The modern business website fulfills many different roles. It is simultaneously an electronic storefront, a sales channel, a customer contact point and a service and information resource.
It is also a legal entity in its own right, with rules specifying certain types of information that every business website must make available in order to comply with the law.
The categories of information you must include generally fall into three areas:
- Details about the company.
- Data protection and privacy information.
- Terms and conditions of service and customer guarantees.
Let’s take a brief look at the legal background to these requirements, including new GDPR content that you need for accessibility. We’ll also touch on things that aren’t necessarily legally required, but are certainly recommended.
This article is applicable to the UK and the EU, although some principals are good practice anywhere in the world.
- 1 A simple, 8-point legal checklist for website content
- 2 8. Accessible content
- 3 Ensure your website content is legal
A simple, 8-point legal checklist for website content
Reading through pages and pages of dense legislationis no fun for anyone. So we’ve pulled together a quick checklist of the things you need to keep your website compliant.
1. Company information
Registered companies such as limited companies and limited liability partnerships (LLPs) must publish their main registration details on their website, namely:
- Company name
- Registered business address
- Place of registration
- Registration number
- Details of membership of any trade organisations.
For sole traders and non-registered companies, you must provide a principal business address.
These requirements were some of the first regulations introduced under the EU distance selling directive to crack down on fraudulent operators running scams from fake websites.
2. Contact details
In addition to company information, the Consumer Contracts Regulations 2013 state that all websites must also clearly display contact information.
This is to make sure customers always have the option to query an order or transaction made online.
The requirement to clearly display contact information is most easily covered by having a dedicated contact page. It’s good practice to include a phone number, although that isn’t a legal requirement. You may find it helps with conversions.
- By asking for subscriptions to a newsletter
- When logging customer details after making a sale.
They must also include a clear explanation of the individual’s rights in relation to their data, including opt-out steps, their right to be told what data is held on them, and their right to ask for all personal data to be deleted.
In the interests of transparency — an important principle of GDPR compliance — the majority of business websites are choosing to meet these requirements by taking the following three steps:
- Creating a pop-up at point of access to the site which tells the visitor that cookies are used
- Accompanying this with an ‘I accept’ button, which acts as opt-in consent
5. Terms and conditions
The details of the terms and conditions a company has to publish will vary according to the nature of the business.
For example, an e-commerce business selling goods has to include terms of delivery and returns, but these are not applicable to a service-based company.
The principle behind terms and conditions are that they set out the contractual basis of the transaction between customer and online business. They are legally binding and guarantee a level of service customers can expect.
Key things to include in your terms and conditions are:
- Full breakdown of all costs, including taxes, delivery charges, service charges, use of extras like premium rate phone lines etc.
- Payment details
- Who will fulfill the order, including contact details
- Details of cancellation periods
- Duration of the terms, e.g. how long goods are under guarantee.
6. Disclaimer and copyright notice
If you want to reserve rights to the content on your website, you should publish a copyright notice to that effect.
Equally, if you want to grant permission to visitors to re-publish or re-use content from your site, you should specify the terms by which they can do so.
A disclaimer is an important legal notice protecting a company from liability for how content on its website is used. Think of it as a kind of ‘vehicles are left at their owner’s risk’ notice for websites – the business grants permission for people to use their content, but accepts no liability for any consequences that arise from them doing so.
Without publishing a disclaimer like this, you will be deemed not to have informed visitors of their legal position in relation to your content. If they do then try to download something you make available and it somehow damages their computer systems, they could sue you for liability.
7. GDPR content
Efforts to regulate online trade started to emerge on the back of the first Dot-com boom in the late 1990s.
At the time, new-fangled concepts like e-commerce were widely viewed by governments and public authorities as some kind of digital Wild West, where unscrupulous operators could make a fast buck without having to pay heed to the niceties of consumer protection or corporate governance.
In Europe, the EU led the way on updating business regulations so they were fit for purpose for this brave new digital world:
- It introduced a directive covering all forms of distance selling, whether via mail order, telesales or ecommerce, requiring companies to make full company registration details available to customers and to offer a compulsory right to cancel.
- It strengthened regulation of online trading with a specific e-commerce directive which gave the agreement between seller and purchaser the status of a legal contract. This meant online businesses had to draw up, share and follow clear terms and conditions of sale for the first time.
Along with data protection, privacy and anti-discrimination directives, these have been adopted into UK laws governing how businesses run online businesses and websites.
The relevant up to date pieces of legislation are:
- The Electronic Commerce (EC Directive) Regulations 2002
- The Consumer Contracts Regulations 2013, which update the distance selling regulations with new rules on cooling off periods, returns policies and refunds. These regulations also introduced a requirement for companies to make contact details clear and easy to find on their website.
- The GDPR, which is the recently introduced EU-wide reform of data protection and privacy laws.
The GDPR has forced all companies to re-examine how they handle personal data. It explicitly sets out to strengthen the rights of individuals with regards to how their information is used online.
What website content needs to be changed for GDPR?
In terms of what you must include on your website, the GDPR does not require anything extra.
It does, however, set out the principle of ‘privacy by design’, which boils down to making privacy and data protection a priority when designing your website.
Businesses don’t need to rush out and pay for a website rebuild. But it has been interpreted as meaning that website operators should make the highest privacy settings the default, with options for users to reduce them if they wish.
The GDPR has also extended the definition of personal data to include a much broader range of digital information, even if it does not directly identify an individual. One example is the data collected by cookies, which websites use to do everything from remembering where a user’s last session ended so they can start browsing from the same place, to targeting advertising.
Even though cookies do not directly identify people, the information about devices and browsing habits they process is considered unique enough to be classified as personal information under the GDPR. That means that every website using cookies now has to gain definite and provable consent from every visitor.
That’s why so many businesses reconfirmed their mailing lists in May.
8. Accessible content
Website accessibility refers to making the content of your site available to everyone regardless of any special needs, including:
- Visual and hearing impairment
- Difficulties with motor function that might make use of a keyboard or mouse difficult
- Cognitive needs, such as dyslexia and autism.
The W3C organisation is responsible for an internationally-recognised set of standards outlining principles and practices relating to website accessibility, the Web Content Accessibility Guidelines 2.0.
While there is no explicit requirement in UK law for websites to follow the guidelines, it is widely understood that accessibility is implicitly covered by the The Equality Act 2010, which demands businesses and organisations make sure all services can be accessed equally by all persons.
Ensure your website content is legal
Creating website content that ticks all of these boxes can be time-consuming. But once you have the basic framework written, like your terms and policies, you probably won’t have to change much as your business grows.