The following is a guest post from fnBlog Contributor Matthew Faustman, founder of UpCounsel.
In this day and age, user generated content is a large part of our technology products. As such, this raises issues like Copyright infringement and privacy, which can expose web and mobile application entrepreneurs to extensive liability.
There are steps that we can take, however, to limit our exposure to liability. Below is a discussion of these preventative steps – usable by most modern websites that collect user data or host user generated content. By no means is this list exhaustive – each situation is unique and we highly advise that you consult a seasoned Intellectual Property (“IP”) attorney when considering these protections.
1. Have Users Agree To A “Terms of Use” (Terms of Service Agreement)
Terms of Use (“TOU”) (also known as Terms of Service) are terms and conditions that a customer must agree to in order to use a service. TOUs can cover a range of issues, including acceptable user behavior online, a company’s marketing policies, and copyright notices.
Really great TOUs are drafted to meet the individual specifications of a website. They have powerful implications and should not be taken lightly. For a full appreciation of a TOU, see this post by IP attorney Jill Bowman (its pretty amazing).
Some of the major flaws in TOU agreements are related to the protections that people seek under the Digital Millennium Copyright Act (“DMCA”) as explained by startup guru Dana Shultz in his blog post on the issue.
Here is an example template for a Terms of Use for a web or mobile application that hosts user generated content. This is merely an example and is not intended to be used directly on your website. Use it only as a reference for when you speak to an attorney.
Some major considerations for a TOU – Contributed by Jessica Hubley, Esq.
- Limit the site’s liability to users to some very small dollar amount (e.g., $10 or fees actually paid for services in the past 6 months);
- Have the user indemnify the site for any third party claims arising from their use of the site; and
- Include an arbitration clauses to reduce class action suits.
2. Comply With The DMCA
The Digital Millennium Copyright Act (“DMCA”) provides web and mobile application owners protection against liability for copyright infringement resulting from content uploaded by third party users. Providers, however, must comply with the DMCA to be eligible for such Safe Harbor. For more information on this topic, see another great post by Jill Bowman. Below are two things your company can do to help fall under these Safe Harbors.
- Register With The Copyright Office
The Company must apply as an online service provider and designate an agent with the Copyright Office to properly rely on the limitation of liability from copyright infringement under the DMCA. Additional information is available at http://www.copyright.gov/onlinesp/.
Most modern web and mobile application TOUs are written to rely upon the DMCA limitation of liability. If your TOU does rely upon the DMCA, then you should take these precautions. Again, consult an attorney versed in IP law for proper compliance.
- Institute (and diligently follow) A DMCA Policy
Which can include: 1) A working notification system (if a copyright owner tries to find you – they can), 2) a procedure for dealing with complaints from copyright owners regarding infringing content on your website, 3) a system that allows copyright owners to collect the information they need to issue DMCA complaints.
3. Have A Privacy Policy On Your Application
A privacy policy is a legal discloser that describes the ways a party gathers, uses, discloses and manages a customer’s “personal information.” Its purpose is to inform your users of how you collect and use their data – therefore, like your TOU, it is important that this is drafted to your particular application’s data usage features. Where companies get themselves into trouble is by making disclosures that are inaccurate regarding user’s data or do not maintain their TOUs over time. Privacy policies should be updated whenever there is a change in the way a company uses user’s customer information.
In most cases, someone’s name, address, email address, and telephone number are considered personal information. Health information, sexual orientation information, location information, and financial information (among others) may be considered “sensitive information” as well as “personal information,” and may be subject to more stringent protections both in tort and by virtue of specific statutes such as the Health Insurance Accountability and Portability Protection Act (HIPAA) or the Fair Credit Reporting Act (FCRA). (Contributed by Jessica Hubley, Esq.):
The FTC requires that websites that deal in users’ personal information have a “clear and concise” privacy policy that explains, in a digestible manner (Contributed by Jessica Hubley, Esq.):
- What types of information the company or website collects;
- How the company or website uses that information;
- With whom the company or website shares that information; and
- How the company or website secures that information.
Like the TOUs, find an attorney well versed in IP law and have them take a look at your Privacy Policy. There are also organizations like TRUSTe and P3PWiz that offer templates and consulting to help with policies. You may find some good information from the International Association of Privacy Professionals (IAPP). Finally, if your site collects information from children, includes health or financial data, or you have operations in other countries, there may be additional laws with which you must comply. We plan to expand this blog post to capture these additional regulations…so stay tuned.
DISCLAIMER