What Are Terms and Conditions, and Do You Need Them?
Terms and conditions describe what a user must agree to prior to entering into a transaction with the provider of the product or service. Once a user has agreed to them, the terms establish a legally binding contract. The terms often appear on a website or app in the form of a “click-wrap” agreement, where a user agrees by clicking a button.
Legally, a business is not required to provide terms and conditions on their website. However, they are recommended because they allow companies to control the use of their products and services and minimize liability. Additionally, courts have found click-wrap terms enforceable even when the user claims to have not read the terms. Displaying these terms on your website in a clear, conspicuous manner would give you added protections.
What Should Be Included in Your Terms and Conditions?
Common provisions to consider adding to your terms and conditions are:
The rest of the terms may vary depending on the type of business you operate. For instance, an e-commerce business may consider adding payment and shipping terms as well as refund and cancellation policies. For a social media site, the platform provider often includes terms about age restrictions and certain forbidden content or conduct to protect other users on the site.
Other Compliance Considerations
As noted above, consumer privacy is regulated by a host of federal, state and even international laws. There is no federal omnibus privacy law, but at the federal level, the Federal Trade Commission (FTC) protects consumers from unfair and deceptive trade practices. As a result, privacy policies must not be false or misleading. Failure to comply with your own privacy statement could lead to FTC enforcement actions against your company. In addition, if you work in a specific industry or collect certain sensitive data, you should pay close attention to certain sector-specific or content-specific privacy laws. For instance, any entity that collects information from children under 13 years old should be aware of certain consent requirements under the Children’s Online Privacy Protection Act (COPPA). The federal government also sets forth stringent rules about the collection of sensitive health information under the Health Insurance Portability and Accountability Act (HIPAA). Further, if your business regularly sends advertising or marketing emails to customers, be sure to include an “opt-out” or “unsubscribe” option as required by the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM).
At the state level, very few states have adopted fully-fledged privacy acts, but recently, California passed the California Consumer Privacy Act (CCPA). The CCPA gives California residents the right to control how businesses use their personal information and mandates that entities meet certain privacy and security requirements. Even if your company is not physically located in California, the CCPA may still apply if your company holds or collects private information of California residents, does business in the state, and meets a specific financial or data quantity threshold. Since it may not be practical to refuse dealing with California residents to avoid the CCPA, many businesses follow California’s privacy law regardless of where they typically operate. Following California’s lead, a privacy bill similar to the CCPA is pending in New York’s state legislature.
Businesses with data on residents of other countries may also have to comply with the laws of those countries. The best known of these is the General Data Protection Regulation (GDPR) that protects the privacy of residents of the European Union. Entities doing cross-border transactions with Chinese entities or residents should also be aware of China’s latest Personal Information Protection Law that largely mirrors the GDPR’s stringent requirements.
Anyone doing business online should consult an attorney about how to protect their rights and minimize their liability using terms of service and privacy policies. Terms, like any contract, are often drafted or vetted by an attorney to ensure the company’s rights are protected and enforceable. Privacy policies are subject to a wide array of privacy laws, so it is important to consult an attorney to ensure compliance. Contact a member of our team for next steps.
[This blog post has been updated from a previous version, published October 13, 2021]
Carlianna Dengel is admitted to practice law in New York and California.