e-commerce Archives

SaaS Agreements – Website Legal Requirements – for SaaS Suppliers

Below, I have set out the main legal requirements (including some optional recommendations) that you should comply with when operating your website in the UK. Even if you do not sell SaaS products or services online via your website, you will still need to comply with the following English laws when operating a website in the UK.

Mandatory Requirements

About Us/Contact Information

You must provide the following information in an easily accessible position on your website:

  • your legal name i.e. XYZ Ltd
  • your geographical address
  • contact details i.e. telephone number, fax number and email address
  • which country your business is registered in and the registration number
  • details of any supervisory body which regulates your business i.e. the FSA. For regulated bodies more detailed information is required.
  • where you are registered for VAT and your VAT number
  • clear details of prices and whether or not delivery and/or tax is included

Registration under the Data Protection Act

If you collect any personal data on your website – i.e. email address, name or address of a living individual, you will be processing personal data and must register as a data controller under the Data Protection Act (DPA). As a SaaS supplier the DPA will apply as soon as you require users to register in order to access your SaaS website or receive a newsletter or marketing information from you.

Privacy Policy

If you are collecting personal data it is a criminal offence not to register as a data controller under the Data Protection Act (DPA).

If you are collecting, storing or processing personal data you need to inform SaaS customers or website users how, what and why you are using their personal data in order to comply with the DPA. Even if you do not collect personal data on your website as a SaaS supplier you will be collecting and processing personal data on behalf of your SaaS customers.

Also, if you are sending marketing emails to potential SaaS customers you need to ensure that you have obtained specific consent, BEFORE such emails are sent. Consent should be covered in your privacy policy and the registration process on your website.

Cookie Policy

Cookies are small text files placed on a user’s computer which record online activity. Virtually all websites use cookies. Most use analytics cookies to measure visits and use of websites. Performance and functionality cookies are used to make repeated use of a website more comfortable for the user and advertising cookies are increasingly used to collect information about users for targeted marketing purposes.

You must provide users with clear and comprehensive information about the type of cookies being used on your website and the purposes for which the information is collected (subject to some exceptions). Users must give consent to the use of cookies. Consent can be obtained, by specifically making users aware of their acceptance of the terms of your cookie policy (or the relevant section of your privacy policy) by virtue of continuing to use your website.

Disabled Access to your Web Site

If you offer SaaS goods or services on your website you need to make your website accessible to disabled users. Level 1 compliance with the WC3 standard will usually suffice.

Trademarks and Logos

Do not use other people’s trademarks or logos without their consent on your website or you could be liable to pay damages for trademark infringements.

Copyright

Do not use other people’s content without their consent on your website, or you could be liable to pay damages for copyright infringements. If you have links to other people’s content, make sure that this is permitted in their terms of use and ensure that the information opens in a new frame.

Online Payment

If you accept online payment for your SaaS goods or services you must provide SaaS customers with specific information about their right to cancel, VAT and prices, refunds and defective goods PRIOR to the sale being concluded.

Recommended Requirements

In addition to the above mandatory rules it is advisable to include the following information on your website.

Terms of Use/Disclaimer

You should set out the rules applicable to visitors using and accessing SaaS goods and services on your website. For example, state who may access the website i.e. consumers, businesses, over 18s. You should also aim to limit your liability for information on your website. For example, state which law applies and your limits on liability. However, please note that you cannot exclude or limit certain liabilities in particular circumstances  – particularly in relation to consumers, injuries caused by goods and services, or defects in your goods and SaaS services.

Copyright Notice

Protect the information on your SaaS website by inserting a copyright notice “© company name 2013.  All rights reserved.” Without this notice, it may be difficult in some countries to take legal action against any copyright infringement.

Summary

The above are examples of the main legal requirements for UK websites. This is a very complicated area of law and the specific rules that apply to you will depend on what goods and SaaS services you are offering, whether you are acting BTB (business to business) or BTC (business to customer), where you are based, where your customers are located and many other factors.

Help

Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

Website Legal Requirements – Tweeting – 5 Legal Offences to Avoid

There have recently been a number of high profile cases on liability for the sending of inappropriate tweets in the UK and the USA.

As tweeting becomes more and more the norm for many businesses it is important to consider the legal consequences of staff sending inappropriate tweets. Before allowing, permitting or encouraging staff to start tweeting on your behalf or with your brand you should consider creating a tweeting policy. This should set out guidelines on what is, and what is not permitted. It should also state whether any approval needs to be obtained before tweets are sent. Staff should be made aware of this policy and agree to comply with it.

Below is a brief summary of 5 possible offences that you should specifically cover in your tweeting policy.

Misrepresentation

Tweets containing false information that might induce another person to act on it.

Harassment

Tweeting words that cause ‘alarm’ or ‘distress’.

Malicious Tweets

Being “reckless” with the truth or sending false information in tweets for the purpose of damaging another’s commercial interests.

Defamatory Comments

Tweeting information that damages a person’s reputation unless you can prove that the information is a truthful, honest opinion.

Menacing Tweets

Tweeting content that is grossly offensive, indecent, obscene or menacing.

Penalties for Tweeting Offences

If a court in the UK finds you liable for any of the above offences you could be:

  • fined;
  • imprisoned for up to 2 years;
  • liable to pay damages for losses suffered;
  • liable to pay compensation for causing distress;
  • sued for libel and face an order for damages and costs.

It is therefore important that you consider whether there is a business need to protect yourself and your business from such potential “tweeting” claims.

Help

Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

Website Legal Requirements – Privacy Policy – Basics for your Website

If you are operating a website and require users to register in order to use your website or you are simply using Google analytics on your website then you are collecting and processing personal data. Under the Data Protection Act 1998, if you collect, store or process personal data you must provide specific information to the persons whose personal data you are using. This information is usually provided to users in a privacy policy which should be published on your website.

The following basic issues should be covered in your privacy policy.

Personal Data Practices

Your privacy statement should reflect your personal data practices. For example, it should include details of:

  • The type of data being collected;
  • Why the data is collected;
  • How the data is used and why;
  • If and why personal data will be disclosed to third parties;
  • How and where data is stored;
  • How complaints or queries about personal data will be dealt with.

Cookies

Cookies are small text files placed on a user’s computer which record online activity. Virtually all websites use cookies. Most use analytics cookies to measure visits and use of websites. Performance and functionality cookies are used to make repeated use of a website more comfortable for the user and advertising cookies are increasingly used to collect information about users for targeted marketing.

In your privacy policy you must provide users with clear and comprehensive information about the type of cookies being used on your website and the purposes for which the information is collected.

Where should the Privacy Policy Appear on my Website

The privacy policy should be easy to find on your home page and/or at the point where you obtain consent to the collection of the personal data i.e. where a user registers on your website. It is advisable to have links between the privacy policy and all references made to it on your website. For example, if you are providing online recruitment services you should place your privacy policy on your home page and also have a link to it when users register to use your website or services. In addition you should have a process for the user to confirm acceptance of your privacy policy i.e. by actively clicking an acceptance box or a double opt-in email process.

Compliance with other Laws

You will need to consider your compliance with any other applicable laws or rules, which will apply in relation to the collection of a user’s personal data. Which other laws apply will depend upon a number of factors. For example if you are selling or providing services to children (persons under the age of 18) you must have additional safeguards in place on your website. For example, you will need to obtain parental consent before you collect any personal data for children of certain ages. Or if you are providing services to children which include advertising or marketing you will need to comply with the CAP Code.

The type of products or services that you are offering online and the countries in which you are making these available will also be relevant – as this will determine whether national, EU and/or international laws will also apply to your website. Depending on the business sector in which you operate, the rules of self-regulatory schemes may also apply. For example, if you are providing email marketing services to users you will need to comply with applicable email marketing and advertising rules.

Help

Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

Website Legal Requirements – Providing Mandatory Information to Consumers

Website operators who sell products or services to consumers online must comply with the provisions of the Consumer Protection (Distance Selling) Regulations 2000. These require you to provide consumers with specific information in a durable medium before the products or services are delivered.

Pre-Contract Information

The following minimum information must be provided to customers before online sales are concluded:

  • the name and full address of the supplier;
  • exactly what is being bought;
  • the price (including any additional charges or costs, such as taxes and delivery costs).

The above information must be provided in a way which allows the customer to store, access and reproduce the information for as long as may be necessary in connection with the online sale.

Cancellation Rights

You must inform customers of their right to withdraw from the contract within the cooling-off period (14 days), otherwise the customer’s right to withdraw will automatically extend to 12 months.

What is a Durable Medium

“durable medium” is not defined in the Distance Selling Directive on which the UK law is based. The Office of Fair Trading states in its guidance that a website is not a “durable medium” because it can be changed at any time after it has been accessed by a consumer.

This view seems to have been confirmed by the recent European Court of Justice (ECJ) case below.

Content Services Ltd v Bundesarbeitskammer

The ECJ ruled in this case that sending a consumer a link to terms and conditions on a website does not constitute providing information in a “durable medium” because:

  • the consumer must receive the relevant information without having to take any positive action i.e. clicking on a link; and
  • a website is not a “durable medium” as it does not allow a consumer to store information which has been addressed to  him personally; the content can be changed;and it does not allow the consumer to reproduce the information unchanged.

How to Provide Information Correctly

In light of the above ruling if you enter into distance contracts with consumers which are subject to the Distance Selling Regulations, make sure that you do not rely on a link to a web page to provide customers with the required information.

Instead you should provide the required information:

  • via  email before the products or services are delivered; or
  • send the consumer a hard copy of the information by fax or in a posted delivery note.

Help

Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

 

SaaS Agreements – Terms and Conditions – Email Marketing Rules

There are a number of guidelines and laws that have to be complied with when sending marketing emails and text messages in the UK. If you are a SaaS supplier who provides email marketing services as part of your SaaS services to customers you should ensure that your SaaS customers comply with the following rules and Regulations. Also do not forget that you may need to comply with the rules yourself when carrying out your own email marketing campaigns.

Privacy and Electronic Communications Regulations 2003

The Regulations apply to marketing by email, text message, telephone or fax sent to individuals. The rules apply to promotions appearing on your own website, through a SaaS partner’s website, in a third party e-newsletter, or as part of an advertising or email campaign.

Important note: The rules do not apply to emails sent to organisations, although you must still comply with the disclosure provisions referred to below.

Consent

The general rule is that you cannot send email marketing unless you have obtained prior consent from the person concerned. However, there is an exception if you send marketing emails to existing customers for similar products and services, provided that:

  • the individual was given a simple opportunity to opt out from receiving marketing  emails when their details were collected; or
  • the individual is given a simple way to “opt out” in future emails i.e. via an unsubscribe option.

Disclosure

When sending an electronic marketing message, you must tell the recipient who you are and you must provide a valid contact address.

CAP Code Advertising Rules

The CAP Code which sets out the rules administered by the Advertising Standards Authority (ASA) has now been amended to include the same rules as above in relation to marketing emails and test messages. Note that the Code also covers on-line banner ads, pop-ups and moving image posters. Although the CAP Code lacks the force of legislation it should be followed by all businesses to avoid sanctions being imposed, for example, adverse media coverage or denial of advertising space.

Terms to Include in your SaaS Agreement

If you are a SaaS supplier providing email marketing services to SaaS customers you need to ensure that the customer will be liable for any breaches of the above rules. You should include the following terms in your SaaS agreement:

  • A warranty that the customer will comply with the above rules when sending marketing emails; and
  • An indemnity from the customer against all claims made by third parties relating to breaches of the above rules.

Additionally you should exclude all liability for any breaches of email marketing rules and the content of any such emails.

Help

Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

Website Legal Requirements – Cookies – Updated ICO Guidance

The UK Information Commissioners Office (ICO) will now start to investigate and prosecute companies for breaches of the Privacy and Electronic Communications (Amendment) Regulations. These set out the obligations of website operators to provide users with information about cookies and obtain user consent to the use of cookies. Failure to comply with the rules can result in a fine of up to £500,000.

What is a Cookie?

Cookies are small text files placed on a user’s computer which record online activity. The majority of websites use cookies to measure visits and the use of websites (analytics cookies). Cookies are often also used to save user names, passwords and user preferences to make repeated use of a website more comfortable for the user. However, increasingly cookies are being used to collect information about users for the purposes of targeted marketing.

Changes to the Data Commissioner’s Guidance

On the 25th of May 2012 the ICO revised its guidance on how to obtain consent from users to the use of cookies.

It is now acceptable for website operators to obtain implied consent from users to the use of cookies, provided that:

  • users take some action from which consent can be inferred, i.e. accepting a privacy policy on a website;  and
  • users understand that their actions will result in cookies being set.

Where such implied consent is obtained by users agreeing to a privacy policy, the privacy policy must be easy to find on the website and not be difficult to understand.

However, where companies are collecting sensitive personal data (such as health information), be aware that implied consent will probably not suffice and explicit consent will need to be obtained.

Monitoring and Penalties for Breach

It is unlikely that monetary fines will be issued by the ICO in the first instance for failure to comply with the new cookie rules. The ICO has stated that it will consider ensuring compliance by requiring companies to give formal undertakings and by issuing enforcement notices.  Compliance of websites generally will be monitored by the ICO via its online reporting tool. Members of the public will be able to report cookie concerns about particular websites or sectors, by using the online tool on the ICO’s website.

Help

Irene Bodle is an IT lawyer specialising in Internet Law and SaaS Agreements with over 10 years experience in the IT sector. If you require assistance with any Internet Law, SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

SaaS Agreements – Terms and Conditions – Online Sales

SaaS Agreements – Online Sales – Terms and Conditions

Many SaaS suppliers now conclude sales of SaaS products with customers online, usually by having customers “click” acceptance of terms and conditions published on their website. SaaS suppliers need to ensure that their online terms and conditions include the following information, in order to create a legally enforceable SaaS agreement with the customer.

E-Commerce Regulations

These Regulations apply to all SaaS suppliers who sell or advertise SaaS services online. The Regulations apply BTB (business to business) and BTC (business to customer).

The SaaS supplier must provide the following information on its website:

  • legal name i.e. XYZ Ltd. If this is different from your trading name any differences should be explained;
  • geographical address,  which must be the registered office if you are a company;
  • which country your business is registered in;
  • the registration number of your company;
  • details of any supervisory body which regulates your business i.e. the FSA;
  • VAT number and where you are registered for VAT;
  • clear details of prices and whether or not delivery and/or tax is included.

It is advisable to include all of the above information (as applicable) in your online terms and conditions.

Incorporation of Terms

In order for a SaaS customer to be legally bound by your online terms and conditions, the content of the terms and conditions must be drawn to the customer’s attention before the SaaS products are purchased.

Customers should be required to:

  • “click” acceptance to your terms and conditions; or
  • read, or scroll through the terms and conditions;

before purchasing the SaaS products.

Changes to Terms and Conditions

If you want customers to be legally bound by future changes to your online terms and conditions, you must state this in your online terms and conditions. You should also make the terms and conditions available on your website at all times, so that they can be stored or reproduced by customers.

Customer Cancellation Rights

If you are selling SaaS products to consumers the provisions of the Distance Selling Regulations 2000 (as amended in 2005) will apply and from Autumn 2013 the new EU Consumer Rights Directive will also apply. These contain provisions about mandatory “cooling off” periods and customer cancellation rights, with limited exceptions. However, if you only sell SaaS products BTB, these rules do not apply.

Other Laws

In addition to the E-Commerce Regulations, depending on whether or not you supply SaaS products BTB or BTC, other laws such as the Unfair Contract Terms Act 1977, the Unfair Terms in Consumer Contracts Regulations 1999 and the Supply of Goods and Services Act 1982 will apply to your online terms and conditions.

Help

Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

Website Legal Requirements – Cookies – New Guidelines

From the 26th of May 2012 the UK Information Commissioners Office (ICO) will start prosecuting companies for breaches of the Privacy and Electronic Communications (Amendment) Regulations. These set out the obligations of website operators to provide users with information about cookies and obtain their consent when using cookies. Failure to comply with the rules can result in a fine of up to £500,000.

What is a Cookie?

Cookies are small text files placed on a user’s computer which record online activity. The majority of websites use cookies to measure visits and the use of websites (analytics cookies). Cookies are often also used to save user names, passwords and user preferences to make repeated use of a website more comfortable for the user. However, increasingly cookies are being used to collect information about users for the purposes of targeted marketing.

The New Rules

The new rules apply to the use of all cookies or similar technologies for storing information such as flash cookies, web beacons or bugs. No distinction is made between different types of cookies in the rules. They apply to both session and persistent cookies and first party and third party cookies.

Consent

Consent must be freely given, specific and informed, unless the cookie is ‘necessary’ for the delivery of the service, for example, where the cookie takes the user from a product page to a payment page. This generally means that a user needs to “opt in” to the use of cookies.

The more specific the consent is the less likely it is that you will be in breach of the rule.  For example, if you obtain consent before the cookie is set you will have specific consent. If you rely on implied consent you will need to show that the user has taken some positive action to imply consent. The UK Chamber of Commerce has provided some suggested wording for use on websites.

Cookie Information

Clear and comprehensive information about the type of cookies being used and the purposes for which these are being set must be provided. The UK Chamber of Commerce suggests categorising cookies into 4 groups – strictly necessary, performance, functionality and targeting/ or advertising cookies.

Who do the Rules Apply to?

The Regulations do not define who is responsible for complying with the rules so primarily it is the person/company setting the cookie. Where third party cookies are used both parties will have a responsibility for ensuring users are clearly informed about cookies and for obtaining consent.

Organisations based in the UK will be subject to the rules even if their website is hosted outside of the UK. If organisations are based outside of the EU but their websites are designed or products and/or services are directed at EU customers they should provide information and choices about cookies that comply with the rules.

Guidance on How to Comply with the New Rules

The ICO has issued non-binding guidance suggesting ways in which consent to the setting of cookies can be obtained and the International Chamber of Commerce (ICC) UK’s guidance also suggests various methods for complying with the notice requirements. A summary of these suggestions and some examples from the guides have been set out below.

  • Terms and Conditions: When users sign-up for using a website, consent to the use of cookies should be obtained on registration, specifically or by reference to a privacy policy, cookie policy or terms and conditions. This does not however cover the problem of obtaining consent from existing users.
  • Banners /Footers: Where websites have cookies built into the landing page the use of cookies should be highlighted in a prominent place on the landing page i.e. via a banner – as on the ICO home page,  or in a footer or information box – as on the bt.com website.
  • Pop-ups: Each time a cookie is to be set a pop-up will inform the user. By continuing to use the website, the user will be deemed to have consented to the cookie. However in practice, these are not a very practical solution, particularly where numerous cookies are used.
  • Settings /Features: Where users can choose preferences when using a website for example via the use of videos that remember how users personalise their interaction, these settings/feature could be used to obtain consent.

Additionally, the Internet Advertising Bureau Europe (IAB) has developed a voluntary code using the display of an icon on a website whenever an advert tracks a users’ behaviour. By clicking on the icon the user can switch off behavioural adverts. However this only apples to the adverts of companies who are members of the scheme.

How to Avoid Fines

Despite the impending May deadline, many companies have not taken any action to amend their websites and are simply waiting to see what happens. In light of the guidance from the ICO this is not advisable.

You should be carrying out a cookie audit, if you have not already done so to review the use of cookies on your website. You will need to assess what type of cookies you use, how long they are being used and remove any redundant or unnecessary cookies.

Thereafter you should update the information you provide about cookies in your privacy policy or create a separate cookie policy, ensuring that this information is easy to find on your website. You need to state the type of cookies you use, why you use them and how users can opt out of you using such cookies.

You also need to review the steps that you take to obtain consent to any cookies you use. How and when the consent is obtained. Is it implied, or specific. Also do not forget to provide information about any third party cookies that are placed and provide links to information about these that third parties may provide.

Enforcement by the ICO

From 26th May 2012 you must comply with the new rules and the ICO will start taking formal action. The ICO has stated that they will be selective. For example, they have clearly indicated that they are unlikely to prosecute companies who only use analytic cookies and will concentrate on websites where no steps have been taken towards collecting consent or where particularly intrusive cookies are used.

Help

Irene Bodle is an IT lawyer specialising in Internet Law and SaaS Agreements with over 10 years experience in the IT sector. If you require assistance with any Internet Law, SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

Website Legal Requirements – Online Sales – New Consumer Rights

If you supply goods and services to consumers via the Internet you will need to change your terms and conditions of sale to incorporate the new EU Consumer Rights Directive before the end of 2013. The new directive harmonises consumer rights protection across the EU for all BTC (business to customer) online sales of goods and services. The directive must be implemented into UK law before the end of 2013 (probably in a Consumer Bill of Rights) which will result in the following compulsory rules applying to online sales.

Cooling-off Period

Customers will have 14 days (instead of the current 7 days) to cancel an online contract for no reason, free of charge. The 14 days will start on receipt of goods (where goods, or goods and services, are purchased) and on the date of the contract (where services are purchased). There is an exception for digital content – where the sale is deemed to be concluded from the moment that downloading begins, provided that:

  • you have obtained the customer’s prior express consent; and
  • the customer has acknowledged that there is no right to cancel.

Suppliers must inform customers of their right to withdraw from the contract within the cooling-off period, otherwise the customer’s right to withdraw will automatically extend to 12 months.

If a contract is cancelled during the cooling-off period, provided that the goods are returned within 14 days of the customer giving notice of cancellation, the supplier must refund:

  • the price within 14 days of the cancellation date; and
  • the postage costs for returning the goods, unless the supplier clearly informed the customer prior to the contract being concluded, that these costs would not be refunded.

Pre-Contract Information

The following minimum information must be provided to customers before online sales are concluded.

  • the name and full address of the supplier;
  • exactly what is being bought;
  • the price (including any additional charges or costs, such as taxes and delivery costs);

The above information must be provided in a way which allows the customer to store, access and reproduce the information for as long as may be necessary in connection with the online sale.

Also note that before the online sale is concluded the total price, including all charges should be made clear. The use of ‘pre-ticked boxes’ to conceal hidden charges will no longer be acceptable.

Delivery Date

Goods must be delivered without undue delay and in any case no later than 30 days from the conclusion of the contract.

Surcharges and ‘Hotlines’

Suppliers must not charge customers more for specific payment methods than they pay themselves i.e. fees for using a credit or charge card. In addition customer service telephone numbers must be charged at a basic NOT premium rate.

What to do Next

In preparation for the changes, you should review your current terms and conditions and customer policies now to adapt them to comply with the new rules.  Customers are more aware of their online rights and increasingly make complaints. Also, national regulators will also be keen to enforce the new rules and make public examples of non-compliant companies.

Help

Irene Bodle is an IT lawyer specialising in Internet Law and SaaS Agreements with over 10 years experience in the IT sector. If you require assistance with any Internet Law, SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

Website Legal Requirements – Cookies – Non-compliance of Public Authority Websites

As a result of changes to the EU Privacy and Electronic Communications Directive it is unlawful to use cookies to collect user data without first obtaining explicit consent. In a recent audit of over 600 public sector websites only 1% complied with the new cookie law.

Website  Audit

The Society for Local Authority IT Managers (Socitm), an independent organisation funded through the membership of local government IT workers, recently carried out an audit of UK public sector websites. Using automated search technology it audited over 600 public sector websites and discovered that only 6 complied with the obligation to obtain informed consent to the use of cookies.

Prior to carrying out the audit each organisation was asked to estimate how many cookies they used on their website. Most organisations substantially underestimated the number of cookies they used.

Legal Implications

By May 2012, the UK Information Commissioner’s Office (ICO) expects businesses and organisations to:

  • provide clear information about the way in which cookies are operating on websites; and
  • have a method for obtaining consent to the use of cookies.

A failure to comply with the above runs the risk of a fine of up to 500,000 GBP.

In addition the European Commission has set a deadline for European companies to create a uniform way for web users to opt out of being tracked by cookies within a year of the previous deadline. The Commission has said it will take action if industry does not standardise opt outs in that time.

Compliance

The ICO has published guidelines on its website. Nevertheless, in each individual case the specific action required and the information to be given to users will depend upon the precise purpose of the cookie(s). For example using browser settings to obtain consent may be acceptable and the Government is currently working with Adobe, Apple, Google, Microsoft, Mozilla and Yahoo to create such a technological solution. However, it is not clear whether or not this will suffice to meet European data protections requirements.

It is also unclear whether companies based outside of the UK i.e. in the USA have to comply with the new rules, particularly if they have a website aimed at UK users.

Help

Irene Bodle is an IT lawyer specialising in Internet Law and SaaS Agreements with over 10 years experience in the IT sector. If you require assistance with any Internet Law, SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

Bodle Law
Assign a menu in the Left Menu options.
Assign a menu in the Right Menu options.

This website uses cookies. You may not use this website, unless you agree to our use of cookies. For further details about the cookies we use please visit our Cookie Policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close