It is a good time to review your website and its accompanying terms and conditions and privacy policies. From year to year, the legal landscape evolves with changes being driven by technological advancements, shifting business models, regulatory activity, legislative attention, and judicial rulings. As such, website operators must be aware of the changes that impact their existing policies and practices and any resulting liability risks. This alert provides a brief summary of issues and recent legal events that may affect your website and governing policies.
- A recent California case makes it possible for any business that conducts business online to be sued in California court for failing to provide reasonable accommodations for disabled site users. This means that websites should incorporate accessibility solutions that allow impaired or disabled users to navigate the website or mobile application.
- New Jersey law prohibits the use of any contractual terms that (i) violate state law or any general responsibility of a seller of goods; (ii) waive any consumer rights; or (iii) include blanket savings clauses (e.g., “void where prohibited”). In addition to auditing your terms of sale, we advise that operators move all terms of sale for goods and services to a separate, standalone policy.
- The procedure employed to effect agreement to the terms is often subject to judicial scrutiny. Best practices involve the use of a so-called “click-wrap” procedure to ensure that users are bound to the published terms, which may include scroll-through functionality or hyperlinks, checkboxes (not pre-checked), redundant affirmations, and the look, feel, and proximity of material terms and disclaimers.
- Courts are less likely to enforce certain substantive terms such as choice of law, venue selection, and dispute resolution procedures such as mandatory arbitration. The indispensable requirements of contract formation – sufficient notice, assent, and consideration – will determine whether such terms are enforced.
- Sites that include interactive features and allow users to upload or post content should consider potential issues such as intellectual property infringement, libel and defamation, and rights of publicity. Any site that allows for the publication of user-generated content should be aware of the Digital Millennium Copyright Act Safe Harbor requirements along with newly proposed changes to Section 230 of the Communications Decency Act.
- It is always tempting to copy and paste terms from a third-party site. Still, operators should beware that while terms are not generally required by law, publishing false or deceptive terms, or misrepresenting your actual practices, may lead to unnecessary liability. Your terms should be specifically tailored to your practices and site users.
- Changes to your terms and policies may not be enforced unless the user is provided legally sufficient notice and then consents to the modified terms. To this end, best practices involve the utilization of a notification process (e.g., email, splash) plus an additional click-through procedure.
- Recent cases suggest that courts are more likely to enforce terms conveyed through plain language, presented using conspicuous text and formatting (e.g., bold, underlined) on uncluttered pages, and through pages optimized for mobile devices.
- Organizations should review their website and/or mobile application privacy policies and practices. States are adopting new privacy laws which could require revisions to privacy policies. In March 2021, Virginia adopted a new state privacy law. In November 2020, California voters approved a ballot initiative, the California Privacy Rights Act (“CPRA”), which significantly revises and expands the California Consumer Privacy Act of 2018. Organizations have until January 1, 2023, to come into compliance with both the new Virginia law and the CPRA and should consider taking steps to comply, when applicable, sooner rather than later. A number of other states also are considering new privacy legislation, which could require changes to privacy policies and related practices.
Kevin L. Coy is a partner in Arnall Golden Gregory LLP’s Washington D.C. office and co-chair of AGG’s Privacy practice. Kevin can be reached at email@example.com.
Matthew V. Wilson, Esq., partner at Arnall Golden Gregory LLP, is co-chair of the Entertainment and Sports team. Matt can be reached at firstname.lastname@example.org.