I’ve drawn up a legal primer for people commissioning or managing websites. This is by no means detailed or comprehensive: it is intended as a starting point and to raise awareness of the issues. I welcome feedback on anything that’s unclear or factually wrong.
I’ve posted it here initially, but I may well move it in due course. If so I will leave a clear link and explanation in this post.
I appreciate that what follows might not embody an approach relevant to all organisations.
You are responsible for adhering to the terms and conditions of any services you sign up for, and for ensuring that your use of those services does not put our organisation in a position in which it is:
- breaking the law (copyright, for example);
- breaking a contract (a website’s terms of service, for example).
We have a legal duty to ensure our services are accessible to disabled users, which by implication includes websites. There are no specific requirements for websites; as far as I know there have been no significant test cases yet, but groups such as the RNIB have been active in trying to force such a case.
The important thing is to be mindful of accessibility issues when commissioning and managing websites, and to understand the implications of – and be able to justify – your site’s accessibility measures.
When collecting personal information from someone (eg for sending marketing emails) you must be able to show that they were made fully aware that they were giving consent and that they did so actively (as opposed to passively).
A common way to do this is to offer a box that the user ticks to say they are happy for you to send them emails (as opposed to a ready-ticked box that they must un-tick in order not to receive emails).
You must also provide an ‘unsubscribe’ option in every newsletter and marketing email.
Records of those who have unsubscribed should be kept so that they are not accidentally contacted again (unless they explicitly give their consent to be).
Whatever means you use to collect and store data must comply with the Data Protection Act.
For example, images on Flickr are not free for anyone to re-use: by default the owner has copyright control of them, and in many cases the images will have been released under a Creative Commons licence.
This is somewhat counter-intuitive. If you hold comments in a moderation queue in order to vet them, you are deemed to be their creator: legal responsibility for their content is transferred from the original author to you.
Current popular advice is to allow all comments to be published, but operate a solid complaints procedure: include a ‘Report this’ link in each comment and respond swiftly (within 48 hours) when you receive a complaint.
You should check the comments regularly.
Whenever you accept terms and conditions for a website or service, you are entering into a contract. If you are using that service in any way for work, you are responsible for that contract on the organisation’s behalf.
Read before you sign up
It’s laborious, I know, but always read through the terms before you agree to them.
Keep a record of those terms of service that you have agreed to, as well as the links to them. This makes it easier for us to remedy any situation that might arise.
Even if you don’t tick a box explicitly to accept terms and conditions, you are still bound by a website’s terms while visiting it or using content on it.