for each group of 10 additional names (such as alternate domain names). This process is about to get a lot easier, and less expensive too.

Starting December 1, 2016, you will be able to register an agent online, bringing the Copyright Office into the late 20th century. Even better, the registration fee will be $6, and there will be no additional fee for alternate names. This online registration process, and the lower fee, will make it easier to keep your registrations up-to-date – for example, if your designated agent was an employee and that employee quits. There are two catches, however. The first catch is that you will have to renew your agent listing every 3 years. That’s designed to ensure that the listings are current and accurate. The second catch is that the Copyright Office will be phasing out the current directory, populated by paper filings, by the end of next year. Every company that has already registered an agent will need to update their registration with a new online filing, which must be done by December 31, 2017.

So I strongly recommend that you mark your calendar for the first week of next month, to update your existing registration with an online filing. If you let it go, thinking that you have plenty of time, you will likely forget to take care of it. And if you haven’t registered an agent, I strongly recommend that you do so in early December. As I mentioned above, it is an essential element of insulating you from claims of copyright infringement.

Website Protection from Copyright Infringement Claims

shortcuttingIf you operate a website, you may have to worry about copyright infringement claims. This is particularly true if you have a blog, or if you allow visitors to post photographs, music clips, videos, or written content. The visitors may be posting content that infringes on someone’s copyright, and you don’t want to be responsible.

Fortunately, the Digital Millenium Copyright Act (DMCA) helps website owners insulate themselves from copyright infringement claims. There are two steps to this process, and both are equally important and essential. Unfortunately, too many website owners focus on the first step, and overlook the second. Without both, the website owner has no protection under the DMCA from copyright infringement claims.

The first requirement is that your website terms of service should have a process for people to notify you of potential copyright infringement claims. This is typically called a “takedown notice.” The notice informs you that there is material on your website that may infringe a copyright, and has to conform to specific requirements outlined in the DMCA. Your process must cover taking down or disabling access to the potentially infringing material, and giving the person who posted it an opportunity to challenge the takedown notice. That’s the first part of insulating yourself from copyright infringement claims.

The second part, which is often overlooked, is registering an “online agent” with the US Copyright Office. The online agent is a person designated to receive notices of potential copyright infringement. You go to this page at the website, where you can download, print out and mail in what’s called an “Interim Designation of Agent to Receive Notification of Claimed Infringement” form. On the form, you list the full legal name of your company. There is a base fee of $105 that covers that one name. Then you can list additional names under which you are doing business. For example, here you would list your website address, or if you operate more than one website, all your website addresses. For each group of 10 or fewer, there’s an additional fee of $35. So if you have a corporation, and you run one website, you would list your corporate name, and the website address, and pay a fee of $140. When choosing your designated agent to list on the form, you want to pick someone who you know is going to be in that role for an extended period of time, because you must pay additional fees to change your designated agent.

By following both of those two steps, website operators can take advantage of the protections from copyright infringement claims provided by the DMCA.
Follow me on Twitter

Don’t Forget Your Terms of Service

General Mills’ recent mess has focused a lot of attention on website terms of use. General Mills revised its website terms of use to take away many legal rights of its website users. For example, if you were so impudent as to download a Cheerios coupon, you would be forfeiting your right to sue if that box of Cheerios exploded in your hands and blew your head off.  When the negative publicity exploded, a chastened General Mills was forced to back down.

If your business has a website, and particularly if you have an interactive website, you need terms of service. Terms of service may be the stuff nobody ever reads when they visit a website, but they can be pretty important. Essentially, terms of service are a contract between your business and visitors to the website, governing the relationship between your company and users of your website.    

The manner in which you present your TOS to visitors will play a big role in how binding and enforceable they are. They are most likely to be enforceable if the TOS appear prominently anytime someone visits the website, state that they are a binding and enforceable contract between the website operator and the visitor, and require the visitor to click on a box that says “I Accept” or “I Agree.” A step or two below that is to have a prominent statement that use of the website is governed by the TOS, with a link to the actual TOS. Having a pop-up TOS is not a very effective method, because many users configure browsers to block pop-ups, or they are highly conditioned to ignore pop-ups. It is also relatively weak to merely have a link somewhere to the TOS, labeled as such. You should phrase the TOS in plain language that the average person can understand, rather than using impenetrable legalese.

If you are going to follow the method where someone clicks a box indicating their acceptance of the TOS, it is important to have a means of recording that acceptance and archiving it. If there is a dispute later, you will then be able to show that the user actively consented to the TOS.

The list of items that should be included in your TOS is pretty lengthy, but here are some key items:

A very clear statement that the TOS are a contract, and that the user is agreeing to the TOS by visiting the website. Also, make sure to mention that the TOS may be updated from time to time, and the latest version of the TOS will govern.

You’ll want to prohibit any kind of access to the website, automated or otherwise, for anti-competitive purposes. For example, you don’t want your competitor to “scrape” data from your website.

There should be a choice of law provision, stating which jurisdiction’s laws apply. If you have several locations, or if your servers are located in another state, you should review each state’s laws to see which will provide the best protection.

Include a statement that the user consents to electronic communication.

Include a provision that the user is responsible for safeguarding his username and password, if any, and that you will not be liable for any loss suffered because of his failure to do so.

Many websites allow users to upload user-generated content, so you will want to explicitly ban any kind of abusive, harassing, threatening, illegal, or objectionable content. You also want to reserve the right to unilaterally remove any such offensive content, and to disable the user’s access if they violate your TOS.

Also keep in mind that the European Union has very strict laws regarding website privacy and consent issues. If your website requires user registration, you should include a mechanism for determining the user’s location and enable more stringent consent procedures to comply with applicable laws in Europe.

Finally, make sure to include provisions relating to the Digital Millenium Copyright Act (DMCA) in the TOS. The DMCA provides a safe-harbor from copyright infringement for website operators, so long as there is a process where a copyright owner can complain of infringement. The website operator is then obligated to take down the material in question, to avoid being considered a co-infringer. The website operator must post a DMCA policy, act on takedown requests, terminate the accounts of repeat offenders, and register a DMCA agent with the US Copyright Office. The DMCA agent is required to receive and promptly act upon takedown requests. Having a DMCA policy and procedure is crucial for websites where users may upload videos, music clips, or blog posts.

This might seem like a hassle that isn’t really mission-critical, especially if your startup is lean and everyone is focusing on getting your product up and running. Visit some major websites, however, like Google, Yahoo, Facebook, Twitter, Microsoft, and Apple. They all have terms of service. It may indeed be a hassle, but having effective and clear TOS will end up protecting you in the long run.

UPDATED: You also should consider including a term that the visitor to your website agrees not to post negative or disparaging reviews or comments regarding your company, especially if you are selling some product or service. This is a relatively new trend, and as far as I know, these clauses haven’t been fully reviewed by any courts. But given the importance of review sites and the harm that negative reviews can inflict, it is certainly worth considering.

Follow me on Twitter @PaulHSpitz