In 2011, Pony Stars, an online virtual world, was fined $3 million for violating the COPPA Act. Pony Star’s crime? The platform, with over 821,000 registrants, was found guilty of collecting and sharing personal information of their largely underage user base without proper consent.
Pony Star’s case is just one of many incidents where businesses run into long-draw litigations and expensive penalties due to poorly drafted paperwork covering the —
Let’s explore how these critical, but often overlooked paperwork can be better optimized for businesses using websites, applications, and other online platforms.
1. Terms of Service (ToS)
The Terms of Service is the first and foremost contract a user will encounter on a digital platform. Also known as Terms and Conditions (T&C) or Terms of Use (ToU), this paper is drafted placing priority on the best interests of the business while informing the user of the following:
Here’s an example of how it works.
King.com Limited, the publisher of the popular puzzle game, Candy Crush, in its ToS contract lists the responsibilities of the users and what constitutes unacceptable behavior, including harassment, impersonation, etc.
The game publisher also limits it’s liabilities by waiving their responsibilities in scenarios such as data loss, service interruption, etc.
King.com Limited also informs the user of the jurisdiction where the breach in the ToS can be deliberated upon.
The ToS contract becomes enforceable once the user accepts and agrees to the different terms.
Must-have sections in a Terms of Service contract
Terms of Service requirements vary from business to business and region to region but there are some common sections shared across this type of contract.
General Guidelines and Termination
This section covers allowable and prohibitive practices that the user must adhere to. The business also reserves the right to terminate services in case of any violations.
For example, King.com Limited makes it mandatory for the user to access the platform legally and provide correct identifying information before using the platform.
Product and Services
A detailed description of the products and services must be provided to the user to represent them correctly and avoid any misunderstanding.
To solve this, King.com Limited has mapped out and elaborated on its different services under multiple subsections in the ToS.
Payments and Refunds
The user should be informed of the particulars for which they are being billed, the accepted modes of payments, and also if any third-party payments processors are involved. Details of refund procedures should also be elaborated upon.
King.com Limited offers users with one-time microtransactions and subscription plans. Here, they have mentioned how the payments for their subscriptions function.
Disclaimers and Limitation of Liabilities
The business should make it clear to the user that the product or service is available on an “as is” basis and that the user is accessing the platform at their own risk. This section should also cover scenarios and waive responsibility, thereby limiting the liability of the business.
Copyright and Intellectual Property
A section covering ownership of intellectual property and warning the user against use of services, trademarks, logos, etc., will serve as a good deterrent against infringement and plagiarism.
King.com Limited does this by explicitly stating that the user has no ownership over any part of their service.
Governing Jurisdiction
It is also important to elect a governing jurisdiction to allow users to seek resolution through courts. The business should also mention if it prefers to settle disputes through arbitration, enabling the user to make an informed decision when purchasing the product or service.
In its ToS, King.com Limited states that Los Angeles County, California shall serve as the governing jurisdiction for US residents.
Data Usage and Privacy
The user must be informed of how their data is being collected, stored, and utilized. Usually, this section is linked to a broader independent Privacy Policy page.
King.com Limited does this by referring the user to their Privacy Policy statement.
Contact Information and Dispute Resolution
Users should be able to contact the business owner should there be any queries or concerns. Therefore, it is important to include contact information such as email, phone number, or business address.
King.com Limited instructs users to contact them using a specified email ID.
Best Practices for ToS Presentation and Publishing
Terms of Service contracts are highly criticized for not only their vaguely worded information, but also their user-unfriendly format. These characteristics tend to misguide readers and do not inform them about the demerits of clicking the “I Agree” button.
Here’s how you can avoid falling into the trap of creating an uninviting ToS:
1. Simplicity
An average ToS contract presents information at a postgraduate reading level. To add to this, the language used is highly jargonized and sentence structures are complex.
In comparison, the average internet user prefers written content that is at an 8th grade level. By using simple language and coherent sentences, you can make the contract approachable and easy to understand. This while bringing down the biggest barrier to ToS contracts.
2. Consistency
Imagine reading a novel, where the author introduces a new character in every new chapter without providing prior context and refers the reader to other books to gain familiarity. Wouldn’t that be irritating?
ToS contracts function in a similar manner. Sections are interlinked and distributed, forcing the reader to reference multiple documents at once, making the activity tedious and confusing.
Instead, focus on making the contract as convenient as possible to the reader. This means avoiding unnecessary hyperlinking and referencing, summarizing sections, and offering a clear table of contents.
3. Modern
Unsavory fonts, cramped spacing, and endless pages summarize the state of affairs of contemporary ToS contracts. These factors are the outdated remnants of traditional contracting that is so out of place in an increasingly digital world.
Today’s internet users prefer to consume their content quickly and easily. Explore out-of-the-box and engaging ways to present the ToS contract. This can be in the form of infographics, interactive media, etc.
4. Transparency
Change is constant. This adage also applies to ToS as organizations, industries, and regulations are always evolving and shifts in stances will be reflected in the contract as well. However, whenever new edits are made to the contract, the users are not notified and they might give consent to things they did not sign up for initially.
By maintaining an audit trail that chronicles the different changes as well as setting up a system to alert the user of revisions to the terms of service can go a long way in building trust and credibility among users.
5. Accessibility
Usually, the only time users view the ToS contract is when they sign up or purchase the service or product. However, there may be instances when the user wants to reference the contract but is unable to do so.
To prevent this, it is a good idea to keep the terms of service accessible. This means placing the contract behind clearly labelled tabs on the website as well as in the website’s footer. Accompanying the contract with FAQs of common queries that readers encounter can be an added benefit. It is also a great idea to offer an audio version of the contract as it allows users with disabilities to access and understand the contract management as well.
The next issue a business has to deal with is information. In an age of Big Data and hyper-personalized ads, user information plays a key role in business strategy and growth. However, collecting data is tricky and with changing regulations, taking the informed consent of the user gains paramount importance. To solve this dilemma, a privacy policy is required.
2. Privacy Policy
A privacy policy is a statement that informs the user of the business’ data collection and usage practices. This document is legally required, where the business must accurately depict how the personal information of the users will be utilized and what are the risks associated with it.
Laws and Compliance
Privacy Policies are also required to comply with privacy disclosure laws based on region, industry, and target audience. Some common legislations include:
1. EU GDPR (General Data Protection Regulation)
The EU GDPR is a mandatory law dictating how businesses can collect, structure, organize, utilize, share, disclose, and destroy the consumer’s personal data.
The following are the provisions mandated under the GDPR:
2. California Online Privacy Protection Act (CalOPPA)
The California Online Privacy Protection Act (CalOPPA) went into effect in 2004 and was subsequently amended in 2013 to cover privacy disclosures related to tracking online movement. The law is also binding to businesses that are not located in California, but still collects personal information of residents from that state.
The CalOPPA Act states that the business has to:
3. Children’s Online Privacy Protection Act (COPPA)
For businesses providing services to children under the age of 13, the Privacy Policy should seek compliance with the Children’s Online Privacy Protection Act (COPPA). The act lists the provisions for collecting and managing personal information of minors as well as guidelines to the type of content made accessible to them.
The COPPA Act stipulates that a business should:
Best Practices for Disclosures
The privacy policy should also offer the user transparency with regards to data collection, usage, sharing, and security of personal data. This can be broken down into four sub-categories:
A. Notice
The privacy policy should declare the following information to the user:
B. Consent
The business should allow the user to choose if the user would like their data being collected, used, and shared.
C. Sharing and Access
The business should give clarity on user data sharing and how the user can access their data.
D. Security
The business should provide information on the steps taken to protect the user data.
3. Cookie Consent
Websites collect and store small pockets of information known as cookies locally on the user’s browsers. While these cookies help improve the website’s load time, it also plays a huge role in personalizing user experience by targeting related content and advertisements.
Therefore, cookie consent is important as a business should take the permission of the user before deploying cookies and trackers to collect personal data. This practice is aimed at protecting the privacy of users when browsing through websites.
Types of Cookies
In all, a website collects six different types of cookies, they are:
Seeking Consent
Regulations like the GDPR mandate that websites should prominently feature a banner that informs the user of cookie usage and must also take their active consent.
Active consent does not refer to simply displaying cookie banners and popups or if the user continues scrolling through the website after ignoring the cookie notices.
Instead, businesses should follow strict protocol in order to ensure proper consent is taken from the users.
Non-ticked checkboxes
The form collecting the consent should not feature pre-ticked checkboxes when first presented to the user.
No passive consent banners
The website should not rely on the user finding the cookie policy, but instead display the consent form actively.
Display Accept, Reject, and Withdraw buttons
The user should be given the option to accept, reject and even withdraw their consent using the same cookie form.
No content blocking
In case the user does not consent to the use of cookies, the business cannot prevent the user from engaging with the website.
No clubbing of different cookie consents
The website should clearly mention the different cookie types being used instead of grouping consent under a single header.
Simple language
The cookie consent form should use simple, non-jargon language that is easy to read and understand.
No deceptive practices
The cookie consent form design should be neutral, so as to not confuse the reader by using differently colored buttons, etc.
