Disclaimer: The legal resources provided here are intended for educational and informational purposes only and should not take the place of hiring an attorney nor is it all-inclusive.
- Termageddon – Policies for your website that automatically update when the laws change
- Termly – Offers a full suite of compliance solutions, including a GDPR Cookie Consent Manager
- TermsFeed – Online policy generators and downloadable templates
- GetTerms.io – Offering basic and comprehensive policy packages
Privacy Policies, Copyright, GDPR, and Spam, Oh My!
Every website owner should know their website legal requirements under copyright law. Understanding the Digital Millennium Copyright Act is a good place to start. It’s the U.S. law enacted in 1998 that ensures international copyright standards are maintained for website copy and images. The copyright law generally limits the liability of a website owner for copyright infringement committed through any of its user-generated content, provided they respond quickly and as needed once notified to remove the content. And, of course, that you yourself and not using someone else’s copyrighted material on your website without explicit permission.
It’s important to include a copyright notice on all of your web pages, but that doesn’t mean that you need a specific page for your copyright. Something simple in the footer, “Copyright © 2015 yourwebsite.com” will suffice for most website owners. Websites that have a specific page about their copyright do so because the copyright is complicated, as in some of the material is owned by the site itself and some of it is owned by contributors.
Depending on where you are based or which customers you serve, you may also need to include information regarding your compliance with the CCPA (California Consumer Privacy Act), COPPA (Children’s Online Privacy Protection Act), and the CAN-SPAM Act. In addition, GDPR which we discuss later on in this post may impact your compliance requirements.
You’re probably aware of Can-Spam by now, but it’s worth being reminded that if you misuse any type of email marketing, you can be fined up to $16,000.00! We recommend using tools like Mailchimp, Aweber, MailerLite, Get Response, etc. to send out mass emails. These tools are designed to alert you of any spammy tactics you might inadvertently use. But it won’t catch everything. Make sure you’re in compliance with the Federal Trade Commission’s rules and regulations outlined in the CAN-SPAM Act: A Compliance Guide for Business. Getting permission from your leads before you email them is vitally important and not just because of the risk of an FTC fine. Permission-based marketing is a much better way of getting customers than spam tactics whether conscious or unconscious.
Minimize the risk of user-generated content
Additional steps and requirements may be needed if your website allows user-generated content. Preventing plagiarism may not be fully possible, but there are steps you can take to reduce the risk as a website owner. Start with clear and simple Terms and Conditions that are displayed prominently at the point where your visitors will be uploading their content. This is where you can cover your bases, and outline your website legal requirements. For instance, make sure the terms clearly forbid the use of any defamatory language in the content. You should also get users’ express consent of the right to display the content.
Disclosure pages are important from both a legal and ethical standpoint. If you run a website with an audience that relies on your expertise and advice, you must inform them whenever a conflict of interest arises. In fact, the Federal Trade Commission specifically requires you to disclose that information.
If you’re not sure whether you need a disclosure page, we’ve got your back. Let’s run through a few scenarios together:
- If you participate in affiliate marketing programs, then yes, you should include a disclosure.
- If you run contextual ads (such as Google Adsense) then you should also include a disclosure.
- If you receive compensation in any form for including anything on your website – a link, an image, an article, anything – then you should absolutely include a disclosure.
Additional eCommerce Considerations
If part of your website involves e-commerce (i.e. collecting payments for any reason), knowing the website legal requirements for selling online will help you not only save time and money but also any potential legal hassles. It’s important to have a solid understanding of consumer protection laws and e-commerce regulations in the United States. For instance, your contact details must be readily available for customers should they wish to reach you. Your prices and whether they include tax should be plainly stated. Your refund and cancellation policy must be clearly visible at the point of purchase.
Don’t forget about PCI DSS Compliance. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
GDPR (General Data Protection Regulation)
Have you noticed the increasing number of websites with the annoying cookie popup? You can thank GDPR for that!
The GDPR enacted in 2018 is a European Union data privacy law. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world. What this means in practice is that if you collect any personal data of people in the EU, you are required to comply with the GDPR. The data could be in the form of an email address, name, location, or the IP address tracked by analytics software.
So far (as of May 2019), the EU’s GDPR reach to US businesses has not been tested in court, but no doubt data protection authorities are exploring their options on a case-by-case basis. The folks behind GDPR have provided a complicated GDPR compliance checklist for US companies. Bottom line, it’s a new international law and there are still a lot of unknowns and questions surrounding the logistics of implementing GDPR best practices and the impact of GDPR on US companies.
A few WordPress plugins that support GDPR and paid Consent Management Providers are popping up. At this time, we have no experience with any of these consent management providers and cannot recommend one over another. If compliance is required for your business, please submit a request so we can explore your project requirements together.