Are your online privacy policies and terms of use enforceable?
Not many of us take time to read the terms of use or privacy policies of the websites and mobile applications we visit. However, these policies are often important tools for companies with an online presence, which nowadays is pretty much every company out there.
Website terms of use and privacy policies govern the relationship between the companies that own the sites and their end-users. Often, they include important disclosures on how information and data may be used and shared, contain restrictions on use of the sites, and protect companies from liability.
But are they enforceable? Unfortunately, the answer is: not always.
Types of online agreements
There are two common types of online agreements. The first is the “clickwrap” agreement. Clickwrap agreements present agreement terms to users, and users are then required to click on an “I agree” box before proceeding. The second is the “browsewrap” agreement. Browsewrap agreement terms are not actively presented to users but are linked somewhere on the website (usually at the bottom). Users consent to be bound by the terms of a browsewrap agreement through their conduct (e.g., by using the site). Website terms of use and privacy policies typically fall into the browsewrap category. These policies typically contain language such as this:
BY USING AND ACCESSING THIS WEBSITE, YOU ACKNOWLEDGE THAT THE SITE IS PROVIDED TO YOU SUBJECT TO THE TERMS OF THIS AGREEMENT AND YOU EXPRESSLY AGREE TO BE BOUND BY THE TERMS OF THIS AGREEMENT.
Unfortunately, however, many browsewrap agreements may not be enforceable. Courts have found these types of agreements to be unenforceable when users do not have notice of the agreements or their particular terms.
Barnes & Noble case
For example, this fall in Nguyen v. Barnes & Noble, the 9th Circuit Court of Appeals held that an arbitration clause in Barnes & Noble’s website terms of use was unenforceable because the website user, Kevin Nguyen, had no notice of the terms.
The court held that since users do not affirmatively assent to browsewrap agreements, their enforceability depends on whether the user has actual or constructive notice of the agreements. Nguyen did not click on the terms-of-use hyperlink and never read the terms. So the question became, would “a reasonably prudent user” have notice of the terms?
(Continued)
Whether a user should have notice of the terms depends on the design and content of the website and the agreement webpage. If the link to the terms is buried at the bottom of the page or hidden in an obscure location, it will not be enforceable. In contrast, if it is predominant, it is more likely to be legally binding. However, the court clearly stated in Nguyen that simply adding a conspicuous link to the terms of use within a user’s field of vision is not enough:
Where a website makes its terms of use available via a conspicuous hyperlink on every page of the website but otherwise provides no notice to users nor prompts them to take any affirmative action to demonstrate assent, even close proximity of the hyperlink to relevant buttons users must click on — without more — is insufficient to give rise to constructive notice.
The court further stated that the onus is on website owners to put users on notice of terms they want their customers/users to be bound by.
Best practices
In light of the evolving case law on this issue, it would serve companies well to take steps to ensure their privacy policies and website terms of use are enforceable. Some recommendations for doing so include:
- Provide clear and conspicuous notice of the policies. Do not bury them in small print at the bottom of the page.
- Make users scroll through and affirmatively consent to the policies by adding their initials or clicking “I Agree” (i.e., make the agreements clickwrap rather than browsewrap).
- If you do not want to turn the agreement into a clickwrap agreement, be sure there is very clear notice that the use of the site is subject to the terms of the agreements.
- While you are at it, take time to review your policies to ensure they are up to date and adequately reflect your company’s practices. This is especially important if you are using or selling customer data.
- If in doubt, contact your legal counsel.
Melinda Giftos is an attorney with the law firm of Whyte Hirschboeck Dudek, S.C., practicing in the areas of intellectual property and technology law. She can be reached at 608-234-6076 or mgiftos@whdlaw.com.
Click here to sign up for the free IB ezine — your twice-weekly resource for local business news, analysis, voices, and the names you need to know. If you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.
