Check out our E-Book on Metaverse and Smart Contracts: Challenges and Key Considerations

‘I Agree’, But is it good enough?

Author: Gaurav Shanker, Managing Partner And Yamini Mishra, Associate |

Article by Business Law Chamber

‘I agree’, ‘Accept’ and ‘Proceed’ are some of the familiar terms to the modern and tech savvy world. These pop-ups are quite frequent while browsing the internet, these might appear like a barrier, but a mere click is what we need to get rid of it. However, there’s more to it than just a click. By clicking on or accepting these pop-ups, one agrees to the terms of the website and grants its consent to be bound by an agreement with the website owner. These are known as clickwrap agreements and their validity and enforceability is very well recognized by the Indian courts and under the Indian Contract Act, 1872.

The user’s neglect to the Privacy policy and Terms and conditions of the website leads to misuse of user’s data by most of the website owners. However, the situation is worse when the website owners are casual about what these sections of their website state. As a website owner, have you ever wondered that your website’s casually drafted or copy-pasted privacy policy and terms and conditions may turn out to be a blunder someday? These two sections of a website might appear monotonous, but they are the most crucial part of a website, which is why, these need to be carefully drafted.

What is a privacy policy?

The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 states that a website owner is required to provide and publish a privacy policy on its website for handling of or dealing in personal information of the users/ visitors of its website. A privacy policy must include the type of information collected, purpose of collection, usage of such information, reasonable security practices and procedures, etc. A privacy policy informs the user about whether his/ her data is kept confidential or shared with or sold to third parties.

What are terms and conditions?

Terms & Conditions (T&C) are also commonly used as ‘Terms of Service’ or ‘Terms of Use’. T&C is not mandatory under the Indian laws, however it is recommended to have this as a part of a website in order to minimize liabilities of the website owner and to form a binding agreement between the users and the website owner. T&C may include terms such as limiting liability, protecting intellectual property, disclaimers and warranty, indemnity, prohibited usage, governing law, etc.

Important points while drafting a privacy policy

As stated above, it is mandatory for a website owner to provide a privacy policy on its website, the website owner must make sure that the following are included in the privacy policy:

  • Inform the users what information you collect and how you utilize and secure it

    The users must be informed how their data is being handled on the website. It is important to clearly specify what constitutes personal information and non-personal information. The privacy policy must mention which type of information of the user data is collected, stored and used. Similarly, the privacy policy must detail what is the purpose of such information is collected and how such information shall be utilized and secured.

  • Third party’s access to user information

    There might be situations where the user’s information may be disclosed to third parties through your website, therefore, it is mandatory for the website owner to seek prior permission of the user in the privacy policy in order to disclose any information of the user to any third party.

  • Notification of changes

    It is an obligation of the website owner to keep its users informed of any changes in the privacy policy. Further in the interest of maintaining transparency with the users, every change, modification, addition or deletion in the privacy policy must be notified to the users.

What we recommend adding to your privacy policy

  • Information of minors

    In case a website collects information pertaining to children or minors (under the age of 18), then the privacy policy may have a clause that such information shall not be shared, transferred, or sold. It is not mandatory to do so under the currently available legislations, however, the newly proposed bill on data protection i.e. Personal Data Protection Bill, 2019 lays down certain rules which are to be followed by a website owner while dealing with information pertaining to children/ minors.

  • Website cookies

    In case a website uses “cookie” technology to deliver content specific to user’s interests, then the privacy policy may mention an opt-out option to the user to decline such cookies at its discretion

  • Rights of the users

    The privacy policy may specify the rights of the users including any right to access the data and make corrections or deletions, etc.

Recommendations while drafting terms and conditions

While, the T&C are not mandatory under the Indian laws, but they are recommended in order to form a legal agreement/ contract between the user and the website owner. Following are the terms that we recommend to be incorporated in the T&C:

  • Eligibility

    T&C may have a clause mentioning who can use the website and who all are prohibited to do so such as restricting minors and incompetent persons from using the website may keep such an agreement valid under the Indian Contract Act, 1872.

  • Protect your intellectual property

    It is of utmost significance to specifically mention about the ownership and use of the intellectual property on the website T&C. Your website may have a variety of intellectual property such as a trademark, logo, content, etc. which needs to be adequately protected from third party infringement. Similarly, the T&C may mention about the content submitted by the users, it may state that while submitting content, a user agrees to grant, the website owner, the license to use such content worldwide without any objection and that such content is public and not confidential.

  • Third-party content

    If the website has links to third-party advertisers or product providers, the T&C may have a statement disclaiming any liability arising out of those links on the website.

  • Indemnity, warranties, disclaimers and limitations of liability

    These may act as the most crucial clauses of a website T&C. To protect a website owner from liability for incidental or special damages that arise out of the users’ access to the website, the T&C may have a well-designed risk mitigation package.

  • Prohibited usage

    The T&C to state that certain activities including, but not limited to, unlawful and inappropriate activities are prohibited on the website. This part should list down the types of activities which may be prohibited.

  • Termination

    The T&C may state the events which may lead to the termination of the agreement between the users and the website owner. A termination clause in the T&C helps website owners prevent abuse of their website.

  • Notification of changes

    Similar to the privacy policy, it would be appropriate to keep the users informed of any changes in the T&C. Further in the interest of maintaining transparency with the users, every change, modification, addition or deletion in the T&C may be notified to the users.

  • Governing law

    It is advisable to specify the governing laws and jurisdiction vis-à-vis the T&C. Please note that if the website has a server in India, then, by default Indian law is applicable. However, the users can be made subject to laws of multiple jurisdictions.

To stay on the safer side, keep these key considerations in mind while you populate the two sections of your website:

  • Tailor-made not ready-made

    Do NOT copy-paste a sample privacy policy or T&C should be drafted considering the nature of business.

  • Keep it simple, but smart

    The privacy policy and the T&C must be easily accessible, plain and easy to understand, but at the same time they must include all the key points. Remember to bind the parties into an agreement, but refrain from including any unilateral clauses.

  •  Make sure they consent to it

    It is crucial to obtain the user’s acceptance to the privacy policy and T&C. Therefore, it is important to make sure that your privacy policy and T&C is brought to the attention of your users and is consented to.

  • Law is the light

    Follow the laws and legal procedures applicable in your jurisdiction and include them in these sections.

  • Keep them updated

    With time and evolution, law changes and so should these sections of your website. In such a case, it is important to inform the users whenever there is a change in the privacy policy and/ or T&C of the website.