One of the most important components of any website or mobile app is its legal agreements: the Terms and Conditions agreement and its Privacy Policy.

Once you have these agreements, you'll need to get consent from your users to be bound by their terms.

If your website or mobile app collects any personal information from individuals, such as names, email addresses, mailing addresses and so on, you're required by law to have a Privacy Policy.

While a Terms and Conditions agreement is not legally required by law, it's highly recommended that all websites and mobile apps have one.

The Privacy Policy agreement

If your website or mobile app collects any sort of personal data from users, such as the basics like names and email addresses, information such as GPS locations or IP addresses, social network interaction data, or browsing history, you're required to have a Privacy Policy.

The agreement must be easily accessible from your website or mobile app, and easy to read and understand. It must be fully honest, accurate and updated.

Using fancy legal terms or outdated information will make your legal agreement inadequate and may lead to legal issues.

A Privacy Policy must include the following information to be legally compliant:

  1. A complete list of exactly what information is collected
  2. What this information is used for
  3. If this information is shared and, if so, with who

The Terms & Conditions agreement

While not legally required, a Terms and Conditions agreement will act as a legally binding contract between you (the owner of your website or mobile app) and those who use them.

You can use this agreement to:

  • Prevent or block abuses happening on your web site/mobile app.

    With this type of legal agreement, you'll be able to limit negative activity such as spamming or screen scraping by prohibiting such activities in the agreement. If someone doesn't follow your terms and rules, you can do something about it.

    See how Tinder was able to shutdown Gap's campaign because of Terms of Service violation.

  • Own your content.

    In your Terms and Conditions agreement, you can go into detail about who is able to use your website or mobile app content, and how this content can be used.

    Copyright information and trademarking can be included to protect your intellectual property. Otherwise, your content may be compromised with no or very little legal recourse.

Consent to your Privacy Policy is required and must be meaningful. This means that the person consenting must understand that he is consenting, and know what she is consenting to.

Obtaining consent for your Terms and Conditions is required if you wish to be able to enforce them and have protection against abuse by users of your site who may violate these terms.

While the browsewrap method of obtaining consent used to be common and legally allowed, it's now no longer valid in court. Instead, the clickwrap method has taken hold as the main method of obtaining consent.

The browsewrap method allowed for websites and mobile apps to just include a link to their Privacy Policy and Terms and Conditions page, and on that page would be a clause that said something similar to "By using this website or service, you agree to and are consenting to the terms within."

In a number of cases, courts found that users must actively be informed about legal agreements they agree to, and this default method of assuming consent became obsolete.

In many cases, even having a pop-up notification that states "By continuing past this page, you agree to our terms of use" has been found by courts to not create consent if a user continues past the page.

Ticketmaster Logo

This was the case for Ticketmaster v. Tickets.com.

Tickets.com was found to be taking information from the Ticketmaster website, changing it around slightly, and using it on its website.

Ticketmaster had a clause in its Terms and Conditions that prohibited using information taken from the site for any commercial purposes, and sued Tickets.com to enforce this.

Ticketmaster Terms of Use in Footer

The court found that no consent could be proven that Tickets.com agreed to Ticketmaster's Terms of Use just because it continued past that browse-wrap page.

The click-wrap method involves requiring the user to actively click a box to give consent, agree, or accept.

Example from EngineYard linking to its Terms of Service:

EngineYard - I Agree To Terms of Service

This method holds up strongly in court because there is very little ambiguity as to whether consent is given when someone clicks "I consent" and checks a checkbox.

In the case of Scherillo v. Dun & Bradstreet, Scherillo had checked a "Yes" box to agree to Terms of a website. He later said he had not meant to do so and revoked his consent. The court held that clicking "Yes" was evidence that he reasonably intended to consent, and upheld his consent.

How can you obtain valid consent?

When it comes to consent, anything that can be reasonably interpreted as being unambiguous consent is sufficient. Clicking boxes that say "I agree" or "I accept" are common methods of obtaining consent.

This active method of obtaining consent is far more favored than the more passive way of allowing an opt-out method and assuming a person is opted in unless opt-out action is taken.

Consider the following examples:

When installing Microsoft Office, users are prompted to continue through installation, then are stopped and asked to explicitly agree to the presented Software License (sometimes this agreement is also known as a Licensing Agreement or EULA before moving forward with the installation.

Microsoft Office Consent for Software License - 1

It also ask for confirmation:

Microsoft Office Consent for Software License - 2

This makes it clear that by continuing the installation, the user has agreed to the terms and will be bound by them.

Before using or registering on your website or mobile app, you can have the user click on a checkbox stating that by clicking, the user is agreeing to the presented Terms and Conditions, Privacy Policy, and any other relevant policies:

PayPal: Consent on User Agreement and Privacy Policy

By having a box to check and making the next clickable button have the word "Agree" in it, there will be very little doubt that any user who checks that box and continues on is fully agreeing to the legal agreement.

Also, consider putting a pop-up notification that requires consent before allowing a user to move further into your website or mobile app. Link all of your relevant information to this pop-up, and make it clear that by clicking on, the user is agreeing to the linked documents and policies.

WeTransfer: I agree button

Key points to consider

  1. Be clear.

    Make sure whatever you are obtaining consent for is clearly, thoroughly and accurately described in your Terms and Conditions and Privacy Policy.

    Use language that is easy to understand in these policies.

  2. Consent must be unambiguous.

    Be specific when asking for consent.

    Require active action such as clicking or typing initials when asking for consent.

    Use terms such as Agree, Consent and Accept to make sure a user understands that this is the action he is taking.

  3. Consent isn't limitless.

    If you obtain consent to use someone's personal data in one way and then decide you wish to use it in a different way, you must obtain consent for this new use.

    Consent doesn't mean consent to everything. It only means consent to exactly what you asked for consent to do.

    If you update your Privacy Policy or Terms and Conditions page, you should re-obtain active consent from your users to let them know that terms have changed.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy