The legal agreements of your website or mobile app govern the relationship between your company and your users.

When you update any of your legal agreements, be it a Privacy Policy or a Terms and Conditions, you should notify users about the upcoming changes.

They should be made aware of the changes you're going to make to your legal agreements and how these changes would affect them and their accounts with your website or mobile app.

This is important.

An update notice give users the chance to opt-out or close their accounts if they don't agree with the changes.


Always Provide an Update Notice

Companies are making changes to their legal agreements for a variety of reasons: to make them more streamlined or readable, to be more descriptive, to inform users about new functionality of the website or mobile app, to adhere to legal requirements of new laws such as the GDPR and so on.

Regardless of the reason for the change, the updates to your legal agreements should be announced to your users before they become effective.

  • Asking for more personal information from users than you previously did is a change that could affect users.
  • Using personal data from users in a new way than wasn't previously stated in your Privacy Policy is another change that might affect users.
  • Updating your legal agreements to include a class action waiver is a major change that can affect the rights of your users.

In any of the above, the changes in a legal agreement can be substantial to users and it might affect their rights.

It's important how you get your users to agree to your original agreements as well as your updates. This is related to the browsewrap vs. clickwrap distinction:

  • Browsewrap refers to legal agreements placed somewhere on your website, mostly in the footer section of the website. The links are visible, but users may not be aware of the legal agreements they're agreeing to.
  • Clickwrap, on the other hand, is when you require users to confirm that they have read and agreed to your legal agreements before they sign-up, log-in, submit a form, download an app etc.
  • Clickwrap is the classic "I agree to" checkbox.

A clickwrap agreement is an enforceable agreement, while a browsewrap agreement isn't.

Two court cases - Specht vs. Netscape and Zappos Inc. Customer Data Security Breach Litigation - give more information on why:

  • In Specht v. Netscape the court found that "a consumer's clicking on a download button does not communicate assent to contractual terms if the offer did not make clear to the consumer that clicking on the download button would signify assent to those terms"
  • In Zappos.com Inc., Customer Data Security Breach Litigation the court found that browsewrap Terms of Use done by Zappos.com was not prominent and that no reasonable user would have read the agreement.

Not providing an update notice about upcoming changes to your legal agreements is similar to a browsewrap agreement: if the user isn't aware of the changes, the user can argue that she/he couldn't have agreed to the new terms because the terms weren't presented properly.

Providing a notice that you'll update your legal agreements isn't limited to only a few agreements, but to any agreements that governs the relationship between you and users:

  • Terms and Conditions
  • Privacy Policy
  • Cookies Policy
  • EULA
  • Community Guidelines
  • Code of Conduct
  • Acceptable Use Policy
  • Terms for the API
  • Service Level Agreement

Email Notices

Email is the most popular method used to provide notice, but this requires you to have the email address of your users. If you do use email to inform users about the changes, make sure to:

  • Make it clear what the announcement email is about
  • State why the changes are required
  • State how the changes will affect the users and their accounts
  • State when the changes will come into effect

Elance provided a notification that eight of their legal agreements will be changed. The email contained links to the updated sections of the agreements and it even summarized each section to provide a really neat overview.

Elance also stated when the updates were going to take effect:

Elance email on updates of 8 legal agreements

As you can see, Elance outlined every change very well, from users' obligations to indemnities and disputes.

How should your email announcing changes to your Privacy Policy and Terms and Conditions should look?

Here are a few tips:

  • Start with a clear subject line: "We're changing our Privacy Policy" or "We're updating our Terms and Conditions"
  • Mention why the update is needed: improved user experience, to give access to new services that requires a new set of rules to be accepted etc.
  • Provide a summary of the major changes
  • Individually mention why each of the major change was needed
  • Link to the new agreements directly from the email
  • Mention the date when the new agreements will be in effect
  • If possible, provide a comparison between the new agreements and the old agreements

Other places that you can use to announce the updates are:

  • Your Facebook and Twitter official accounts. Link to the legal page on your website detailing the upcoming changes
  • A blog post in which you discuss the changes
  • A banner pop-up on your website

On Websites

Regardless of what kind of legal agreement you'll update, these are the most strategic places where you can place a notification about upcoming changes to your legal agreements:

  • When the user creates an account on your website:
  • Yelp version of clickwrap: Sign-up for account and agree to Terms of Service, Privacy Policy

  • When the user orders a product or pays for your services, i.e. before checkout
  • Before the user can send you a request to perform a certain service
  • Whenever you place links to your legal agreements:
  • reddit footer: Privacy Policy updated tag

A top bar placed across all your web pages that inform users about the changes is the most popular tactic but make sure to link to a page where users can find more information.

GrooveShark notice: Terms of Service changed

This kind of top bar is similar to the method used by companies that must comply with the EU Cookies Directive:

Example of Top Banner Pop-up from BBC on Cookies

For SaaS Apps

Because most SaaS apps involve some version of an account dashboard, you can use the dashboard to properly notify users about any upcoming changes.

DigitalOcean, for example, updated its Terms of Service and used the dashboard section of its user accounts to notify them about the change:

DigitalOcean: We have updated Terms of Service

For Mobile Apps

If your business is only done through a mobile app and not through a website, you're still going to have agreements for that mobile app which will need to be updated at some point.

Follow the same practices as website owners to provide notice to users whenever you need to update the agreements.

When Airbnb updated its Terms of Service, the notification wasn't only through email but through its mobile app as well:

AirBnb Updates Terms on iOS App

Users were required to check the "I agree to the updated Terms" button and then click the "Accept" before they could continue to Airbnb:

AirBnb iOS: I agree to updated Terms checkbox

GDPR Notices

The GDPR gives your users far more rights when it comes to how their personal data is handled. One of the key aspects of the GDPR is its push for transparency.

A huge part of being transparent is sending notices to your users that let them know about any updates and changes you've made or will be making in response to the GDPR.

You likely noticed a huge amount of GDPR-related emails from companies earlier in 2018, letting you know that Privacy Policies and Terms and Conditions had been updated all over the place -- like this one from Avira:

Avira GDPR Privacy Policy update notification email

Some of these notices will give users the option to opt out of having their personal data collected, or at least tell them how to do so.

For example, here's a GDPR Privacy Notice that lets users either agree to allow cookies or make a number of edits and adjustments to cookie settings:

GDPR Privacy Notice pop-up with edit cookies settings menu open

TermsFeed: Cookies Consent - How to add Your Solution

Use our free Cookie Consent Solution to create, customize and add a Cookie Consent notice to your website.
  1. Click on the Cookie Consent link at the top of our website. Our Free Cookie Consent Solution will open:
  2. TermsFeed: Cookies Consent Solution

  3. Choose your consent preference: Implied or Express:
  4. TermsFeed Cookies Consent: Choose your consent preference - Step 1

  5. Customize your Cookie Consent widget with your website name, banner notice type and color palette:
  6. TermsFeed Cookies Consent: Customize your consent - Step 2

  7. Copy your Cookie Consent code and add it to your website page code before the closing of the </body> tag.
  8. TermsFeed Cookies Consent: Copy your Cookie Consent code - Step 3

  9. Adjust your website's JavaScript to accommodate your users' selections for consent:
  10. TermsFeed Cookies Consent: Adjust your website&#039;s JavaScript to users - Step 4

Some notices, as with repermission campaign emails (emails used to collect records of consent to email your users), give users the option to give consent for something (or not consent by not taking an action):

sendy-gdpr-update-email-consent-continue-receiving-emails

GDPR notices can be as basic as other update notices and simply let users know in a short sentence that a policy has been updated for the GDPR:

Digital Ocean GDPR banner notification with links

Always provide a link to the updated policy, a brief summary of what has been changed and how:

Google AdWords email notice about updated EU User Consent Policy - GDPR

Examples of Update Notices

App Annie announced via email some changes to its Terms of Service and its Privacy Policy that reflect their new products and features. They wanted to make the agreements more "streamlined, readable, and descriptive" on how they provide their service to users.

In the email, App Annie mentioned when the updates would take effect and gave users the chance to opt out if they do not wish to be bound by the new terms. The notification itself wasn't lengthy, but App Annie provided links to the legal agreements that were about to be changed.

AppAnnie email to users: Terms of Service, Privacy Policy updated

Contact information was placed at the end of the email for if a user wanted to contact the company for questions regarding the changes.

Twitter engaged in an informative campaign to get the word out about its new Terms of Service agreement.

As you can see from the screenshot below, Twitter notified users that the changes were made in light of a new feature that allows users to buy merchandise within Twitter:

Twitter Email on Privacy Policy and Terms of Service Updates

Any users who accessed Twitter's Privacy Policy page would have seen this notification as well:

Twitter Privacy Policy page: Changes to this policy

Twitter added new provisions in its legal agreement about the following:

  • Users relationship with sellers and their responsibility as buyers
  • That they will collect more information, including sensitive information such as credit card number and shipping address
  • Why they will collect more information
  • How they will collect information
  • That they may share your information to corporate affiliates such as Vine and MoPub, a mobile-focused ad exchange. MoPub and Vine are both owned by Twitter.

Pinterest updated its Privacy Policy in part because of the new "Promoted Pins" which at the time were being tested with a small group of advertisers.

In order to target users on Pinterest with more accurate Promoted Pins, Pinterest had to track their users' activities online. This new functionality meant that their Privacy Policy had to be updated.

Pinterest Privacy Policy Updates via Email

In the notification email, Pinterest notified users when the new Privacy Policy will take effect and how users can opt out if they wish to not have their activities tracked across the Internet.

When Bing Ads updated its Terms and Conditions agreement, the Bing Ads Support Team sent emails to all Bing Ads customers announcing these updates. The email included a summary of each major change of the legal agreements:

Bing Ads: Terms and Conditions Updated

The email makes it clear that the Terms and Conditions agreement was updated. The email gives a summary of the changes, but also why the changes were needed:

  • Better access to new Bing Ads offerings
  • Reach more of Microsoft's audience
  • Consolidated billing and payment
  • Management of your account

Bitly updated its Privacy Policy and sent emails to all its members detailing why the change was needed and what the major changes were.

Bitly email: Privacy Policy is updated

The new and updated Privacy Policy brought changes that could have affected users, so Bitly clarified each one:

  • A clear explanation of data Bitly collects
  • Assurance that the data is not linked to any Personally Identifiable Information
  • How the anonymous data is shared
  • The new Privacy Policy included a link to "Consume Choice" opt-out page

Summary

Privacy laws around the world, including the GDPR, require you to provide a Privacy Policy to your users. A Terms and Conditions agreement is optional, but highly recommended. Cookies Policies may be required if you fall under the EU Cookies Directive.

You need to inform your users whenever you make updates to your policies and legal agreements.

Do so through emails, website banners, mobile app pop-up windows and any other way that can get the message across successfully to your users. Don't forget to link your updated agreements to your update notice.

How to Create a Privacy Policy for Your Website

TermsFeed Privacy Policy Generator: How to Create a Privacy Policy for Your Website

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your website. Just follow these steps:
  1. Click on the "Start the Privacy Policy Generator" button.
  2. At Step 1, select the Website option and click "Next step":
  3. TermsFeed Privacy Policy Generator: Create Privacy Policy for Website - Step 1

  4. Answer the questions about your website and click "Next step" when finished:
  5. TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  6. Answer the questions about your business practices and click "Next step" when finished:
  7. TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  8. Enter your email address where you'd like your policy sent, select translation versions and click "Generate My Privacy Policy." You'll be able to instantly access and download your new Privacy Policy:
  9. TermsFeed Privacy Policy Generator: Enter your email address - Step 4

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy