Your terms and conditions and privacy policy are important documents for the legal compliance of your online business. For them to be legally enforceable, your users must first agree to them.
According to Google Safe Browsing policy, users must provide affirmative consent to have their information collected and used — or the collecting website could incur serious penalties. There are two ways that users can provide their consent: browsewrap and clickwrap. Both of these agreements present your site’s policies to users so that they are aware of the rules and regulations that you’ve structured for your website.
But many site owners are confused about — or completely unaware of — what these agreements actually are and what they do. So what’s the difference between these agreements, and how do you know which one is right for your website or mobile app?
We answer these questions and more below:
1. Browsewrap: What It Is and What You Need to Know
In a browsewrap agreement, the terms and conditions and privacy policy are included in a hyperlink on the website’s homepage, usually somewhere within the footer. By merely accessing and “browsing” a site, the browsewrap method assumes the user agrees to the site’s policies — even if they haven’t actually read the fine print themselves.
The fact that browsewrap agreements do not require the user to acknowledge them before using a website has caused both users and courts to question their legality.
Here are some recent examples of court cases that ruled against the enforceability of browsewrap agreements:
Vitacost.com, Inc. v. James McCants – In February 2017, a Florida appellate court declined to find a browsewrap agreement enforceable because, for most of the purchasing process, the link to the terms and conditions was at the very bottom of the page, where consumers wouldn’t have seen it had they not scrolled all the way down.
Long vs. Provide Commerce, Inc.– In this particular case, design elements came into play: a court declined to enforce a terms of use even though a hyperlink to the document appeared several times in the checkout flow.
The court reasoned that all the design elements, including font size, color, proximity to other links, and location on the page, failed to make the terms of use conspicuous enough to meet the requirement of notice.
Nguyen v. Barnes & Noble, Inc. – Kevin Khoa Nguyen purchased two Hewlett-Packard Touchpads during an online sale hosted by Barnes & Noble. He received a confirmation email for his purchase, but was informed the next day that, due to high demand, his order had been canceled.
Nguyen alleges that he was forced to purchase a more expensive product due to the delayed cancellation, so he filed a class action lawsuit, accusing Barnes & Noble of deceptive business practices and false advertising.
Barnes & Noble called for arbitration as stated in their terms of use, but this was denied by the district court, the underlying issue being that the company’s terms of use was placed in the bottom left-hand corner of their webpages. Nguyen argued he did not read, nor did he agree to the terms, so he could not be legally bound by them. The court sided with Nguyen.
Based on these examples, traditional browsewrap agreements, like the one below, are less likely to be upheld in a court of law:
How a Browsewrap Agreement Shouldn’t Look
In this example, iHerb places hyperlinks to their policies in the footer of their website. This is bad practice as it is not visible or necessarily easy to find for users.
If the links to your policies are not easily visible and accessible, users can make the argument that they had no knowledge of the site’s terms and policies in the event that a legal dispute should arise.
Here, iHerb states that just by accessing and using their website, users are agreeing that they have read and understood the terms. How can a user be bound to these terms if the agreement is not prominently placed on the website?
How a Browsewrap Agreement Should Look
Not all browsewrap agreements are unenforceable. If links to your terms of service agreement and privacy policy are conspicuously placed on your website so that they are easy to see and find, it’s possible your agreement will be upheld in courts.
One browsewrap best-practice is to include your policies in a banner that follows the user as they scroll the page.
Comedy Central does a great job of this:
Comedy Central’s browsewrap agreement notifies the user of their policies with a floating banner on the bottom of the page. To make it harder for visitors to argue that they did not notice Comedy Central’s policies, they’ve placed obvious, bright pink hyperlinks within the banner to their policies so that the user can clearly see them.
If done in this way, your browsewrap agreement will not look deceptive. The key is transparency: if your terms are buried at the bottom of a page so that users have to search for them, you’re not making a good case for your agreement in court.
Be safe and make sure your browsewrap agreement catches the user’s attention; you want users to acknowledge your terms immediately.
2. Clickwrap: What It Is and What You Need to Know
Clickwrap agreements are like gateways that stop the user from entering and using a site until they’ve acknowledged and/or accepted its terms and conditions and privacy policy. Unless the user agrees to the terms and policies — usually by manually clicking an “I Agree” checkbox — they cannot proceed to the site.
Forcing users to manually accept your terms in some way makes your policies more enforceable, which will strengthen your case if legal claims are made against you.
Here are some examples of court cases that have ruled in favor of the enforceability of clickwrap agreements:
Davis v. HSBC Bank Nevada, N.A – In this case, a customer sued after discovering there was an annual fee of $59 for a credit card. He’d originally applied because of a $25 reward certificate.The court reasoned that the annual fee would have been discoverable had he read the terms and conditions in the scrolling box menu before clicking “I Agree”.
Caspi v. Microsoft LLC – Caspi, along with other Microsoft customers, accused Microsoft of breach of contract and fraud regarding Microsoft’s online service. Microsoft filed a motion to dismiss, which was granted by the court.
Why? The plaintiff had to navigate through each page of Microsoft’s agreement, which required them to click “I Agree” before proceeding to each page. In short, they had the opportunity to read through the terms before accepting, binding them to the terms laid out by Microsoft.
A.V., et al. v. iParadigms LLC – iParadigms’ subsidiary company, Turnitin, evaluates written works from students to avoid plagiarism. Educational institutions require students to submit their work electronically to Turnitin, which then compares their work to other online content, works previously uploaded to Turnitin’s database, and to other journalistic and commercial databases.
In this court case, students that submitted their work first agreed to the website’s terms of use, and then wrote on their papers that they did not want their work to be archived. Turnitin archived their work anyways, so the students accused them of copyright infringement.
In the end, the court sided with iParadigms because their “online registration agreement, that contained a limitation of liability clause, was an enforceable contract and precluded the students’ copyright infringement suit against the defendant.”
For many webmasters and online businesses, clickwrap is becoming the preferred agreement because it’s upfront about presenting the user with the site’s legal policies.
Check out these excellent examples of clickwrap agreements:
On Jamie Oliver’s website, he provides links to his terms and conditions and privacy policy. Users are given the option to exit the popup. However, they are only granted limited access to the site by doing so, meaning they can only view the content.
By signing up to gain full access to the site, users must agree to terms and policies before they can proceed.
Dropbox forces the user to accept their terms before signing up for their platform. Otherwise, access to the full features of their website and app are barred. When presented in this way, users have no ground to stand on should they accuse Dropbox of being deceptive with its terms and policies.
3. The GDPR and its Effect on Your Legal Policies
The General Data Protection Regulation (GDPR) is the most comprehensive digital privacy law yet. Set to come into effect on May 25, 2018, the GDPR will affect any website — regardless of location — that offers advice, services, or collects data from citizens within the EU.
How will the GDPR affect my policies?
Under the GDPR, data collection is separated into two categories: “personal” and “sensitive personal”. Personal data is anything that can identify a natural person, such as:
- Name
- Photos, videos, or audio files
- Bank details
- Identification number
- Online identifiers (account numbers, PIN, IP address)
- Location data
- Pseudonymous data (key-coded data)
Sensitive personal data refers to the following:
- Racial / Ethnic origin
- Political opinions
- Religious / Philosophical beliefs
- Health
- Sex life and sexual orientation
- Genetic / Biometric data
If your website collects any of the above information, then you can no longer rely on “opt out” or implied consent agreements. In other words, if you collect personal data, then you must enforce stricter consent conditions by implementing an agreement that requires users to offer consent by opting in. This can be done through either a clickwrap modal or a browsewrap banner, as long as they have unticked checkboxes for users to click in agreement.
If you need help figuring out how to properly install consent mechanisms on your site, check out Termly’s cookie policy generator feature and see if it’s the right solution for you.
More about the author
Written by KJ Dearie
KJ Dearie is a product specialist and privacy consultant for Termly, where she advises small business owners on how to comply with the latest data privacy laws and trends. She's been published in Business News Daily, Omnisend, ITProToday, MarTechExec, and more. More about the author
