Steps to keep your website legal

It is easier than ever to create and maintain a website. However, there are many pitfalls and potential liabilities that quietly exist in cyberspace. Anyone publishing content online through a website should be aware of certain legal requirements, and some best practices, so problems aren’t inadvertently created.

Properly use third-party content

Using images, designs, videos, or text that you don’t own on your website can put you in hot water. Many people mistakenly believe that because content is made available online, anyone can copy or use that content for their own purposes. That is often not the case, however, and it is instead wise to assume all third-party materials are protected by copyright law and permission is needed to use those materials.

Copyright protection extends to creative and original work when it is fixed in a tangible medium, regardless of whether a copyright registration exists, and even without a copyright notice. Publishing content online doesn’t change a copyright owner’s rights. There are some instances where permission is not needed because of “fair use,” but anyone wishing to rely on that exception should work closely with counsel, as the evaluation of whether a particular use is “fair use” can be complicated.

If content is purchased or licensed for use (such as clip art), carefully review any terms or limitations regarding such use. For example, some clip art providers restrict use of images to “noncommercial” use. These terms of use may be on the clip art website in a hyperlink, or within a “read me” file accompanying the content.

Be clear and truthful with advertising

Federal and state law prohibits unfair or deceptive acts or practices in trade or commerce. If you advertise your products or services on your website, be sure you are truthful and that you can back up claims you make. You are allowed to express an opinion by boasting or exaggerating (e.g., “You will love this product”), but you should have substantiation for factual statements (e.g., “this product performs better than that product”).

Similarly, if you are being paid to put certain content on your site, or if you are given services or products for free in exchange for endorsement on your website, you are required to disclose these arrangements. The Federal Trade Commission has issued helpful guidance regarding online advertising and marketing, and endorsements here.

Include a privacy policy

If information about site visitors is collected through your website (by you or by anyone else), your site needs to have a privacy policy. A privacy policy should at a minimum state what information is collected, with whom the information is shared, and how the information will be used. Depending on the type of information you collect and what third-party solutions you use, you may be required to include specific language in your privacy policy. For example, if you use Google Analytics, you must describe how cookies are used to provide ads and how visitors can opt out of certain practices. Also, if you direct your website to residents of the European Union, your practices and your policy must comply with the EU’s General Data Protection Regulation. A privacy policy can sometimes be included in the site’s terms of use.

Protect yourself from claims related to user-generated content

If you allow third parties to use your site to post content that can be viewed by others, you should investigate the “safe harbor” available to online service providers under the Digital Millennium Copyright Act that can limit your liability from third parties’ copyright infringement. To take advantage of that “safe harbor,” you need to include on your website language regarding the process site visitors can use to make claims of copyright infringement about third-party content, and you need to designate an agent with the U.S. Copyright Office who will receive notice of those claims.

You also should require that third parties agree they alone are responsible for what they post, and that they will hold you harmless for any damage caused by their posts. That language, as well as the “safe harbor” language, can be included in the site’s terms of use.

Take security seriously

If you accept payments on your website, or if you collect personal information from site visitors, you should be taking security precautions. For example, if you accept payments via credit cards on your website, your merchant account with the credit card processor likely requires you to use an SSL certificate. Even if you aren’t “required” to use SSL certificates, doing so will help protect your website by providing safe connections for visitors.

It also is vitally important to keep the software for your website up to date. Failure to promptly apply a software patch or update makes your site vulnerable to hacking. Using complex passwords and website security tools also can protect your website against vulnerabilities.

In the event your website is hacked, you should promptly investigate the breach and determine whether any personal or confidential information was accessed or used. Most states (including Michigan) have laws in place that require notice be provided to individuals if their personal information has been improperly accessed or used, and some require notifications be delivered as soon as 30 days after discovery of a security breach.

Understand and follow applicable regulatory rules

There are a lot of industry-specific laws governing websites. If your business is related to health care, the financial industry, or another highly-regulated industry, your website needs to comply with laws governing what you can and cannot do on your website, and what you need to say (or cannot say) on your website. If you aren’t sure whether you have regulatory compliance obligations, you should consult with an attorney to help you identify what obligations you may have.

Protect your intellectual property

Your business name and branding can be protected under federal trademark law by registration with the U.S. Patent and Trademark Office. Although registration is not “required,” it will allow you to prevent others from using confusingly similar marks, and it will expand your trademark protection throughout the United States. The first thing you will likely do when setting up a website is to select and register a domain name. Domain names sometimes can be protected as trademarks. Registering a domain name with bad-faith intent to profit from another’s trademark or goodwill (“cybersquatting”) is illegal, and disputes regarding domain names often can be handled through administrative proceedings.

Your original and creative website content, and the “look and feel” of your site, can be protected by copyright. Although you do not need to have a copyright registration for those protections to exist, you should consider whether registration is appropriate for you. Registration is necessary if you wish to bring a copyright infringement action against someone using your copyrighted work without permission. You may delay filing an application to register your copyright, but this delay may limit the damages you can recover through an infringement action. With or without a registration, you may include a copyright notice on your site that identifies the year of publication and the owner of the copyright.

Include terms of use

Although there is no law requiring terms of use be included on every website, many website operators would benefit from including such terms. Terms of use also can set the ground rules for visitors’ use of the website. These terms often include disclaimers and limitations of liability. If site visitors can purchase goods or services through the website, then the terms of use should describe the terms of payment and delivery. It also is helpful to include language requiring any disputes relating to the website be brought to courts in your jurisdiction, instead of the jurisdiction of your site’s visitors. Also, as described above, terms of use can include your privacy policy and your DMCA “safe harbor” notice, among other notifications to site users.

Document your arrangement with developers and designers

If someone helps you create your website or some of its content, having a written contract is essential. Under U.S. law, the person who creates copyrightable work retains his or her copyright in that work unless ownership is transferred in a signed writing. You can’t transfer a copyright through a verbal agreement or a “handshake” deal. If you would like to own the copyright in the images, text, etc. on your website, the creator should sign a statement transferring the copyright in those materials to you.

Contracts also can clarify the scope, timeline and cost for the project, which can be helpful in defining expectations, avoiding misunderstandings and resolving disputes. Although some contracts can be formal and complicated, it is possible to set forth the terms of your contractual arrangement into a letter or an email. Moreover, electronic signatures are generally enforceable in contracts for website and content development.

Previous article University spending $1M on equipment for cannabis center
Next article West Side nonprofit hires executive director
Avatar photo
<a href="https://www.mikameyers.com/legal-team/attorney/jennifer-puplava">Jennifer A. Puplava</a> is an attorney at <a href="https://www.mmbjlaw.com">Mika Meyers</a> in Grand Rapids. She practices primarily in the areas of intellectual property law and technology law. She helps clients protect their trade secrets, trademarks, copyrights and other intellectual property, and she assists clients with the negotiation, drafting and enforcement of related agreements, policies, terms and conditions and other documents. Jennifer received her law degree from Indiana University School of Law, cum laude, and her undergraduate degree from Saint Mary's College, magna cum laude.