According to Google Safe Browsing policy, users must provide affirmative consent to have their information collected and used — or the collecting website could incur serious penalties. There are two ways that users can provide their consent: browsewrap and clickwrap. Both of these agreements present your site’s policies to users so that they are aware of the rules and regulations that you’ve structured for your website.
But many site owners are confused about — or completely unaware of — what these agreements actually are and what they do. So what’s the difference between these agreements, and how do you know which one is right for your website or mobile app?
We answer these questions and more below:
1. Browsewrap: What It Is and What You Need to Know
The fact that browsewrap agreements do not require the user to acknowledge them before using a website has caused both users and courts to question their legality.
Here are some recent examples of court cases that ruled against the enforceability of browsewrap agreements:
Vitacost.com, Inc. v. James McCants – In February 2017, a Florida appellate court declined to find a browsewrap agreement enforceable because, for most of the purchasing process, the link to the terms and conditions was at the very bottom of the page, where consumers wouldn’t have seen it had they not scrolled all the way down.
Nguyen v. Barnes & Noble, Inc. – Kevin Khoa Nguyen purchased two Hewlett-Packard Touchpads during an online sale hosted by Barnes & Noble. He received a confirmation email for his purchase, but was informed the next day that, due to high demand, his order had been canceled.
Nguyen alleges that he was forced to purchase a more expensive product due to the delayed cancellation, so he filed a class action lawsuit, accusing Barnes & Noble of deceptive business practices and false advertising.
Based on these examples, traditional browsewrap agreements, like the one below, are less likely to be upheld in a court of law:
How a Browsewrap Agreement Shouldn’t Look
In this example, iHerb places hyperlinks to their policies in the footer of their website. This is bad practice as it is not visible or necessarily easy to find for users.
If the links to your policies are not easily visible and accessible, users can make the argument that they had no knowledge of the site’s terms and policies in the event that a legal dispute should arise.
Here, iHerb states that just by accessing and using their website, users are agreeing that they have read and understood the terms. How can a user be bound to these terms if the agreement is not prominently placed on the website?
How a Browsewrap Agreement Should Look
One browsewrap best-practice is to include your policies in a banner that follows the user as they scroll the page.
Comedy Central does a great job of this:
Comedy Central’s browsewrap agreement notifies the user of their policies with a floating banner on the bottom of the page. To make it harder for visitors to argue that they did not notice Comedy Central’s policies, they’ve placed obvious, bright pink hyperlinks within the banner to their policies so that the user can clearly see them.
If done in this way, your browsewrap agreement will not look deceptive. The key is transparency: if your terms are buried at the bottom of a page so that users have to search for them, you’re not making a good case for your agreement in court.
Be safe and make sure your browsewrap agreement catches the user’s attention; you want users to acknowledge your terms immediately.
2. Clickwrap: What It Is and What You Need to Know
Forcing users to manually accept your terms in some way makes your policies more enforceable, which will strengthen your case if legal claims are made against you.
Here are some examples of court cases that have ruled in favor of the enforceability of clickwrap agreements:
Davis v. HSBC Bank Nevada, N.A – In this case, a customer sued after discovering there was an annual fee of $59 for a credit card. He’d originally applied because of a $25 reward certificate.The court reasoned that the annual fee would have been discoverable had he read the terms and conditions in the scrolling box menu before clicking “I Agree”.
Caspi v. Microsoft LLC – Caspi, along with other Microsoft customers, accused Microsoft of breach of contract and fraud regarding Microsoft’s online service. Microsoft filed a motion to dismiss, which was granted by the court.
Why? The plaintiff had to navigate through each page of Microsoft’s agreement, which required them to click “I Agree” before proceeding to each page. In short, they had the opportunity to read through the terms before accepting, binding them to the terms laid out by Microsoft.
A.V., et al. v. iParadigms LLC – iParadigms’ subsidiary company, Turnitin, evaluates written works from students to avoid plagiarism. Educational institutions require students to submit their work electronically to Turnitin, which then compares their work to other online content, works previously uploaded to Turnitin’s database, and to other journalistic and commercial databases.
In the end, the court sided with iParadigms because their “online registration agreement, that contained a limitation of liability clause, was an enforceable contract and precluded the students’ copyright infringement suit against the defendant.”
For many webmasters and online businesses, clickwrap is becoming the preferred agreement because it’s upfront about presenting the user with the site’s legal policies.
Check out these excellent examples of clickwrap agreements:
By signing up to gain full access to the site, users must agree to terms and policies before they can proceed.
Dropbox forces the user to accept their terms before signing up for their platform. Otherwise, access to the full features of their website and app are barred. When presented in this way, users have no ground to stand on should they accuse Dropbox of being deceptive with its terms and policies.
3. The GDPR and its Effect on Your Legal Policies
The General Data Protection Regulation (GDPR) is the most comprehensive digital privacy law yet. Set to come into effect on May 25, 2018, the GDPR will affect any website — regardless of location — that offers advice, services, or collects data from citizens within the EU.
How will the GDPR affect my policies?
Under the GDPR, data collection is separated into two categories: “personal” and “sensitive personal”. Personal data is anything that can identify a natural person, such as:
- Photos, videos, or audio files
- Bank details
- Identification number
- Online identifiers (account numbers, PIN, IP address)
- Location data
- Pseudonymous data (key-coded data)
Sensitive personal data refers to the following:
- Racial / Ethnic origin
- Political opinions
- Religious / Philosophical beliefs
- Sex life and sexual orientation
- Genetic / Biometric data
If your website collects any of the above information, then you can no longer rely on “opt out” or implied consent agreements. In other words, if you collect personal data, then you must enforce stricter consent conditions by implementing an agreement that requires users to offer consent by opting in. This can be done through either a clickwrap modal or a browsewrap banner, as long as they have unticked checkboxes for users to click in agreement.