SCHEDULE NOW
CALL US
212-865-9848
Schedule Your Appointment
Home /Blogs/Does Your Business Need Terms of Service and a Privacy Policy?
October 28, 2022 | BusinessFrom the blog

Does Your Business Need Terms of Service and a Privacy Policy?

post image
Author(s)
Carlianna Dengel

Associate Attorney

 Ru Hochen

Associate Attorney

Visit most websites and you are likely to see in the page footer mention of a privacy policy and terms of service (also known as “terms and conditions,” “terms of use” or simply “terms”).  These statements may also appear when you are registering for an online account, accessing restricted content, purchasing goods or services online, or downloading software or apps.  Terms and privacy policies provide crucial information about the rights and obligations of the business provider and the site user.  Whether your business needs these policies and which specific clauses should be included will depend largely on the nature of your business.

TERMS AND CONDITIONS 

What Are Terms and Conditions, and Do You Need Them?

Terms and conditions describe what a user must agree to prior to entering into a transaction with the provider of the product or service.  Once a user has agreed to them, the terms establish a legally binding contract.  The terms often appear on a website or app in the form of a “click-wrap” agreement, where a user agrees by clicking a button.

Legally, a business is not required to provide terms and conditions on their website.  However, they are recommended because they allow companies to control the use of their products and services and minimize liability.  Additionally, courts have found click-wrap terms enforceable even when the user claims to have not read the terms.  Displaying these terms on your website in a clear, conspicuous manner would give you added protections.

What Should Be Included in Your Terms and Conditions?

Common provisions to consider adding to your terms and conditions are:

  • Restrictions on how the product/service may be used;
  • Consequences of unauthorized use (e.g., account suspension or termination, removal of user’s content, financial penalties, etc.);
  • Ownership of intellectual property;
  • Limitations of liability;
  • Governing law;
  • Dispute resolution mechanism.

The rest of the terms may vary depending on the type of business you operate.  For instance, an e-commerce business may consider adding payment and shipping terms as well as refund and cancellation policies.  For a social media site, the platform provider often includes terms about age restrictions and certain forbidden content or conduct to protect other users on the site.

PRIVACY POLICIES 

When Do You Need a Privacy Policy?

In the U.S., while currently there is no uniform federal law requiring a privacy policy for every single business, your business may very well be subject to several federal, state and international laws.  Generally, businesses that collect consumers’ personal information are required to provide notice, disclosing the types of personal information being collected and how that data will be used, stored, shared and protected.  A privacy policy serves that function and informs consumers about their rights to data and the business’s data collection practice.  It also helps companies establish a more transparent, trusting relationship with consumers and minimize potential liability in the event of security breaches.

What Should Be Included in a Privacy Policy? 

While there are no specifically required terms in a privacy policy, most privacy laws require that policies be written clearly and succinctly, since they are meant to provide adequate notice to consumers.  Policies must explain what specific information is being collected; why it is being collected; how it will be processed and used; what security measures are adopted; and how users can access it, opt out from data-sharing, or request certain data be deleted.

Other Compliance Considerations

As noted above, consumer privacy is regulated by a host of federal, state and even international laws.  There is no federal omnibus privacy law, but at the federal level, the Federal Trade Commission (FTC) protects consumers from unfair and deceptive trade practices.  As a result, privacy policies must not be false or misleading.  Failure to comply with your own privacy statement could lead to FTC enforcement actions against your company.  In addition, if you work in a specific industry or collect certain sensitive data, you should pay close attention to certain sector-specific or content-specific privacy laws.  For instance, any entity that collects information from children under 13 years old should be aware of certain consent requirements under the Children’s Online Privacy Protection Act (COPPA).  The federal government also sets forth stringent rules about the collection of sensitive health information under the Health Insurance Portability and Accountability Act (HIPAA).  Further, if your business regularly sends advertising or marketing emails to customers, be sure to include an “opt-out” or “unsubscribe” option as required by the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM).

At the state level, very few states have adopted fully-fledged privacy acts, but recently, California passed the California Consumer Privacy Act (CCPA).  The CCPA gives California residents the right to control how businesses use their personal information and mandates that entities meet certain privacy and security requirements.  Even if your company is not physically located in California, the CCPA may still apply if your company holds or collects private information of California residents, does business in the state, and meets a specific financial or data quantity threshold.  Since it may not be practical to refuse dealing with California residents to avoid the CCPA, many businesses follow California’s privacy law regardless of where they typically operate.  Following California’s lead, a privacy bill similar to the CCPA is pending in New York’s state legislature.

Businesses with data on residents of other countries may also have to comply with the laws of those countries.  The best known of these is the General Data Protection Regulation (GDPR) that protects the privacy of residents of the European Union.  Entities doing cross-border transactions with Chinese entities or residents should also be aware of China’s latest Personal Information Protection Law that largely mirrors the GDPR’s stringent requirements.

CONCLUSION

Anyone doing business online should consult an attorney about how to protect their rights and minimize their liability using terms of service and privacy policies.  Terms, like any contract, are often drafted or vetted by an attorney to ensure the company’s rights are protected and enforceable.  Privacy policies are subject to a wide array of privacy laws, so it is important to consult an attorney to ensure compliance.  Contact a member of our team for next steps.

[This blog post has been updated from a previous version, published October 13, 2021]

Carlianna Dengel is admitted to practice law in New York and California.

Photo by Thomas Lefebvre on Unsplash

Schedule an appointment for a case evaluation

This field is for validation purposes and should be left unchanged.

Related Articles

Oct 28, 2022 Business  |  Copyright  |  From the blog Are Ideas Protected by Copyright Law?
If you have a great idea for a new movie, television series or product and you want to pitch it to someone, how can you protect your idea from being stolen?  Similarly, if you receive an unsolicited idea from an acquaintance, do you have to pay them to use the idea? While the expression of
 
Intellectual Property Licensing and Assignments
Copyright Registrations and Terminations
Trademark Infringement
Copyright Infringement
Copyright Claims Board (CCB)
Account Stated Claims
Arbitration
Breach of Contract
Breach of Fiduciary Duty
Business Torts
Class Actions
Civil Litigation
Counterfeiting
Debt Collection
Defamation
Demand Letter
Digital Millennium Copyright Act (DMCA)
Fraud Claims
Fraudulent Conveyance in Bankruptcy
Freelancers
Insurance
Limited Liability Company (LLC) Disputes
Partnership Disputes
Preference Claims in Bankruptcy
Right of Publicity
Shareholder Disputes
Trademark Infringement Defense
Trade Libel
Trade Secrets
Unfair Competition
White-Collar Crimes
Age Discrimination
Defending Discrimination Claims
Defending Discrimination Claims in California
Disability Discrimination
Employment Agencies
Employee Handbooks
Employee Misclassification
Employment Law Mediation
EEOC Claims
Family Medical Leave Act
Hostile Work Environment
Independent Contractor Agreements
Non-Compete and Non-Solicitation Agreements in Employment Law
Offer Letters and Employment Agreements
Political Discrimination
Pregnancy Discrimination
Race Discrimination
Religious Discrimination
Separation and Severance Agreements
Sexual Harassment
Sexual Orientation and Gender Identity Discrimination
Union Grievances
Wage and Hour
Wrongful Termination
Adult Entertainment Films
Art Law
Comedy Law
eSports Law
Fashion Law
Film Financing
Intellectual Property Rights Clearance for Film and Television Productions
International Trademark: Madrid Protocol
Music Law
Podcast Collaborations
Production Counsel
Publishing
Talent Agency & Artist Management Contracts
Theatre Law
Trademark Registration
TV & Film Agreements
Social Media Influencers
Sports Law
Student-Athlete Name, Image & Likeness Rules
Blockchain Technologies & Digital Currencies
Business Agreements
Business Divorce
Cannabis Law
Contract Negotiation
Corporate Financing
Corporate Law
Data Privacy & Cybersecurity
E-Commerce
General Counsel
Insolvency
Internet Law
Legal Due Diligence
Mergers & Acquisitions
Non-Fungible Tokens (NFT)
Non-Profit Formation & Law
Privacy Policies and Terms and Conditions
Purchase & Sale of Business
SaaS Agreements
Secured Transactions
Small Business Law
Business Start-Up Law
Technology Law
Venture Capital
Share This