Creating Effective Terms of Use and Privacy Policies

There are two key documents or statements that all websites should post before (or at least soon after) going "live" on the Internet. First, your site's terms of use govern your relationship with users, allowing you to set boundaries of acceptable behavior by your users and potentially limiting your liability. Second, you should create a privacy policy, which informs your users of your practices relating to private information and helps you avoid liability under a complex array of federal and state privacy laws. The following sections address these two important documents in greater detail and provide examples that you can follow in creating your own terms of use and privacy policy.

See one of the sections listed below for more information:

Privacy Policy

A privacy policy is a statement placed in an easily visible place on a website informing users about how the website deals with users' personal information. Privacy policies generally explain whether and how users' information will be shared with third parties, including parent companies or subsidiaries. It frequently explains whether and how the website uses cookies.

Why Is It a Good Idea to Have a Privacy Policy?

Privacy policies let people know what you will do with information that they provide when registering with your website, as well as information that gets logged while they browse. A privacy policy allows users to find out what you do with their private information and enables them to adapt their conduct accordingly. Beyond that, a privacy policy will help you avoid liability under a complex array of state and federal laws dealing with users' private information.

What Should You Include in a Privacy Policy?

A well-crafted privacy policy should include the following items (although the particular items included may depend upon the nature of your website):

a statement explaining what kind of information you collect about your users, how you use it, and with whom (if anyone) you intend to share it;

a statement disclosing whether and how you use cookies and/or other tracking software;

a statement reminding users that data is collected through a server access log when a user browses, reads, or downloads information from the site;

a statement reminding users that the website operators may have to disclose user information in response to warrants, subpoenas, or other valid legal process;

a description of the process through which users can request changes to any of the personally identifying information collected and/or stored (you can provide an email address for notifying the website operator of changes);

an opt-out procedure for users to request that their information not be shared with third parties, or that their contact information not be used to send unsolicited correspondence (again, this can be done with an email address);

a description of the process through which the website operator will notify users of changes to the privacy policy;

a statement identifying the effective date of the policy.

Another important aspect of a privacy policy is what it says about minors. If your site targets or knowingly collects information from children under age thirteen, it must comply with the Children’s Online Privacy Protection Act. For more information about how to comply with the Children's Online Privacy Protection Act, please see COPPA.org's compliance page. If you do not plan to collect information from minors, you should consider adding a statement to your privacy policy saying:

This website's content is intended for adults and we will not knowingly collect personal information from children under 13 years of age. If you are a parent or legal guardian of a child under age 13 who you believe has submitted personal information to this site, please contact us immediately.

There are also rules about collecting medical information and information about criminal records. Unless it is important to the purpose of your website, you should not gather this type of information. If you plan to gather this type of information, you should consult a lawyer about your data collection strategy.

You can find good examples of privacy policies on the following sites: MinnPost.com, HuffingtonPost.com, Ars Technica, and CMLP.

What Should You Avoid?

It is common to see the following statement in website privacy policies: "[Name of website] will not collect any personal information about you except when you specifically and knowingly provide such information." While this kind of statement may sound reassuring for your users, it is not true in most cases. When a user visits a website, he or she provides personal information to the website operator simply by virtue of browsing, reading, and downloading material. This information includes IP address, user configuration settings, and what website referred the user to the site, among other things. It is better to tell users that this type of information is being collected automatically on standard web server access logs.

Terms of Use

Terms of use (or "terms of service" or "terms and conditions") generally are a statement placed on an easily visible place on a website that governs the relationship between the site and its users or visitors. Users explicitly agree to the terms when they sign up for an account and, depending on how you write the terms, visitors may implicitly agree to them when they use the site.

The terms generally consist of a number of paragraphs describing what you expect from your users and what they can expect from your website. Among other things, terms of use identify what users may post onto or use from your site. They also specify what your obligations are, and what you can do in terms of editing, removing, and changing material. For an example, see the CMLP's Terms of Use.

Why Is It a Good Idea to Have Terms of Use?

Terms of use help you put your users on notice of what you consider to be an acceptable use of your site and what you do not. They enable you to reserve the right to deny access to users who engage in objectionable conduct and to remove content that you find offensive or that may subject you to liability from third parties. It also gives you an opportunity to put language up on your website that may help protect you in the event of a lawsuit.

Terms of use are especially important if your website gives out accounts because they help specify the mechanics of how the account system will work. But keep in mind that terms of use can also apply to visitors merely browsing the website or posting comments (assuming you allow comments without an account, which many do not).

Terms of use are also useful in dealing with user-generated content. When a user creates a comment (or any other original expression) and posts it to your website, the user owns the copyright to that comment. Absent an agreement or license (see the Allowing Others to Use Your Work section for details), you could be held liable for copyright infringement for editing or changing the comment. By posting terms of use on your website, however, you can specify (and make clear to users) that you will have a license to edit, change, and remove all content posted to the website. These provisions in the terms of use give you effective control of user-generated content on your site, even if users own the copyright to that content.

What Should You Include in Terms of Use?

As discussed above, terms of use should set out the ground rules for your site. Here are some key items you should consider including in your terms:

terms about creating and accessing accounts;

a disclaimer of affiliation and/or responsibility for material posted or linked to the website;

guidelines for acceptable user-generated content, such as:

Content may not be illegal, obscene, defamatory, threatening, infringing of intellectual property rights, invasive of privacy or otherwise injurious or objectionable.

a reservation of your copyright and trademark rights or information about a Creative Commons or other collaborative licensing arrangement under which the content on the site is licensed;

a provision conditioning the posting of user-generated content on the grant of a license to the website to use and alter the content of the posting, such as:

By posting or contributing content using these Services, you are granting [name of your website] a non-exclusive, royalty-free, perpetual, and worldwide license to use your content in connection with the operation of the Services, including, without limitation, the license rights to copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your content, and/or to incorporate it into a collective work.

a provision or provisions reserving your right to terminate or restrict access to a user's account, and to delete any content posted through it;

a provision prohibiting the impersonation of another person (the point here is to stop a user from misleading others about their identity, not necessarily to prohibit anonymous or pseudonymous speech);

provisions relating to inter-user relations, such as clauses prohibiting on-site and offline harassment; and

a provision linking users and visitors to your copyright infringement policy -- for an example of this kind of policy, see the CMLP's Digital Millennium Copyright Act Policy, and for details see the Protecting Yourself Against Copyright Claims Based on User Content page.

You can find good examples of terms of use on the following sites: MinnPost.com; iBrattleboro.com; Google; and CMLP.