- Wednesday, September 12, 2012
Contact: Boodle Hatfield (London, England)
The design, structure, functionality and content of a website will inevitably vary depending on the size, reach and industry sector of the business it represents. However, there are a number of commercial, financial and legal risks connected with each and every website. Whatever the size of your business, if you are unsure about the answer to any of the following four questions you are probably exposed to higher legal risks than you should be:
Whose site is it anyway?
Very few businesses will have all the resources and skills that are required to set up, design and maintain a website in house. Web designers and other third parties are therefore frequently engaged to provide some or all of the relevant services. It is a common misconception that the copyright and related intellectual property rights in the various aspects of a webpage created or added to by a designer (such as design and graphics, specially written text, the coded version of the pages etc) automatically belong to the business that engages the designer. By law, it is in fact the designer who owns these rights unless they are expressly transferred to the business in writing. Accepting a designer’s terms and conditions unread or proceeding without any written agreement in place at all can accordingly be a very costly decision, in particular at times when the business comes under close scrutiny by potential investors and/or buyers. Similarly, do ensure that where the initial registration of your domain name is undertaken on your behalf by a third party the registration is either made in your business’ name or the domain name is formally transferred to you as soon as possible after registration. Finally, legal ownership of a website does not automatically equate to portability; unless you have a fairly up to date, full set of your webpages in electronic form the transfer of your website to another service provider can involve unexpected costs and delays if the relationship with your previous service provider does not end on good terms.
How do I maintain my domain?
Choosing and registering an appropriate domain name will inevitably be the first step in the set up and operation of a website. It is however easy to forget that a domain name needs to be maintained, i.e. the registrant only has a right to use the domain for a certain number of years and then needs to renew the domain for it not to expire and therefore become available to third parties again. Some domain name registrars run an auto-renewal service where the registrar guarantees to renew the domain name in good time at the end of that fixed number of years. Others notify the domain holder of a forthcoming renewal by e-mail, mostly about 30 days before the renewal date. Some do not offer either service. The applicable policies for maintaining domain names can therefore vary substantially between the more than 1,000 companies accredited with ICANN (Internet Corporation for Assigned Names and Numbers) to register generic top level domains. If you are not aware of the date on which your domain name registration will expire and the maintenance policy of your registrar already do check these points so that your organisation can then put appropriate measures in place in order not to miss the renewal date. In any event, whether in relation to renewal dates, disputes or administrative matters, your domain name registrar will only be able to reach you if it is in possession of up to date contact details so do ensure that these are updated where necessary.
What legal information does my website need to display?
If you are a company incorporated under the laws of England and Wales, your website (just like all of your letters and order forms) must display the company’s registered name and company number, registered office and the part of the UK in which it is registered.
Additional obligations may apply by law depending on the nature of the business being carried out and you should ensure your business is not in breach of these obligations. For example, if your business provides online services, the following information must also be available on your website:
Similarly, if your business is a member of a regulated profession (e.g. solicitors, doctors or accountants), your website should also contain the following:
Further rules will apply to public limited companies. For example, the AIM rules prescribe that the website of an AIM listed company must include certain information and documentation (including copies of its current articles of association and its most recent annual report, details of its nominated advisor and other key advisors, copies of all RNS announcements made by the company in the last 12 months, and certain information regarding the securities in issue in the company) and this information must be up-to-date and free of charge.
Cookies, Privacy and Permitted Use – What policies do I need?
Privacy - Getting up close and personal
Not only social networking sites have to be mindful of data protection legislation. Nearly all commercial websites have to comply with the principles contained in the Data Protection Act 1998 (the “DPA”) if they are deemed to process personal information. In addition to bad publicity, failure to comply with the DPA can lead to the company and any neglectful officer of the company being fined up to £5,000.
‘Personal information’ includes any information which allows a living individual to be identified, which will include something as little as someone’s name, address or email address. The ambit of ‘processing’ is even wider and covers, amongst other activities, the consultation, organisation and dissemination of such information. In the words of the regulator, “it is difficult to envisage any activity involving data which does not amount to processing”.
Businesses which process personal information are obliged (subject to limited exceptions) to register with the Information Commissioner before they start processing it. This can be done online at: http://www.ico.gov.uk/for_organisations/data_protection/notification/notify.aspx.
There are some useful exemptions to the above rules, most pertinent where the information is only used for internal administration. However, even if one of the relevant exemptions can initially be relied upon, businesses need to monitor regularly whether this remains the case as their commercial activities evolve.
Cookies are small files implanted on a user’s hard-drive which collect information about that user, e.g. to remember their log-in details. Nearly all commercial websites use at least simple cookies so chances are that your website does as well. From 25 May 2012, all websites were required to be compliant with Article 5(3) the E-Privacy Directive which was implemented into UK law by the Privacy and Electronic Communications (EC Directive) Regulations 2003 (amended in 2011) and requires informed consent of the website user prior to the instalment of a cookie.
In what was seen as a u-turn, on 24 May 2012 (the day before compliance became mandatory) the Information Commissioner published guidance stating that implied consent, meaning relying on users understanding that cookies are being set, can, in certain circumstances, constitute informed consent. This means that there is no longer going to be a strict requirement to have a pop-up box or similar technique to make users accept a website’s cookies policy before accessing the page (active consent).
The current guidance from the Information Commissioner does state, however, that implied consent cannot be read as simply doing nothing, but that a business must satisfy itself that the users of its website understand that their actions will result in cookies being set.
While the Information Commissioner has indicated that a proportionate approach will be used in enforcing the new law provided that the website owner can show it is working towards compliance, businesses should be aware that fines of up to £500,000 can be imposed for a breach of its requirements.
If you have not already done so earlier this year do therefore speak to your IT Team and/or website designer to ascertain the cookies set by your website and then consider the necessary steps to bring your website into compliance with the Regulations.
Terms and conditions dealing with the access to and use of a website may not be a must for all websites (they clearly are for websites that are used to process orders for the supply of goods and services!) but are nevertheless advisable for most websites to assist the underlying business in preventing unauthorised reproduction of materials from and unauthorised linking to the site and in restricting its potential liability to visitors.