When it comes to news articles, blog posts, and product pages, comments and reviews are becoming as interesting and read-over as the original content. The question many businesses are asking is, should visitor comments be considered as user-generated content in a legal sense?
The answer is yes.
Even the simplest of user comments is classified as original user-generated content and so should be treated as the intellectual property of the user.
So what does that imply in a business and legal sense for you?
This recent article on the New York Times has 165 comments. The comment section has become a forum for citizens to voice their opinions and be heard.
User-Generated Content: The Basics
User-generated content (UGC) is any content that is created by the users of a website, mobile app, or other online service and appears publicly on that platform.
This can include a wide variety of material, such as:
- Comments
- Reviews
- Social media posts
- Photos
- Blog posts
- News or other articles
- Original stories or opinions
- Music compilations
- Videos
- Game characters
This is by no means an exhaustive list. The types of UCG are almost as endless as the types of internet services that exist. The point is, these should all be considered intellectual property by any online entity that publishes them.
Comments may seem much simpler than an original musical compilation, but they must be treated the same way in a legal sense. Since this form of expression is common to most Wordpress sites and blog platforms like Blogger and Wix, the idea applies to many, if not most, websites.
If yours is one of many online businesses that allows user comments or reviews, then there are a few steps you should take to limit your legal liability. The first step is to require users to accept your Terms and Conditions and Privacy Policy.
Terms and Conditions
When it comes to UGC, intellectual property and legal liability, a meticulous Terms and Conditions (T&C) agreement is an absolute must for any online business. While the T&C may contain broad topics for your general business, there are several specific clauses to include if your company deals with UGC:
1. Proprietary Rights Clause
Since comments and reviews are technically considered the intellectual property of the user who created them, it is important to reiterate your own rights regarding content posted to your website or mobile app.
This can be accomplished with a statement that reminds users of your license to reproduce, modify, adapt, and publish any content that is created on or distributed through your website.
Here is an example of such a clause from Automattic, the company that owns WordPress:
In this example you can see the wording that Wordpress uses:
"By submitting content, you grant a world-wide, royalty-free, and non-exclusive license to Automattic."
This is important in establishing an agreement with users as to your license regarding UGC on your site.
Instagram's Proprietary Rights clause says much the same thing in simpler, more concise terminology:
2. Acceptable Use Policy or User Conduct Clause
Different businesses have different names for this topic, but there must be some regulation in place regarding the kinds of content you will and will not allow.
Here are some of the behaviors that most businesses regulate or prohibit:
- Harassing or bullying
- Explicit or objectionable content
- Hate speech
- Encouragement of violent or illegal activities
- Child endangerment
Firstly, you should list out the types of content you will not allow.
StackCommerce, the parent company of the popular blog Mashable, posts the following list of prohibited content:
Following this list, it is advisable to include a paragraph that outlines the consequences of violating any of the above rules.
StackCommerce's Terms outline this very simply:
A statement like the one above will be necessary to remind users of your right to delete or suspend any content or user accounts at your discretion. You can include it within this clause or at a different point in your T&C.
Since it might not always be possible to filter or monitor all of the comments and reviews that come in, you may want to provide a method for users to report objectionable content.
WordPress provides an easy link to do this within its Terms of Service:
3. Intellectual Property Infringement
With any UGC there is some risk of copyright infringement since you will often have no way of verifying the copyright of any content uploaded to your website or app. Even a simple photo can be considered copyright infringement if the user did not have permission from the photographer to upload it. While it's less likely to occur in the case of comments and reviews, it's still possible.
According to the Digital Millennium Copyright Act, (DMCA) online businesses must provide users with a way to report copyright infringement, and must have a system in place to validate and remove copyrighted content once it is reported. As long as these requirements are met, the company will not be held legally responsible for the copyright infringement.
The New York Times describes the reporting and validation process in its Terms of Service so that users know exactly what to do in the case of copyright infringement claims:
4. Liability
Objectionable content or copyright infringement may occur when UGC is involved, despite your best monitoring efforts and reporting functionality. In the event that a user does upload content that is illegal or otherwise a liability, it is important to include a clause that addresses user responsibility.
This clause is where you'll explain that users are prohibited from posting any illegal, objectionable, or copyrighted material and, in the case of an infringement within UGC, the user will assume all legal responsibility.
Here's another example from the New York Times:
The above paragraph addresses only copyright infringement, but most companies also include a statement about legal liability when illegal or illicit material is posted by a user.
In this statement by StackCommerce, the company reminds users that it's not able to screen or monitor all UGC, and that each user is fully responsible for the content they create:
By including a clause like those shown above, you avoid possible liability for the material uploaded by users.
This is another good place to remind visitors of your right to remove any offending content.
Here's an example of such a statement from Gawker:
Privacy Policy
In order for visitors to post comments on your website or mobile app, they will usually need to create an account and provide an email address.
If you are collecting names, usernames, email addresses, or even just IP addresses from visitors, then you will legally need a Privacy Policy.
If you don't already have one in place, a Privacy Policy is a commonplace statement posted publicly to your website or mobile app that explains what types of personal information you collect from consumers, why you collect the information, how you process or store it, and what you do with it.
This table of contents from the Sony Corporation of America Privacy Policy shows a basic rundown of information that you'd typically see included in a standard Privacy Policy:
Why a Privacy Policy?
If your online business collects any personal data from visitors, a Privacy Policy is required by law according to multiple privacy laws from state to international level.
These laws work to protect citizens of a locale, but they have global effects for businesses. For example, while CalOPPA is a California law from the United States, it applies to businesses anywhere in the world that collect personal data from residents of California. Not only California businesses.
If your blog reaches users around the world - and it surely does - you'll need to make sure you aren't violating any privacy laws that might be in effect to protect those users, wherever they're located.
Here are a few of the regulations that likely apply to your business:
- California Online Privacy Protection Act (CalOPPA - US)
- General Data Protection Regulation (GDPR - EU)
- Children's Online Privacy Protection Act (COPPA - US)
- Personal Information Protection and Electronic Documents Act (PIPEDA - Canada)
According to these statutes, the following information will be absolutely required in your Privacy Policy if you plan to collect information from your visitors:
- What kind of information you collect
- How you use the information
- How the information is shared with third parties
- A description of how you use cookies and why
- How users consent to your collection of their information and how they may access, manage, or delete it
- If and how you process the information of children
- How you communicate Privacy Policy changes to users
- When was the last time you updated the Privacy Policy
- How can users communicate with you regarding privacy issues
Here is another Privacy Policy summary from Borderfree that illustrates the main points they cover within the policy:
Remember, these are just the basics. Some companies also include clauses on dispute resolution, security, marketing, business transfers, and other subject matter. The nature and specificity of your Privacy Policy may change depending on the type of services you provide.
In Adobe's Privacy Policy, for example, the company explains where they store information and how it is transferred across international borders. This is necessary because Adobe offers their software subscriptions across the world:
Obtaining User Consent
The final step is to require visitors to agree or consent to your T&C and Privacy Policy before allowing them to post UGC to your website or app. This can be accomplished via a clickwrap agreement.
A clickwrap agreement is a form or window that asks users to click a button or tick a checkbox in order to agree to your conditions before using the site or app.
On its Student Signup form, Canvas has users click a box next to a statement that says the user is agreeing to the Terms of use and Privacy Policy:
This same tactic may be reinforced within contact or submission forms, such as this form from Fox:
As you can see, visitors cannot create a submission without first ticking the box that reads "I accept the Privacy Policy and Terms of Use."
With this method, you will ensure that each visitor is given an opportunity to both read and agree to your T&C and Privacy Policy before any UGC is ever submitted.
When it comes to liability for the content of others, you are always better safe than sorry.
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.