Some rights reserved by ivanpw

Eleven Steps to Making Your Website Legally Compliant

 

Many businesses and organisations are unaware of the complex rules that apply to their websites. We have set out below common areas of non-compliance and explained what you can do to ensure your website is not breaking the law.

Domain Name

Be certain the right person is the registered owner of your domain name e.g. your company. If it is in the name of an employee, there can be problems if he or she leaves the company's employ.

If your website is high profile or successful, it may become the target of attack by hackers or those seeking to gain a financial benefit from the name or goodwill of your organisation. For instance, if you receive payments through your website, there is nothing to stop someone setting up a ‘spoof‘ or fake website and diverting payments away from people who think they are dealing with your website when in fact their funds are going to the fraudster’s, which could result in large financial losses.

To prevent this type of attack, your company can register a trade mark similar or identical to its website’s domain name. Third parties cannot then easily acquire and use the trademark or a similar name for a similar purpose with impunity and recovering should be straightforward. Likewise, make sure your domain name doesn't infringe a third party's registered trade mark in any part of the world where your website can be viewed.  

Website Content

If your website is developed by one or more of your employees in the course of their employment, the copyright will normally belong to the employer. If the website is developed by a third party, make sure

it assigns copyright under the development contract, otherwise you may have only a right to use it, and not to license or assign the rights or sue infringers for copying it.  To assist in enforcement, make sure you put a copyright notice in a prominent place on the website (e.g. © 2015 Your Company Name).

It is an infringement of copyright to put extracts of other people's copyright works on a website unless you can claim a "fair dealing" exception in the UK which, for these purposes, only covers reporting current events.  "Thumbnails" of third parties' photographs will infringe their copyright.  Lifting standard terms from a third party site can also infringe copyright.

Apart from ensuring that your site does not infringe third party rights, such as copyright, designs or trade marks, it is important to ensure that any material you put on the site is not otherwise illegal e.g. defamatory of someone, even if the content was supplied by a third party. You will remain liable for it unless you take it down as soon as you are put on notice of its existence.

Some rights reserved by Paul Stevenson

Some rights reserved by Mike Seyfang

Some rights reserved by jk5854

Disability Discrimination Compliance

Since the passing of the Disability Discrimination Act 1995 (now part of the Equality Act 2010), website owners, broadcasters and others who provide services to the public have been under a duty to ensure their sites and services are user-friendly for those with visual impairment and other disabilities.  Although there are no clear guidelines as to what "accessible" means as far as a website is concerned, it is advisable to comply with the lowest level of conformance with the guidelines issued by the World Wide Web Consortium (W3C), which would include the following: 

making a button available which increases the size of the text

ensuring that information conveyed in colour is available without colour

ensuring that the combination of background and foreground colours are sufficiently contrasted so as to be readable by someone with a visual impairment

making all elements of programming compatible with software which assists in the interpretation of websites, such as speech synthesis or Braille

for every non-text element on a site, making available a text-equivalent version

allowing the user to turn off any blinking, automatically updating, scrolling or moving objects

There are various software tools available for checking how compliant your site is.

Formation of Contract

If you supply goods or services through your site, you should ensure that your customers agree to a standard set of terms of supply. Where customers can enter into a contract through your website, you

must include clear details of: 

the technical steps to follow in order to conclude a contract

the means of correcting errors in the order

the language of the contract

any applicable code of conduct

The customer must be able to access the terms and conditions and store and reproduce them.  The supplier must

acknowledge receipt of the order without undue delay by electronic means.

Terms and Conditions of Use

If your site involves any degree of interactivity, you should consider including suitable terms of use. These should be in a prominent position.  Much of what is contained in standard terms of use involves an attempt to limit liability and such attempts are regulated by English law, particularly where consumers are concerned, which can result in certain terms being held to be illegal by the Office of Fair Trading if a consumer makes a complaint.  Terms of use should always state the applicable law to which they are subject, but note that it may not be possible to prevent consumers suing in their own countries.

Some rights reserved by sfloptometry

Some rights reserved by Purple Slog

Display of Mandatory Information

Under the Electronic Commerce (EC Directive) Regulations 2000, you must display certain information on your company’s website including: 

the full name and address of the business or other person who is the website owner (a domain name is not sufficient)

email and other contact details (a ‘contact form’ is not sufficient)

if a company, the company’s registration number

if the company is subject to an authorisation scheme, particulars of the relevant supervisory authority, e.g. the Financial Conduct Authority

if applicable, as a member of a regulated profession, your member state, professional title, details of your professional body and relevant professional rules

if applicable, your VAT number (even if the website is not being used for e-commerce transactions)

the cost of goods or services displayed on the website must be apparent and clearly state whether it is exclusive of tax and delivery costs

Consumer Contracts Regulations

Where the website involves the sale of goods or supply of services to consumers through the site, you must comply with the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013, which include a number of detailed requirements concerning:

the provision of information to the consumer

the statutory right of cancellation within fourteen days

the requirement to supply the goods or services within thirty days

the requirement to obtain active consent from the consumer for all payments (no pre-ticking of boxes)

the requirement to inform the consumer, pre-contract, of all costs

the restriction on enforcing cancellation charges on the consumer

the requirement to provide a telephone line for consumers at no more than basic rate (no premium rate telephone lines)

For further information on these Regulations, please see our Guidance Note.

Privacy Policy

If the website collects personal information from individuals, you should include a privacy policy in order to comply with the Data Protection Act 1998.  In general terms, you must indicate the use you will make of any personal data and obtain consent for its use, particularly if you wish to use the details for direct marketing. The privacy policy should contain details of: 

who controls of the data

how the data will be used

to whom the information will be transmitted

whether the information is likely to leave the European Economic Area (or EEA)

Some rights reserved by Sebastien Wiertz

the means of gathering information, including use of cookies (see also ‘Use of Cookies’, below)

"Sensitive Data" (e.g. about a person's health or sexual orientation) must only be collected if explicit consent to its use has been obtained from the data subject.  There must be a statement making clear that all subjects have a right to see the information held and there should be an opt-out box providing an opportunity to decline consent for the collection of information.  

Cookies

As a result of the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, a website operator must not store information or gain access to information stored in the computer (or other web-enabled device) of a user unless the user “is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information” and “has given his or her consent”. 

How you go about obtaining the consent of users is ultimately your choice.  Many organisations now use so-called ‘pop-ups’ or bars to obtain such consent (see, for example, the Information Commissioner (or ICO’s) website at www.ico.gov.uk), so that it is sufficiently clear that consent has been given by encouraging the user to click ‘Yes’ or ‘No’, rather than simply referring the user to terms relating to cookies in a privacy policy, which may be hard for the user to find.  Failure to obtain sufficient consent could create problems with the ICO if a complaint were made.

This area is technically complex and we suggest you read the ICO’s   guidance note in detail in order to ensure compliance.

Online Advertising

There is no one source to go to for all rules relating to online advertising. The British Code of Advertising, Sales Promotion and Direct Marketing (otherwise known as the ‘CAP Code’) is enforced and administered by an independent body called the Advertising Standards Authority (ASA). When preparing an online advertisement, you should refer to the rules set out in the CAP Code. The key principles that online marketers should always bear in mind is that all marketing communications on

the web or elsewhere should:

be "legal, decent, honest and truthful" and not include anything that is likely to cause offence, for instance, on the grounds of race, religion, sex, sexual orientation or disability

not be misleading. You need to ensure that all claims in adverts are accurate, unambiguous and can be substantiated 

be prepared with a sense of responsibility to consumers and society

respect the principles of fair competition generally accepted by business

not bring advertising into disrepute 

The CAP Code is not a statutory code, but anyone can complain to the ASA about non-compliance, from which the ASA can adjudicate a decision.  The biggest incentive for organisations to comply with the CAP Code is that the publication of its decisions may lead to adverse publicity. The ASA can also require that all of an organisation’s adverts must be vetted in the future before publication.

Some rights reserved by Creative Tools

Some rights reserved by ePublicist

Processing Payments

Where online payments or donations are being taken, the payment processor must be ‘PCI compliant’ if taking card payments (a set of standards created by the Payment Card Industry, a conglomeration of several credit card companies).  Failure to do so can result in large fines and removal of merchant status, meaning that you will no longer be able to take card payments from customers until the processor (whether it is your organisation or a third party) meets the PCI standards of compliance.

Brian Miller is a solicitor and partner and Lauren Mitchum a trainee solicitor at Stone King LLP, providing specialist advice in the fields of intellectual property, IT, data protection and commercial law.

If you would like further information about the Regulations or if you have any concerns or queries in relation to them, please contact Brian.

Disclaimer: This article may not be reproduced without the prior written permission of the author. This article reflects the current law and practice. It is general in nature, and does not purport in any way to be comprehensive or a substitute for specialist legal advice in individual circumstances.

 Some rights reserved by Sean MacEntee