SlideShare a Scribd company logo
BEST PRACTICES: TERMS OF USE
AND PRIVACY POLICIES
Royse Law Firm, PC
1717 Embarcadero Road
Palo Alto, CA 94303
www.rroyselaw.com
Heidi Klein
650‐521‐5748
hklein@rroyselaw.com
October 12, 2015
TERMS OF USE OVERVIEW
• Enforceability 
• Presentation 
• Acceptance
• Modification/Changes
• Material Terms
• E‐Commerce Websites and Social Media Platforms
2
ENFORCEABILITY ‐ BROWSEWRAP
• Nguyen v. Barnes & Noble, Inc., (9th Cir. Aug. 18, 2014) enforceability 
depends on whether user has actual or constructive knowledge of the 
Terms
– Courts have consistently enforced browsewrap where users had actual notice 
of terms.
– Inquiry Notice: Terms must be sufficiently evident to make a reasonably 
prudent user aware of their existence.
• General design of the website;
• Whether the link to the Terms is conspicuous (visibility/placement of the link); and
• Whether there are any other notices provided to the user regarding the Terms
• Generally…
– Inconspicuously placed Terms tucked away or buried in bottom of page 
unenforceable
– Multi‐step process through non‐obvious links to locate or access Terms 
unenforceable
– Courts have been found it sufficient where websites implement explicit textual 
notice that continued use will act as acceptance and consent to Terms
3
PRESENTATION/ACCEPTANCE
• Four Types of Electronic Adhesion Contracts (Berkson v. Gogo LLC 
and GoGo Inc.)
– Browsewrap agreements ‐‐ provide that the user gives assent to the terms 
merely by using the site. 
– Clickwrap agreements ‐‐ require a user to affirmatively click a box on the 
website acknowledging awareness of and agreement to the terms of the 
agreement before he or she is allowed to proceed with further use of the 
website. 
– Scrollwrap agreements ‐‐ require a user to physically scroll through an 
internet agreement and click on a separate "I agree" button in order to agree 
to the terms and conditions of the host website. 
– Sign‐in‐wrap agreements ‐‐ do not require the user to click on a box showing 
acceptance of the "terms of use," but instead includes a statement like “By 
clicking 'NEXT' I agree to the terms of use and privacy policy."
4
ACCEPTANCE ‐ ELIGIBILITY
• Legally competent to accept the Terms of Use
– 18 years or older
– Mentally competent
• Include provision that includes representations and 
warranties by user and website provider’s right to 
terminate/no obligation:
– (e.g. “If for any reason, we, in our sole discretion, believe you do not meet the 
eligibility requirements set forth above, we reserve the right, without 
provision of any notice to you to terminate your account and the Terms.  If you 
do not meet the eligibility requirements as set forth above, we have no 
obligations to you under the Terms.”)  
5
MODIFICATIONS/CHANGES
• Blanket statement granting right to unilaterally change terms 
with or without notice ‐‐ generally unenforceable
• Provide prominent notice on the website for any changes
• In addition, provide notice for material changes by sending 
notice to email address designated by user
• Include effective date (e.g. “Last Updated: September 15, 
2015”)
6
MATERIAL TERMS
• Must be CLEAR and CONSPICUOUS
• Court in Berkson : TOU must clearly draw attention to material terms 
that would alter what a reasonable consumer would understand to be 
default rights in an online transaction
• Arbitration Clause
– Include clear language at beginning of TOU putting user on notice:
• (e.g., THESE TERMS CONTAIN AN AGREEMENT TO ARBITRATE IN SECTION 10 
BELOW, WHICH WILL REQUIRE YOU TO SUBMIT CLAIMS YOU HAVE AGAINST THE 
COMPANY TO BINDING AND FINAL ARBITRATION
• Governing Law/Venue
• Restrictions on Class Actions
• Payment Terms (auto‐renewal)
7
E‐COMMERCE/SOCIAL MEDIA
• E‐Commerce Website
– Payment Terms (subscription, auto‐renewal)
– Disclaimers/Liability 
• Limits of Jurisdictional Application
• Social Media Platform
– User Generated Content (UGC)
– License to use UGC (avoid assignment/ownership language)
– Prohibited Content (offensive, violent, spam, infringing content, 
minors)
• DMCA Provision
– Must register with the Copyright Office
8
TAKE AWAY
• Analyze the client’s business, services, potential liabilities
• Review samples of TOU with similar services
• Customize 
• Implement:
– Clickwrap or Scrollwrap 
– Account Registration
– Clear and Conspicuous Material Terms
– Clear Notification of Modifications/Changes to Material Terms
9
PRIVACY POLICIES
• Federal Trade Commission (FTC)
– Necessary to avoid unfair and deceptive trade practices 
• California Online Privacy Protection Act of 2003 
(CalOPPA)
– First law in the nation with a broad requirement for privacy 
policies
10
DECEPTIVE TRADE PRACTICES
11
• Breach of a promise is a “deceptive” practice.
• In the Matter of GeoCities, Inc., FTC File No. 982‐3015 (Feb. 12, 1999)
– Online community where uses could maintain personal home pages.
– GeoCities promised it would not distribute or sell any collected information.
– FTC alleged GeoCities misrepresented how it would use information collected from users by 
reselling the information to third parties, which was in violation of GeoCities’ Privacy Policy.
• In the Microsoft, Corp., FTC File No. 012‐2340  (Dec. 24, 2002)
• Microsoft made claims about the high level of security used to protect personal and 
financial information collected through its “Passport” website service that allowed users to 
use a single sign‐in for multiple web services.
• FTC alleged that these “high‐level security” representations were misleading, because 
Microsoft’s vendors and business partners controlled the personal information, and not 
Microsoft itself.
UNFAIR TRADE PRACTICES
12
• Practice is “unfair” where the injury caused is (1) substantial, (2)without 
offsetting benefits, and (3) one that consumers cannot reasonably avoid.
• In the Matter of Gateway Learning Corp., FTC File No. 042‐3047 (Sept. 17, 2004)
– Privacy Policy stated it would not rent, sell, or loan any personal information without user 
consent and would provide users with opportunity to opt‐out if practice changed.
– Gateway started to sell information and retroactively modified its Terms without providing 
notice to users. 
– FTC: Retroactive application of material changes to the Privacy Policy was an unfair trade 
practice.
• In the Matter of BJ’s Wholesale Club, Inc., FTC File No. 042‐3160 (Sept. 23, 2005)
• BJ’s failed to encrypt personal and financial information and failed to secure wireless 
networks to prevent unauthorized access.
• Failing to implement basic security controls to protect consumer information alone 
constitutes an enforceable unfair trade practice, without any need for FTC to allege 
deception.
CalOPPA
13
• CalOPPA: 
– Applies to operators of commercial websites and online 
services that collect personally identifiable information 
about California residents
– Must conspicuously post a privacy policy
– Must comply with the terms of the policy 
ONLINE SERVICE
14
• Websites
• Mobile apps (iOS, Android, Windows)
• Desktop apps (Windows, Mac OS X)
• Facebook apps
• SaaS apps
• Any other platform where users would share their 
personal information
PERSONALLY IDENTIFIABLE INFORMATION
• “Personally identifiable information” (PII) broadly defined as information 
about a consumer collected online and maintained by the operator in an 
accessible form, including any of the following: 
• first and last name; 
• home or other physical address, including street name and name of a city 
or town;
• e‐mail address;
• A telephone number;
• social security number;
• any other identifier that permits the physical or online contacting of a 
specific individual; and
• information concerning a user that the online service collects online from 
the user and maintains in personally identifiable form in combination with 
an identifier described in this subdivision.
15
REQUIREMENTS
16
• At the very least, you must include (Cal. Bus. & Prof. Code §§
22575‐22579): 
– Categories of PII collected through the site or service about users or visitors, 
– Categories of third parties with whom the operator may share the personally 
identifiable information,
– Description of process for a user or visitor to review and request changes to his or 
her personally identifiable information collected through the site or service, if the 
operator maintains such a process, 
– Description of process for notifying users and visitors of material changes to the 
privacy policy, and  
– Effective date of the privacy policy.
SPECIAL REQUIREMENTS
• Children’s Online Privacy Act (COPPA)
– PII from children under the age of 13, COPPA regulations may apply
• California Civil Code § 1798.83 “Shine the Light” Law
– California residents permitted to request information regarding the 
disclosure of their PII by online service providers to third parties for the 
third parties’ direct marketing purposes.
• Do Not Track (DNT) (AB 270 of 2013) “Tracking Transparency Law”
– The law requires two new disclosures in the privacy policy of an 
operator of a web site or online service: 
• (1) the operator’s response to a browser DNT signal or to “other 
mechanisms,” ‐‐ Required when website collects PII over time and across 
third‐party websites
– can be satisfied by linking to program or policy that explains a users choice 
about online tracking – www.allaboutdnt.com
• (2) the possible presence of other parties conducting online tracking
17
BEST PRACTICES
18
• Making Your Privacy Practices Public, Kamala D. Harris, California 
Department of Justice
– Readability
• Use plain, straightforward language. Avoid technical or legal jargon.  
• Use a format that makes the policy readable, such as a layered format 
– Online Tracking/Do Not Track
• Make it easy for a consumer to find the section in which you describe your 
policy regarding online tracking by labeling it, for example: “How We 
Respond to Do Not Track Signals,” “Online Tracking” or “California Do Not 
Track Disclosures.”  
• Describe how you respond to a browser’s Do Not Track signal or to other 
such mechanisms. This is more transparent than linking to a “choice 
program.” 
• State whether other parties are or may be collecting personally identifiable 
information of consumers while they are on your site or service. 
BEST PRACTICES CONT.
19
• Data Use and Sharing 
• Explain your uses of personally identifiable information beyond what is 
necessary for fulfilling a customer transaction or for the basic functionality of 
an online service. 
• Whenever possible, provide a link to the privacy policies of third parties with 
whom you share personally identifiable information. 
• Individual Choice and Access 
• Describe the choices a user has regarding the collection, use and sharing of his 
or her personal information. 
• Accountability 
• Clearly tell users whom they can contact with questions or concerns about 
your privacy policies and practices.
BEST PRACTICES CONT.
20
• In Addition…
• Incorporate by reference into the TOU to include risk allocation provisions 
without overcomplicating Privacy Policy 
• Obtain clear consent from user (“By submitting PII through the website you 
agree to the terms of this Privacy Policy and you expressly consent to the 
collection, use and disclosure of your PII in accordance with this Privacy 
Policy”)
• Implement reasonable security measures and explain those measures in the 
Privacy Policy
TAKE AWAY
21
• Analyze and fully understand the data collection and retention activities of 
the client
• Carefully craft the privacy policy to adequately, clearly, and conspicuously 
explain privacy practices
• Implement reasonable data security measures (encryption at the very least 
for personal/financial information)
• Provide opt‐in consent when changing the way personal data is collected 
and/or used
• Most important of all — adhere to the privacy policy
22
www.rroyselaw.com
PALO ALTO
1717 Embarcadero Road
Palo Alto, CA 94303
SAN FRANCISCO
135 Main Street
12th Floor
San Francisco, CA 94105

More Related Content

PDF
Terms of Use and Privacy Policy Best Practices
Roger Royse
 
PPTX
California's New Privacy Policy Guidelines
Brian Heidelberger
 
PPTX
Terms of Service and Privacy Policies
Jeffrey Glazer
 
PPT
CIPD social media event 2nd December 2015
Aine Hayes
 
PPTX
Informed consent and cloud computing
Clio - Cloud-Based Legal Technology
 
PDF
Master Track B: "Exploring 'Identity' from a Consumer & Agency/Brand Perspect...
iMedia Connection
 
PDF
California Consumer Privacy Act (CCPA): Countdown to Compliance
Tinuiti
 
PDF
How to Integrate Privacy into Your Customer Care
TRUSTe
 
Terms of Use and Privacy Policy Best Practices
Roger Royse
 
California's New Privacy Policy Guidelines
Brian Heidelberger
 
Terms of Service and Privacy Policies
Jeffrey Glazer
 
CIPD social media event 2nd December 2015
Aine Hayes
 
Informed consent and cloud computing
Clio - Cloud-Based Legal Technology
 
Master Track B: "Exploring 'Identity' from a Consumer & Agency/Brand Perspect...
iMedia Connection
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
Tinuiti
 
How to Integrate Privacy into Your Customer Care
TRUSTe
 

Similar to Best Practices: Terms of Use and Privacy Policies (20)

PDF
How to Integrate Privacy into Your Customer Care
TRUSTe
 
PPTX
Nasig 2019 Pre-conference - Contract Construction: Creating an Effective Lice...
Stephanie Hess
 
PDF
Security And Legal In The Cloud Ats V2
dbarton944
 
PDF
No Cookies, No Problem - Steve Krull, Be Found Online
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
PDF
Duty of Care Online
bwiredgroup
 
PDF
Duty Of Care Online
bwiredgroup
 
PDF
How to Write a Privacy Policy For Your Blog?
Saikrishna Tipparapu
 
PDF
Beyond Cookies Preparing for a Privacy-First Future - Steve Krull
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
PPTX
Data on the Web Best Practices: Challenges and Benefits
Centro Web
 
PDF
Data on the Web Best Practices: Challenges and Benefits at OGP
Caroline Burle
 
PPTX
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Diana Maier
 
PPTX
Trending Topics in Data Collection & Targeted Marketing
cdasLLP
 
PPTX
Streamline Your Negotiation: Creating & Updating a License Template for Your...
Liane Taylor
 
PPSX
NAFCU - Keeping Your Marketing Pitches Compliant
E Andrew Keeney
 
PPTX
OCBA Cloud 9: Cloud Computing and Ethics for Florida Attorneys
Daniel Whitehouse
 
PDF
GDPR for developers
Exove
 
PDF
Brisbane Health-y Data: Licensing health and sensitive data
ARDC
 
PDF
The Digital Privacy Equation
TC Media
 
PDF
Développements récents en droit des technologies 8 novembre 2011
Blake, Cassels & Graydon LLP
 
PPTX
BSAD 372 SPRING 2017 CH 7
Janice Robinson
 
How to Integrate Privacy into Your Customer Care
TRUSTe
 
Nasig 2019 Pre-conference - Contract Construction: Creating an Effective Lice...
Stephanie Hess
 
Security And Legal In The Cloud Ats V2
dbarton944
 
No Cookies, No Problem - Steve Krull, Be Found Online
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Duty of Care Online
bwiredgroup
 
Duty Of Care Online
bwiredgroup
 
How to Write a Privacy Policy For Your Blog?
Saikrishna Tipparapu
 
Beyond Cookies Preparing for a Privacy-First Future - Steve Krull
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Data on the Web Best Practices: Challenges and Benefits
Centro Web
 
Data on the Web Best Practices: Challenges and Benefits at OGP
Caroline Burle
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Diana Maier
 
Trending Topics in Data Collection & Targeted Marketing
cdasLLP
 
Streamline Your Negotiation: Creating & Updating a License Template for Your...
Liane Taylor
 
NAFCU - Keeping Your Marketing Pitches Compliant
E Andrew Keeney
 
OCBA Cloud 9: Cloud Computing and Ethics for Florida Attorneys
Daniel Whitehouse
 
GDPR for developers
Exove
 
Brisbane Health-y Data: Licensing health and sensitive data
ARDC
 
The Digital Privacy Equation
TC Media
 
Développements récents en droit des technologies 8 novembre 2011
Blake, Cassels & Graydon LLP
 
BSAD 372 SPRING 2017 CH 7
Janice Robinson
 
Ad

More from Roger Royse (20)

PPTX
How to Get Venture and Angel Funding for Your Tech Startup  .pptx
Roger Royse
 
PPTX
QSBS for startups, Investors and founders
Roger Royse
 
PPTX
Startup Law 101 How to Avoid Legal Pitfalls that Could Doom Your Startup.pptx
Roger Royse
 
PPTX
Flip.pptx
Roger Royse
 
PPTX
Distressed startups legal, business, and financing strategies
Roger Royse
 
PPTX
Top Ten Legal mistakes that Could Kill Your Startup
Roger Royse
 
PPTX
How to Split the Pie, Raise Money and Reward Contributors
Roger Royse
 
PPTX
Prepare Your Startup for Venture Capital Investment
Roger Royse
 
PPTX
How to Prepare Your Startup for Venture Capital Investment
Roger Royse
 
PDF
How to Prepare Your Startup for Venture Capital Funding
Roger Royse
 
PPTX
How to Negotiate with Venture Capitalists
Roger Royse
 
PDF
Startup Basics: Legal, Business and Financing Strategies in a Downturn
Roger Royse
 
PPTX
F50 AG Tech Slides
Roger Royse
 
PPTX
Prepare Your Startup for Venture Capital Investment
Roger Royse
 
PPTX
How Your Company is Affected by the CARES Act and Related Legislation
Roger Royse
 
PPTX
How to Get Your Startup Ready for Venture Capital Funding (Idea To IPO)
Roger Royse
 
PPTX
Legal Issues for Tech Startups
Roger Royse
 
PPTX
Startup Basics: How to Split the Pie, Raise Money and Reward Contributors
Roger Royse
 
PPTX
Startup Basics: Legal, Business, and Financing Strategies
Roger Royse
 
PPTX
Funding 101 for Tech Entrepreneurs & Startups
Roger Royse
 
How to Get Venture and Angel Funding for Your Tech Startup  .pptx
Roger Royse
 
QSBS for startups, Investors and founders
Roger Royse
 
Startup Law 101 How to Avoid Legal Pitfalls that Could Doom Your Startup.pptx
Roger Royse
 
Flip.pptx
Roger Royse
 
Distressed startups legal, business, and financing strategies
Roger Royse
 
Top Ten Legal mistakes that Could Kill Your Startup
Roger Royse
 
How to Split the Pie, Raise Money and Reward Contributors
Roger Royse
 
Prepare Your Startup for Venture Capital Investment
Roger Royse
 
How to Prepare Your Startup for Venture Capital Investment
Roger Royse
 
How to Prepare Your Startup for Venture Capital Funding
Roger Royse
 
How to Negotiate with Venture Capitalists
Roger Royse
 
Startup Basics: Legal, Business and Financing Strategies in a Downturn
Roger Royse
 
F50 AG Tech Slides
Roger Royse
 
Prepare Your Startup for Venture Capital Investment
Roger Royse
 
How Your Company is Affected by the CARES Act and Related Legislation
Roger Royse
 
How to Get Your Startup Ready for Venture Capital Funding (Idea To IPO)
Roger Royse
 
Legal Issues for Tech Startups
Roger Royse
 
Startup Basics: How to Split the Pie, Raise Money and Reward Contributors
Roger Royse
 
Startup Basics: Legal, Business, and Financing Strategies
Roger Royse
 
Funding 101 for Tech Entrepreneurs & Startups
Roger Royse
 
Ad

Recently uploaded (20)

PDF
4286820232025-07-21-611256.pdf Supreme Court
sabranghindi
 
PPTX
71 Strategies to Control Legal Expenses.pptx
jamesstapleton21
 
PPTX
The Election Process in India , election system
luckybhagyasri13
 
PPTX
First Responder course seminar for Philippine National Police.pptx
QPPOOperation
 
PDF
AHRP LB - The Regulatory Framework and Practice of Absentee Land in Indonesia...
AHRP Law Firm
 
PDF
STATUTE-130-Pg2000.pdf LEI MAGNITISKY U.S.A.
xyzabcd012345098765
 
PDF
Female Giggers' Discrimination - Dr. Yanki Hartijasti.pdf
sakshikothari33
 
PDF
Top 10 Legal Consultants Shaping Business Strategy in 2025
timeiconic007
 
PDF
Forestry Commission boss sues Dakyehene of New 88.3 FM, demands GH¢20 million...
Kweku Zurek
 
PDF
VIETNAM – “NGUOI QUAN SAT” MAGAZINE INTERVIEWED DR OLIVER MASSMANN - THE FIRS...
Dr. Oliver Massmann
 
PPTX
MONEY LAUNDERING IMAGE ON TANZANIA MIRROR.pptx
JOEL EXAVERY
 
PDF
Noah Michael Donato - A Certified Divemaster
Noah Michael
 
PPTX
办理UNIR文凭|购买比亚努埃瓦国际大学毕业证Letter办理学历认证国外文凭
xxxihn4u
 
PPTX
LLM Presentation_Manas Dash in masterin law.pptx
Lupin32
 
PPTX
CONSTITUTION OF PAKISTAN 1956 by Shahzaman chandio
Shahzaman Chandio
 
PPTX
Rule of Strict Interpretation.pptx AND G
DhrumilRanpura1
 
PDF
DPT-3 Filing With ROC for Private Limited Companies
Kartik Verma
 
PPTX
5 Crucial Facts About California’s Three Strikes Law & Its Real Impact.pptx
charlottejim674
 
PDF
Anticipatory bail order delay 698 days Advocate Rohit Dandriyal.pdf
chamberofadvrohitdan
 
PPTX
Katarungang Pambarangay Presentation.pptx
MarkBalagat
 
4286820232025-07-21-611256.pdf Supreme Court
sabranghindi
 
71 Strategies to Control Legal Expenses.pptx
jamesstapleton21
 
The Election Process in India , election system
luckybhagyasri13
 
First Responder course seminar for Philippine National Police.pptx
QPPOOperation
 
AHRP LB - The Regulatory Framework and Practice of Absentee Land in Indonesia...
AHRP Law Firm
 
STATUTE-130-Pg2000.pdf LEI MAGNITISKY U.S.A.
xyzabcd012345098765
 
Female Giggers' Discrimination - Dr. Yanki Hartijasti.pdf
sakshikothari33
 
Top 10 Legal Consultants Shaping Business Strategy in 2025
timeiconic007
 
Forestry Commission boss sues Dakyehene of New 88.3 FM, demands GH¢20 million...
Kweku Zurek
 
VIETNAM – “NGUOI QUAN SAT” MAGAZINE INTERVIEWED DR OLIVER MASSMANN - THE FIRS...
Dr. Oliver Massmann
 
MONEY LAUNDERING IMAGE ON TANZANIA MIRROR.pptx
JOEL EXAVERY
 
Noah Michael Donato - A Certified Divemaster
Noah Michael
 
办理UNIR文凭|购买比亚努埃瓦国际大学毕业证Letter办理学历认证国外文凭
xxxihn4u
 
LLM Presentation_Manas Dash in masterin law.pptx
Lupin32
 
CONSTITUTION OF PAKISTAN 1956 by Shahzaman chandio
Shahzaman Chandio
 
Rule of Strict Interpretation.pptx AND G
DhrumilRanpura1
 
DPT-3 Filing With ROC for Private Limited Companies
Kartik Verma
 
5 Crucial Facts About California’s Three Strikes Law & Its Real Impact.pptx
charlottejim674
 
Anticipatory bail order delay 698 days Advocate Rohit Dandriyal.pdf
chamberofadvrohitdan
 
Katarungang Pambarangay Presentation.pptx
MarkBalagat
 

Best Practices: Terms of Use and Privacy Policies