Privacy Policies and Terms and Conditions
Businesses that collect consumers’ personal information online are subject to a host of laws that require disclosure of what data is collected and how it is used. These rules vary and can cause confusion for websites, online service providers, and consumers. However, the trend in recent years is to impose stricter requirements as federal, state, and international governments face increasing consumer complaints about misleading business practices and privacy concerns.
Privacy policies explain how a company will use the information gathered from those who visit the company’s website. Generally, privacy policies disclose the types of personal information collected and how the data will be stored, shared, and protected. Policies are published on the website so that visitors can view them at any time.
Federal Consumer Protection Laws
Various federal laws protect consumers from privacy law violations in certain circumstances. In addition, the Federal Trade Commission can step in where privacy policies are misleading or false. Some of the laws that may apply include:
· Gramm-Leach-Bliley Act (GLB Act). Financial institutions must provide “clear, conspicuous and accurate statements” about what information they collect and how it is shared and protected.
· Health Insurance Portability and Accountability Act (HIPAA). This law requires that consumers receive written notice regarding the privacy practices of health care services, electronic and otherwise.
- Types of personal data collected
- How the data will be shared and with whom
- The purpose for collecting the data
- The process for opting out of data collection
- Data security measures
How Do Terms and Conditions Differ from Privacy Policies?
Terms and conditions, also known as terms of service, describe what a user must agree to prior to entering into a transaction with the provider of the product or service. Generally, a website’s terms and conditions page is a legally binding contract (otherwise known as a “click-wrap” agreement), which a user can accept with the click of a button. It is typically presented right before a person downloads an app or software or accesses a protected website.
Purpose of Terms and Conditions
The purpose of terms and conditions is to establish the business relationship between the user and the business. Businesses want to protect their products and services from unauthorized use, minimize disputes, and limit their liability resulting from problems users may have. Terms and conditions are distinct from privacy policies, although they may reference each other. It is important to have both because they serve different purposes. However, they are both similar in that companies may be held liable for any false or misleading representations or failing to abide by their own policies.
Information to Include in Terms and Conditions
The terms and conditions must be tailored to the business, but typical provisions include the following:
- Permitted uses of the information. This explains how users can use the product or services and the consequences of violations.
- Disclaimers and limitations of liability. The business will generally exclude or limit recovery for damages arising from use of the product or service.
Refund and cancellation policy. The rules governing these policies should be stated in detail.
Payment terms. How renewals and late payments will be handled should be specified.
- Access to information on a user’s other accounts or devices. The business must disclose if it needs to access the user’s social media accounts, contacts, or other personal information, and users must agree to this.
- Dispute resolution. In the event of a dispute, businesses could require the use of arbitration and specify which jurisdiction’s law applies and the choice of venue.
Why You Should Consult an Attorney?
Both privacy policies and terms and conditions must be uniquely tailored to the operations of the business. In the context of privacy policies, there are numerous laws that may apply depending on the nature of the business, what information is collected, and from whom and where the business operates. These rules are confusing, and the consequences of noncompliance can be significant. It is important for companies to make sure they comply with their own policies. Additionally, as companies change their business model or operations, or work with new third-parties or technology, their risks may change and thus it is important to discuss those issues with an attorney.
While terms and conditions are generally enforceable, they can be contested on various grounds, including fraud, unconscionability, and other issues that apply to unilateral non-negotiable form contracts.
To avoid liability relating to its privacy policies and terms and conditions, businesses should consult an attorney.
Looking for other Business Law services?