Conversations about data privacy policies and website terms of use have become more common in recent months. Large companies like Facebook, Expedia, and Dick’s Sporting Goods have been involved in litigation involving agreements that address these very issues. The questions on most business owners’ minds are “What are these agreements?” and “Do I need them on my website?” Privacy policies and terms of use serve different purposes, but both are essential for any business that engages with customers via a website.
What Is a Privacy Policy?
A privacy policy is an agreement that outlines how a company collects, stores, handles, and protects the personal information it collects from customers and visitors to its websites or mobile applications. It may also cover interactions that involve personal information collected off-line. Regardless of how you collect customer data, the privacy policy is where consumers curious about your company’s data practices and procedures should find answers to their questions.
What Are Terms of Use?
Terms of use, also known as terms and conditions or terms of service, are agreements between a website’s owner and its visitors about the rules and expectations for using the website. These agreements protect business owners by allowing them to clearly dictate how online activities on their site should be conducted. Terms may include age restrictions, intellectual property rights, permitted use provisions, and limitations of liability. For example, terms of use are often used to advise visitors that using material discovered on the site may constitute copyright infringement and is therefore prohibited.
Do I Need These Agreements?
In most instances, privacy policies focus on proper disclosures or practices, whereas terms of use address the permissions granted between the user and the website. Although there is no overarching legislation that requires these agreements, businesses operating websites or mobile applications should still have both a privacy policy and terms of use. If legal issues arise regarding your data collection, these are two key documents courts will look to as they seek to understand the nature of your relationship with your users.
Privacy policies are needed to comply with federal regulations and local laws regarding data protection. These laws apply to the vast majority of websites because most websites collect personal information. “Personal information” includes everything from users’ names and email addresses to their IP addresses and device types. In other words, data collection practices that do not overtly collect private data may still be collecting personal information from website visitors using technology. Additionally, laws like the recently enacted California Consumer Privacy Act broadly apply to business owners who collect data and profit by selling the data or using the data in their marketing. These types of laws signal a push for legislation requiring transparency from businesses, and noncompliance could result in costly fines from local governments or the Federal Trade Commission, the agency in charge of enforcing most consumer data protection compliance and empowered with the authority to seek civil monetary penalties for violations.
Terms of use are needed to define permissible and impermissible website activities by users. For instance, a user may claim to be unaware of having engaged in wrongful conduct that triggered a termination of the user’s website account or access. However, if the terms of use agreement states the website owner’s right to take such action, the owner has put users on notice of permissible behavior and supported its ability to terminate access when violations occur.
Natasha Singer and Mike Isaac, Facebook to Pay $550 Millionto Settle Facial Recognition Suit, N.Y. Times (Jan. 29, 2020), https://www.nytimes.com/2020/01/29/technology/facebook-privacy-lawsuit-earnings.html.
Brian Powers, How Expedia and other travel sites avoided a class action: What every travel site needs to know, PactSafe (July 30 2019), https://www.pactsafe.com/blog/how-expedia-and-other-travel-sites-avoided-a-class-action-what-every-travel-site-needs-to-know.
Jeffrey Neuburger, Browsewrap Agreement Held Unenforceable—Website Designers Take Note!, Proskauer (July 29, 2016), https://www.jdsupra.com/legalnews/browsewrap-agreement-held-unenforceable-84472/.
Comments