Terms Of Conditions Of Supply | Web Privacy | Acceptable Use Policy
These terms of website use, designed for publication on a website, contain provisions dealing with access to, and use of, the website. The website owner may rely on such terms to prevent unauthorised access to his website, the disclosure by users to third parties of access security information, the unauthorised reproduction of material contained on the website and certain undesirable user behaviour such as hacking, introducing viruses and uploading illegal or defamatory content. The terms allow the website owner to limit his potential liabilities to users of the website.
The terms of use are intended for use in conjunction with the Standard document, Privacy policy (www.practicallaw.com/2-201-7192) and the Standard document, Website acceptable use policy (www.practicallaw.com/9-201-6274). Website owners who use their website to supply goods to visitors of the site should also refer to the Standard document, Website terms and conditions of supply (www.practicallaw.com/resource.do?item=:16059431). The four documents together ensure that the website owner complies with all information requirements specified in the Electronic Commerce (EC Directive) Regulations 2002 (SI 2002/2013) (E-Commerce Regulations) and – in relation to online sales – with the Consumer Protection (Distance Selling) Regulations 2000 (SI 2000/2334) (Distance Selling Regulations). All documents are drafted from the perspective of the website owner, and it is not intended that they should be negotiated.
Legal issues
To ensure that customers are legally bound by the website terms of use, the terms must be properly incorporated into a contract between the website owner and the user. Ideally, any user of the site should be required to view a copy of the site’s website terms and to click on an “Accept” button to indicate that they have read and accepted the terms, before being allowed to move through the site. Visitors can be taken to a copy of the website terms of use either by inserting a hyperlink to a separate page where the terms are displayed (giving the visitor the option to follow the link or not), or by requiring the visitor to scroll through all the terms and conditions. The latter mechanism has been seen by many website owners as impairing the user-friendliness of the website and, in practice, a link to the terms of use is usually prominently displayed on each page of the website, ensuring that the terms are easily accessible and bringing the existence of the terms to the user’s attention.
However, there is always a risk that the terms will not be properly incorporated if, for instance, the link fails. A safer practice is either the display of the terms in full when the visitor first enters the website, or the display of the terms inside a separate scroll-down window on the homepage. It may not be technically possible to ensure incorporation of the terms where a visitor enters the site via a “deep link” unless the scroll-down window is displayed on every web page, but in practice, most website owners are unwilling to impair the user’s ability to move through the site to such a degree.
To make as sure as possible that the terms and conditions will be properly incorporated, certain “incorporation” language should be included on the homepage, such as the introductory paragraph included in the terms of use. This makes it clear that visitors to the site accept the terms of use, and that they agree to abide by them.
Drafting issues
Those who are drafting website terms of use should bear in mind the nature of the website. Depending on the content of the site, even website owners who only provide free information and services (for example, free software or document downloads, open chatrooms or message boards) should incorporate terms of use to deal with, for instance, issues of liability for content provided to, or uploaded by, visitors to the site.
Clause notes
Information about us
This condition contains part of the information about the website owner required by regulation 6(1) of the E-Commerce Regulation, the Companies (Trading Disclosures) Regulations 2008 (as amended by the Companies (Trading Disclosures) (Amendment) Regulations 2009) and the Companies (Registrar, Languages and Trading Disclosures) Regulations 2006 (Companies Regulations) which amend section 188 of the Insolvency Act 1986. Failure to provide the information required by the E-Commerce Regulations may result in the Office of Fair Trading making an application to the courts for an “enforcement order” (a so-called “Stop Now Order”. If a company fails to comply with the Companies Regulations it is liable to a fine (paragraph 4, Schedules 1 and 2).
For a detailed description of the information website operators must provide to their users, see Practice note, Information provision obligations of UK website operators (www.practicallaw.com/7-201-5591).
Accessing our site
This condition describes in detail the way in which a user of the website may use the site. It allows the website owner to restrict access to all or part of the site, and to make access to restricted parts of the website subject to the use of certain security information. In recent years, many website owners – even where they continue to provide content for free – have moved towards making the use of such information subject to prior registration by the user. These owners use the website for the purpose of data collection, allowing them to obtain useful information about their customers and target audience. They also ensure that they are in a position to identify any visitor who is accessing or using the website in breach of their terms of use.
Since these aims cannot be achieved if a user shares his security details with third parties, this condition also provides that any security information chosen by, or provided to, the user must be kept confidential.
A link to the website operator’s acceptable use policy requires the visitor to comply with the content standards set out in it whenever they are using or accessing the website (see Standard document, Website acceptable use policy (www.practicallaw.com/9-201-6274)).
Intellectual property
This condition confirms that all intellectual property rights in the website, and in any material published on it, belong to the website owner or his licensors. Although it grants limited licences to users of the site to use such material, it otherwise asserts the position of the rights owner. However, it is unlikely that the condition would be successful in preventing visitors from using the material displayed on the website in ways which would be covered by the “fair dealing” provisions set out in Chapter 3 of the Copyright, Designs and Patents Act 1988 (CDPA).
Experience has shown that statutory and contractual provisions aimed at the protection of intellectual property rights are ill-suited, in practice, to preventing unauthorised copying of website content (particularly of music), which takes place on a substantial scale. Although industry bodies such as the BPI (British Phonographic Industry) and the IFPI (International Federation for the Phonograph Industry) have recently taken steps to enforce their members’ intellectual property rights (see Legal update, BPI and IFPI take further legal action against file-sharers (www.practicallaw.com/7-200-6025)), the time, cost and effort of enforcing those rights are often prohibitive for the individual website owner. Rather than relying solely on this condition, website owners are therefore advised to put additional technical measures in place to prevent extraction or copying of the content of the site once the user has obtained access. This is known as “copy protection”.
Reliance on information posted
Many websites provide – often free of charge – advice to users on specialised topics such as health, financial or legal issues. Even if it is given for free, the provision of such advice may in limited circumstances result in the website owner assuming liability under the Hedley Byrne and Caparo principles. Liability in tort may arise where the person providing the advice (the website owner, one of his employees or contributors) may owe a duty of care to the website’s users because he has certain special knowledge, is aware that the user is likely to access the advice for a specific purpose, and is aware that the user would reasonably rely on the advice for that purpose (for details of potential liability for website content, see Liability for website content: UK country questions (www.practicallaw.com/5-102-1909)).
However, website owners may be able to avoid such liability by including on their website appropriate disclaimers or statements which are designed to limit the expectations of their users. For example, in Gary Patchett and another v Swimming Pool & Allied Trades Association Ltd ([2009] EWCA Civ 717), in relation to a claim for damages for negligent misstatement, the Court of Appeal held that a trade association did not owe a duty of care to users of its website in respect of a statement that members of the trade association had been vetted and their work was guaranteed by the trade association (see Legal update, Court of Appeal holds that website owner did not owe a duty of care to user (www.practicallaw.com/9-386-6198)). The Court argued that, although the trade association knew users would be likely to rely on the statements made on the website, it had also advised that potential customers should obtain an information pack before engaging a contractor (which the claimants failed to do). This meant that there was not sufficient proximity between the website owner and the claimants to give rise to a duty of care.
This condition expressly excludes the website owner’s liability for any advice provided on the website, on the basis that the advice is provided for the convenience of the user only and does not constitute a contractual obligation on the part of the website owner. As with any form of liability, the website owner does not have complete freedom to insert limitation or exclusion of liability clauses into the website terms of use. Such conditions are governed by the Unfair Contract Terms Act 1977 (UCTA), which applies to exclusions and limitations in the course of business. For issues to be considered when drafting limitation or exclusion of liability provisions, see Main issues in software licensing and maintenance contracts: Limitation of liability (www.practicallaw.com/7-107-4789).
Our site changes regularly
Experience shows that users tend to visit certain websites for specific content, and that they react in a negative way if certain features to which they have become accustomed are removed by the website owner. Although users will not normally derive a right to access specific content, either from their use of the website or from the website terms of use, there may be cases (for instance, where access is subject to registration or subscription) where a user could argue that the website owner has agreed to provide certain content. This condition allows the website owner to update or remove content published on the website, or even to suspend the site. At the same time, it clarifies that the website owner is under no obligation to keep the information on the website up to date, even though the user may in some cases rely on the information posted. For a discussion of the issues relating to liability for incorrect advice provided on the website.
Our liability
This condition limits the website owner’s liability for any loss or damage arising from the use of the website by a user. For information on the exclusion and limitation of the website owner’s liability.
Information about you and your visits to the site
The website owner must comply with the provisions of the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) when processing personal information he receives from any user of the website. For this purpose, it is standard practice to publish a privacy policy on the website which sets out the website owner’s obligations in relation to the protection of the user’s personal data. However, the privacy policy is also used by many website owners to obtain certain implied consents from the user to ways in which the website owner wishes to process the user’s data. Although a link to the privacy policy will usually be displayed prominently on every page of the website, it is recommended that the user is also advised of the existence of such a policy in the website terms of use. A link to the policy should be included in this condition. See Standard document, Privacy policy (www.practicallaw.com/2-201-7192) for a standard form of privacy policy.
Transactions concluded through our site
Any supply of goods or services (including the provision of digital information, access to such information and online provision of software) via a website will be governed by a contract between the website owner and the customer. As in an offline context, the website owner will want to incorporate his standard terms of supply into any such contract with a user. This condition is intended to make the user of the website aware that any purchases made by him from the website will be governed by such standard terms of supply. The condition itself should ideally include a link to the webpage displaying the terms. See Standard document, Website terms and conditions of supply (www.practicallaw.com/resource.do?item=:16059431) for a suitable set of terms and conditions.
Uploading material to our site
Many website owners allow users to upload their own material to the website when they are, for example, using a chat room facility or posting a message on a bulletin board. Although the website owner’s liability for such material is limited (see Legal update, E-commerce Directive: extending the limits of liability (www.practicallaw.com/8-200-9542) for a detailed description of a website owner’s liability for third party content) he may, in certain situations, be deemed to have acted as a publisher of the content in question. This means that he may become liable where the material uploaded by the user is defamatory (see Practice note, Defamation on the internet: UK issues (www.practicallaw.com/6-107-4855)) or where its publication violates a third party’s intellectual property rights.
Where the website owner is unable to avoid such liability, he will want to be able to bring a claim against the user responsible for uploading the material in question, for any loss or damage incurred by the website owner in this respect. This condition includes a warranty by the user that any contribution he makes to the website complies with certain content standards. It also contains an indemnity in respect of any loss or damage incurred by the website owner arising from a breach by the user of that warranty.
The content standards with which users of the website have to comply can be set out in the terms of use. However, in practice, many website owners include such content standards in a separate acceptable use policy. In this event, a link to the webpage displaying the acceptable use policy should be included in this condition. See Standard document, Website acceptable use policy (www.practicallaw.com/9-201-6274) for a standard form of acceptable use policy.
Website owners may be under a legal obligation to disclose to third parties, including public authorities, material uploaded to the website as well as the identity of the user responsible for uploading the material. In the past, users have claimed that information uploaded by them onto a website was confidential and proprietary, and that the copying of the material necessary for such disclosure breached their intellectual property rights. Users have also claimed that disclosure of their identity and personal details to public authorities and third parties seeking to bring a claim against them (for instance, for defamation or breach of intellectual property rights) violates their rights under the DPA. This has become of particular interest in several cases brought by the BPI against internet service providers whose customers have used their internet access for the purpose of illegal peer-to-peer file sharing and copying of digital music (see Legal update, ISPs forced to reveal names of illegal file swappers (www.practicallaw.com/4-103-0179)). Although the courts have decided in favour of disclosure by the ISPs in nearly all known cases, the website owner should ideally obtain the user’s implied consent to such disclosure at the start of the relationship. This condition implies such consent.
The increase of user generated content (UGC) on Web 2.0 style websites has also prompted several companies, including NBC Universal, Microsoft, The Walt Disney Company and MySpace, to announce their support for a set of principles for user-generated content (UGC) services, which are intended to help UGC-service providers and commercial copyright-owners achieve various objectives, including eliminating infringing content on UGC services and accommodating fair use of copyrighted content on such services (see Legal update, Principles for user-generated content services published (www.practicallaw.com/1-378-8468)). Among other things, the principles provide that UGC-service providers should prohibit infringing uploads in their terms of use; implement filtering technology, in cooperation with copyright-owners, to try to eliminate infringing content; and block links to sites which have been identified as being clearly dedicated to, or predominantly used for, the dissemination of infringing content.
Finally, the website owner may be legally obliged to remove material posted by a user from the website, if such material is defamatory or in breach of a third party’s intellectual property rights, in order to avoid liability for such material under regulation 19 of the E-Commerce Regulations. This condition authorises such removal. For example, in October 2007, the High Court ordered the operator of a football club fan website to disclose the identity of five users of the site in relation to the posting of allegedly defamatory messages concerning the club’s management (see Legal update, High Court orders website operator to disclose users’ identity (www.practicallaw.com/3-378-8504)). In its decision, the court set out some clear guidelines as to when a court can require a website operator to disclose the source of defamatory material by way of a Norwich Pharmacal order (an order for the disclosure of the identity of a wrongdoer against anyone who, albeit innocently, becomes involved in the wrongful act of another), which built on the principles first set out in Totalise PLC v The Motley Fool Limited [2001] EMLR 750. There, the High Court had granted Norwich Pharmacal relief to the claimant, holding that the website operators should disclose the identity of the source of defamatory material posted anonymously to their discussion boards (see Legal update, Information technology: communications (www.practicallaw.com/9-101-4723)).
Viruses, hacking and other offences
In recent years, websites have often been targeted by hackers and others who, for commercial gain or criminal purposes, have tried to disable the website or to gain access to databases connected to the website (for example, databases containing customers’ credit card details). To this end, they have introduced viruses or other technologically harmful material, or launched denial-of-service or distributed denial-of-service attacks.
In the majority of cases, the user in question will be deemed to have committed a criminal offence under the Computer Misuse Act 1990 and will face criminal liability. (However, website operators should note that under certain circumstances, denial-of-service attacks will not constitute a criminal offence; see Legal update, Magistrates’ court dismisses charges arising from denial-of-service attack (www.practicallaw.com/5-201-5686).) This condition allows the website owner to disclose information relating to the relevant user’s identity to law enforcement authorities and to suspend a user’s right to use the website with immediate effect.
It also states that any such action by the user will be deemed to be a breach of the terms of website use, which may result in the user being liable for any loss or damage incurred by the website owner as a result of such an attack. In practice, there have been very few cases where website owners have brought civil claims against hackers and other perpetrators of computer crime. However, with recent increases in computer crime and improvements in computer forensics, companies may in the future decide to bring more civil actions against the perpetrators. This condition seeks to improve a website owner’s legal position by giving him a claim for breach of contract in these situations.
Where a website is attacked by a hacker, or by a user who successfully introduces a virus to the site, the website owner may, arguably, become liable to other users of the website to whose equipment the virus is spread inadvertently, or whose equipment may be affected by the use of the website as a “zombie” in a distributed denial-of-service attack. This condition seeks to exclude the website owner’s liability for any loss or damage incurred by third parties caused by viruses or other technologically harmful material. As with all attempts to limit or exclude liability, this clause is subject to the provisions of UCTA. This means that the exclusion must be reasonable under the circumstances. Depending on the relationship between the website owner and its users, website owners may have to prove that they have taken sufficient steps to ensure the security of the website and the safety of any customer details held in databases connected to the website (such as firewalls, virus protection and other technical security measures). It is possible that failure to take such necessary security measures may result in the limitation or exclusion of liability being held to be unreasonable.
Linking to our site
It is still unclear whether a mere link from one website to another constitutes a restricted act under Chapter 2 of the CDPA. Whilst the act of setting up a hyperlink is unlikely to be defined as “copying” of the material, it could fall under one of the new headings of “communicating” or “making a work available to the public”. It has been argued that, due to the technical nature of the world-wide web, which can only operate successfully through the use of hyperlinks, a website owner who publishes a website automatically grants an implied licence to all other website owners allowing them to incorporate a link to his website on their sites.
However, commercial issues have been raised in relation to such hyperlinks, for example, where links to a website were set up from websites containing illegal or commercially undesirable content. In addition, links to web pages other than the website’s home page can lead to a circumvention of commercial (for example, advertising) or legal information that is only available on the home page (“deep linking”). Links can also be set up in such a way as to imply that the content of the linked-to webpage has been published by the website from which the link initiates (“framing”). See Practice note, Linking, framing and spidering: UK issues (www.practicallaw.com/9-107-4788) for further information.
In many cases, therefore, website owners will not want to be bound by an implied licence to users to link to their websites. This condition seeks to rebut any assumption that an implied licence may have been granted. It sets out in detail the ways in which a third party website owner may set up a link from his website to the website owner’s website. It also clarifies that any other form of linking to the website is subject to the website owner’s express consent.
Links from our site
There have been cases in France and Germany where website owners have been held liable for content published on third party websites to which their site included a hyperlink. The case law in the Uk has so far been inconclusive. In 2005, the Department of Trade and Industry consulted on whether the liability protections already enjoyed by internet and telecommunications service providers in respect of illegal third party content should be extended to other types of online intermediaries, including providers of hyperlinks (see Legal update, E-commerce Directive: extending the limits of liability (www.practicallaw.com/8-200-9542)). In the consultation document the government argued that – by analogy with existing case law – there were strong arguments for a potential liability of providers of hyperlinks and location tools for copyright violations and defamatory statements on websites to which they provided links. There was also a possibility that those providers could be found guilty for contempt of court if a person in the UK uses a search engine or hyperlink to link to a non-UK website that contains material which breaches English law. However, in its response to the consultation the government concluded that although there were arguments for extending the limitations of liability to such intermediary service providers, there was currently not enough evidence to justify such an extension (see Legal update, Response to UK consultation on extending E-Commerce Directive to hyperlinkers and other intermediaries (www.practicallaw.com/4-211-3121)). However, the government will encourage the European Commission to take account of the issues raised during the consultation in the Commission’s second review of the E-Commerce Directive, which is expected in 2008. In the meantime, this condition seeks to exclude any potential liability of the website owner in such cases, although, as above, such an exclusion of liability must be reasonable under UCTA.
Jurisdiction and applicable law
This condition specifies that the right to use the website and any claims and disputes arising from that use will be subject to English law and the non-exclusive jurisdiction of the courts of England and Wales.
The Rome II Regulation (which applies from 11 January 2009) allows parties to agree a governing law for non-contractual obligations. In many cases, website owners will choose to conclude a governing law agreement which covers both contractual and non-contractual obligations and disputes. Even without the words in parentheses, the wording of the applicable law and jurisdiction clause is probably sufficiently broad to encompass non-contractual claims which relate to the contract. The words in parentheses are intended to put the matter beyond doubt, thereby securing the Rome II protection for freedom of choice.
Note, however:
Parties may wish to agree a more extensive choice of law for non-contractual obligations or disputes – for example, in respect of claims which relate to other, connected agreements. If so, a wider formula must be adopted.
Conversely, some parties may wish to restrict the contractual choice of law to contractual disputes. In that case, a narrower wording (such as, for example, “claims arising under the contract”) should be substituted.
The general rule in Rome II does not apply if the non-contractual obligation arises out of, among other things, the infringement of an intellectual property right (Article 8). Rome II provides that the applicable law in such cases shall be the law of the country for which protection is claimed (Article 8.1). In the case of a non-contractual obligation arising from an infringement of a unitary Community intellectual property right, if the issue is not governed by the relevant Community instrument, the applicable law shall be the law of the country in which the act of infringement was committed (Article 8.2).
In a standard form (non-negotiated) agreement or terms and conditions, the choice of governing law for non-contractual obligations may be ineffective. This is because this right of choice (provided by Article 14(1)(b) of Rome II) applies to agreements that are “freely negotiated”. Although the meaning of “freely negotiated” has not been defined in Rome II, its requirement creates uncertainty over whether a non-contractual obligation governing law clause in standard form agreements will be effective.
For a detailed discussion of the possibility of the parties agreeing contractually on the law that will govern their non-contractual obligations in the light of the Rome II Regulation, and more detailed discussion of the drafting issues which may arise, see HPractice note, Rome II: an outline of the key provisions (www.practicallaw.com/6-382-5703).
For further information on law and jurisdiction clauses, see Governing law and jurisdiction: drafting note (www.practicallaw.com/4-107-3852).
Trade marks
This clause clarifies that certain names or logos are trade marks of the website owner and that their unauthorised use would constitute a violation of the website owner’s intellectual property rights.
