SlideShare a Scribd company logo

Jim Peiser - Establishing Optimal Terms of Service and Privacy Policies

Download as PPTX, PDF
R
registechaccelerator

Jim Peiser Regis Tech Accelerator Lecture

TechnologyNews & Politics
1 of 26
Terms of Service & Privacy Policies Setting the Ground Rules for Your Site Through Legal Mumbo-Jumbo james f. peiser, esq. jp@jamespeiser.com July 2, 2013
One quick note…  This presentation discusses general legal issues, but it does not constitute legal advice in any respect, and is not the basis for an attorney-client relationship. I’d ask that no reader / attendee act or refrain from acting based on any information presented herein without seeking the advice of counsel, and expressly disclaim liability for any action taken or not taken based on the contents of this presentation.  Lawyers, am I right?  Seriously, though – this world moves fast, and occasionally the law keeps up, especially with respect to the ever-evolving world of privacy. So some of this information may get outdated quickly (or, because I don’t have an army of researchers handy, may already be outdated – but I’ve taken reasonable steps to have this not be the case).
“ ” It is the beginning of wisdom when you recognize that the best you can do is choose which rules you want to live by, and it's persistent and aggravated imbecility to pretend you can live without any. - Wallace Stegner Terms of Service: Choosing Which Rules You Want to Live By
Terms of Service: Just Another Contract, Really  Your Terms of Service is a contract between your company and the users of your site/product/service.  Like any binding contract, it creates a set of mutual expectations and obligations – that you will provide the service, and that the user will use the service in accordance with the Terms.  Acting against that expectation – a breach of the contract – generally would be grounds for terminating use of the service.  Terms should be narrowly tailored to your business – a hardware store wouldn’t have a “raw or undercooked foods” warning sign  Compare some selected parts of the Terms of Service/Use of a couple of well-known companies: TwitPic and Foursquare
Use or Registration = Agreement  “By using Twitpic.com, you signify that you have read, understand and agree to be bound by these Terms and conditions.”  Silent on amendment process, if any, for regular “users” – separate government TOS includes language around amendments  Unclear whether “use” is akin to “registration” or includes passively accessing content (pictures)  “By registering for and/or using the Service in any manner, including but not limited to visiting or browsing the Site, you agree to all of the terms and conditions contained herein ("Terms of Use"), which also incorporate Foursquare's Privacy Policy, Foursquare's Intellectual Property Policy, Foursquare's Photo Guidelines, Foursquare's Venue Terms and Conditions, Foursquare's API License Agreement and all other operating rules, policies and procedures that may be published from time to time on the Site by Foursquare, each of which is incorporated by reference and each of which may be updated by Foursquare from time to time without notice to you in accordance with the terms set out under the "Modification of Terms of Use" section below. In addition, some services offered through the Service may be subject to additional terms and conditions specified by Foursquare from time to time; your use of such services is subject to those additional terms and conditions, which are incorporated into these Terms of Use by this reference. These Terms of Use apply to all users of the Service, including, without limitation, users who are contributors of content, information, and other materials or services on the Site, individual users of the Service, venues that access the Service, and users that have a page on the Service.”  A bit more useful, if overly legalese-y Be clear about the definitions of “use,” “registration,” etc.
Adults Only?  “Twitpic is concerned about the safety and privacy of all its Users, especially children. Therefore, children under the age of 13 are not permitted to use Twitpic.com.”  You represent and warrant that if you are an individual, you are of legal age to form a binding contract, or that if you are registering on behalf of an entity, that you are authorized to enter into, and bind the entity to, these Terms of Use and register for the Service. The Service is not available to individuals who are younger than 13 years old. Foursquare may, in its sole discretion, refuse to offer the Service to any person or entity and change its eligibility criteria at any time. You are solely responsible for ensuring that these Terms of Use are in compliance with all laws, rules and regulations applicable to you and the right to access the Service is revoked where these Terms of Use or use of the Service is prohibited and, in such circumstances, you agree not to use or access the Site or Services in any way. • Set an age limit of at least 13 unless geared towards kids. • Avoid the “Columbia House” problem.
Content / User Content Etc.  “TwitPic reserves the right to remove any image for any reason whatsoever. Specifically, any image uploaded that is pornographic or offensive in nature (including nudity, violence, sexual acts, or sexually provocative images.), infringes upon copyrights not held by the uploader, is illegal or violates any laws, will be immediately deleted and the IP address of the uploaded reported to authorities. Violating these terms may result in termination of your ability to upload further images. We reserve the right to ban any individual uploader or website domain from using our services for any reason.”  “We cannot be held liable for any damages. All data, photographs, videos, messages, graphics, comments, text, tags, or other materials ("Content"), are the sole responsibility of the person from whom such Content originated. You, and not Twitpic, are entirely responsible for all Content that you upload, post, email, transmit or otherwise make available through Twitpic. Twitpic does not control the Content posted and does not guarantee the accuracy or integrity of such Content.  “Twitpic shall not be liable for any statements or conduct of any third party using the service. By using Twitpic you may be exposed to Content that is indecent, objectionable or offensive.  Going to quickly flip to the actual TOS, as there is a lot in there about content.  Note the different flavors of Content specified  Never a bad idea to have different policies for different types of content: “If the User Submission includes a photograph, Foursquare's Photo Guidelines shall apply.”  Especially never a bad idea to spell out your (strongly held, opposed-to-it) position on child pornography: “Foursquare has a zero-tolerance policy against child pornography, and will terminate and report to the appropriate authorities any user who publishes or distributes child pornography.” Spell out control mechanisms and disclaim liability for problematic content – but ensure that proper compliance methods established.
Termination  “TwitPic reserves the right to remove any image for any reason whatsoever. Specifically, any image uploaded that is pornographic or offensive in nature (including nudity, violence, sexual acts, or sexually provocative images.), infringes upon copyrights not held by the uploader, is illegal or violates any laws, will be immediately deleted and the IP address of the uploaded reported to authorities. Violating these terms may result in termination of your ability to upload further images. We reserve the right to ban any individual uploader or website domain from using our services for any reason.”  “Foursquare may terminate your access to all or any part of the Service and/or Add-to Link at any time, with or without cause, with or without notice, effective immediately, which may result in the forfeiture and destruction of all information associated with your membership. If you wish to terminate your account, you may do so by following the instructions on the Site. Any fees paid hereunder are non- refundable. All provisions of these Terms of Use which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.” Generally, you want to be able to terminate for any reason, but also specify most-terminable violations (NB: paid v. free, conversion, etc.)
Indemnity  “You agree to indemnify and hold Twitpic, its officers and employees exempt from any claim or demand, including reasonable attorneys' fees, made by any third party due to or arising out of Content you submit, transmit, post or otherwise make available through Twitpic.”  “You shall defend, indemnify, and hold harmless Foursquare, its affiliates and each of its and its affiliates' employees, contractors, directors, suppliers and representatives from all losses, costs, actions, claims, damages, expenses (including reasonable legal costs) or liabilities, that arise from or relate to your use or misuse of, or access to, the Site, Service, Content, Add-to Link or otherwise from your User Submissions, violation of these Terms of Use, or infringement by you, or any third party using the your account, of any intellectual property or other right of any person or entity (save to the extent that a court of competent jurisdiction holds that such claim arose due to an act or omission of Foursquare). Foursquare reserves the right to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which event you will assist and cooperate with Foursquare in asserting any available defenses.” If a user violates your terms and causes actual damage to your business, ensure you have asserted your right to indemnification.
Miscellany  “You agree that regardless of any statute or law to the contrary, any claim or cause of action arising out of or related to use of the Service or the Terms of Service must be filed within one (1) year after such claim or cause of action arose or be forever barred.”  “Data mining, "scraping", and/or unauthorized crawling of Twitpic by any means is prohibited unless explicit permission is given. Using any data from Twitpic (including images, data from images and/or users) that is not available through authorized channels is also prohibited unless explicit permission is given. Storing, saving and/or retaining images of any size is also prohibited.”  “Foursquare shall not be liable for any failure to perform its obligations hereunder where such failure results from any cause beyond Foursquare's reasonable control, including, without limitation, mechanical, electronic or communications failure or degradation (including "line-noise" interference). These Terms of Use are personal to you, and are not assignable, transferable or sublicensable by you except with Foursquare's prior written consent. Foursquare may assign, transfer or delegate any of its rights and obligations hereunder without consent. No agency, partnership, joint venture, or employment relationship is created as a result of these Terms of Use and neither party has any authority of any kind to bind the other in any respect.”
Copyright Ownership and Licensing – Probably the Most Important Part of your Terms  Spell out your license that users grant you– along the lines of “By uploading content, you grant to [Company] a non-exclusive, worldwide, royalty-free, sub- licenseable and transferable license to use, reproduce, distribute, prepare derivative works of, display, and perform the content”  Facebook: “non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook. This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.”  Of course, users might not like it, but they are free to walk away.  You could also grant users a [worldwide, non-exclusive, non-sublicensable, non- transferable] license to use, modify and reproduce your own and your partners’ content, solely for personal use  If you have user-generated content, make sure you are very clear about UGC ownership.
“ ” When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else. -David Brin How to create a Privacy Policy that Works For People and Everyone Else
The Internet Is Still Not A Truck: It’s a Series of Tubes, and Has Very Little Respect for Geographic Boundaries  Email Monitoring Laws:  CT: Conn. Gen. Stat.§ 31-48d  Prior written notice to all employees required, advising of types of electronic monitoring which may occur.  Exception for suspected illegal activity  DE: Del. Code § 19-7-705  Employer must give a one-time written or electronic notice before monitoring email or Internet access or usage of an employee  Exceptions for maintenance and court orders  Only applies to companies with a “place of business” in Delaware  Misleading/False Privacy Policy Laws:  NE: NE Statute § 87-302 (14)  It’s a “deceptive trade practice” to “Knowingly makes a false or misleading statement in a privacy policy, published on the Internet or otherwise distributed or published, regarding the use of personal information submitted by members of the public.”  There’s also a bit about uninstalling spyware & (I think?) P2P clients, but that’s not an issue, right?  PA: 18 Pa. C.S.A. § 4107(a)(10)  Pretty much identical to Nebraska’s
California All The Way – PII & CA  S. 22577(a): The term "personally identifiable information" means individually identifiable information about an individual consumer collected online by the operator from that individual and maintained by the operator in an accessible form, including any of the following:  (1) A first and last name.  (2) A home or other physical address, including street name and name of a city or town.  (3) An e-mail address.  (4) A telephone number.  (5) A social security number.  (6) Any other identifier that permits the physical or online contacting of a specific individual.  (7) Information concerning a user that the Web site or online service collects online from the user and maintains in personally identifiable form in combination with an identifier described in this subdivision. CA BUSINESS AND PROFESSIONS CODE SECTION 22575  (a) An operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service shall conspicuously post its privacy policy on its Web site, or in the case of an operator of an online service, make that policy available in accordance with paragraph (5) of subdivision (b) of Section 22577. An operator shall be in violation of this subdivision only if the operator fails to post its policy within 30 days after being notified of noncompliance.
Back to 22575 For a Moment…  (b) The privacy policy required by subdivision (a) shall do all of the following:  (1) Identify the categories of personally identifiable information that the operator collects through the Web site or online service about individual consumers who use or visit its commercial Web site or online service and the categories of third-party persons or entities with whom the operator may share that personally identifiable information.  (2) If the operator maintains a process for an individual consumer who uses or visits its commercial Web site or online service to review and request changes to any of his or her personally identifiable information that is collected through the Web site or online service, provide a description of that process.  (3) Describe the process by which the operator notifies consumers who use or visit its commercial Web site or online service of material changes to the operator's privacy policy for that Web site or online service.  (4) Identify its effective date.
Seriously, California?  California also has a “Shine the Light Law” - CA Civil Code § 1798.83  Applies to companies that share any of 27 types of users’ PII with third parties for direct marketing purposes.  Safe harbor: Under 20 employees  If you need to comply with this, be sure to place a link on your homepage that says “Your Privacy Rights” or “Your California Privacy Rights”  Provide contact details for users who want further information  Respond to any such requests – don’t have a mailbox that goes unchecked for years  Need to have a brief statement explaining the law and how users can opt out of having PII shared with direct marketers.  From Topps’ website: “If you are a California resident, you are entitled by law to request certain information regarding Topps’ disclosure to third parties of personal information for their direct marketing purposes. To make such a request, submit a written request to the address listed in the Contact section below, or send an e-mail to privacypolicy@topps.com, specifying that you seek your "California Customer Privacy Notice." Please allow thirty days for a response.”
Oh, Massachusetts, You Too?  Data Protection in the US is highly fragmented – see federal laws like FCRP (Fair Credit Reporting Act), HIPAA (Health Insurance Portability and Accountability Act ), VPPA (Video Privacy Protection Act – applies to movie rentals, not ATM cameras. Yes, even Netflix records).  In 2010, Massachusetts’ data protection law, 201 CMR 17.00, became effective; while other states have enacted similar laws, this is almost certainly the most onerous.  Aimed at data security breaches, like TJX or Briar Group; puts onus on business that collected PII / customer data.  “Personal Information” is limited to “a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account”  If you’ve got a user in Massachusetts and you take credit cards, well… comply or risk $5,000 fines, in addition to the embarrassment of a security breach.  Requires a “Written Information Security Program,” applicable to all records containing personal information about a resident of the Commonwealth of Massachusetts.  Also, all your vendor contracts must specify compliance with MA laws.
You’re Better Than That  The California laws sets minimum standards that all online businesses should adhere to as a matter of (a) compliance with respect to users in California and (b) getting on the road to best practices.  Doing the bare minimum shouldn’t be enough for the savvy entrepreneur.  Whether or not you need a WISP, having well-defined policies in place will go a long way towards establishing a solid culture of compliance.  Again, tailor your policies to your business – but consider how it might grow, and don’t be caught flat-footed, well-begun being half-done.  It’s really not that complicated:
Essential Elements of Privacy Policy  What Information Do You Collect?  Registration / User-Supplied Information  Biographical information, email address, etc.  Include data collected through 3rd Party Login (OAuth - FB Connect, Twitter)  Automatically Collected  O/S, browser, geolocation, referral links, etc.  Again, even if third party (Google Analytics)  Cookies (or the like)  Disclose if you use.
Essential Elements of Privacy Policy  What Do You DO With Said Information?  Purpose of collection (i.e., customizing user experience, sales, etc.)  Do you share it? And do you share the PII or aggregate data?  Internal recipients as well as third parties, and why?  Law Enforcement – Look for this landscape to change soon…  Transfer protocol in the event of a major corporate event – i.e., a sale of the company or bankruptcy  You take reasonable precautions with respect to security, etc.  How can users Change / Review stored information?  What Date was the policy last updated?
Essential Elements of Privacy Policy  California OPPA and Shine the Light elements  COPPA elements  European elements
Other Suggestions for Policy Drafting  Make it easy to read, use short sentences and prefer the active voice. Include links to definitions of jargon-y concepts if they’re unavoidable.  “HTML 5? I loved their show at Roseland!”  Don’t make promises you aren’t sure you can keep.  Pro-Tip: You aren’t going to be sure you can keep any promises.  “We’ll NEVER share your data! Not even with the NSA!”  Could pose a problem in the event of a security breach  Consider a simplified summary of the key elements up front, followed by a more fulsome discussion.  Have someone other than your attorney read it.
A Word or 205 on COPPA  The Children’s Online Privacy Protection Act applies to sites allowing users under 13  Enacted in 1998, effective in 2000, rules promulgated by the Federal Trade Commission  The FTC has a very helpful FAQ on FTC.gov, “Complying with COPPA: Frequently Asked Questions”  Thankfully, the Rule has a safe harbor: “COPPA covers operators of general audience Web sites or online services only where such operators have actual knowledge that a child under age 13 is the person providing personal information.” (from said FAQ)  Twitpic’s Privacy Policy: “The Site is not directed to persons under 13. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, he or she should contact us. We do not knowingly collect personally identifiable information from children under 13. If we become aware that a child under 13 has provided us with personal identifiable Information, we will delete such information from our system.”  Foursquare’s: “ The Service is not available to individuals who are younger than 13 years old.”  Doesn’t address what happens if a child manages to sign up  Bottom Line: If you’re marketing to kids at all, COPPA compliance is extremely important.
Sample COPPA Compliance (Actually Marketing to Kids)  At Topps, children’s privacy is important to us. We are committed to providing fun, entertaining, and secure Sites for all ages, particularly our younger users. Therefore, we have implemented the special measures described below to help children protect their privacy while online.  Information We Collect: There are many activities on the Topps Sites or portions of Sites directed to children that children can participate in and enjoy without providing personally identifiable information. To enable their participation in some of our interactive features (e.g., contests, newsletters, online games, electronic postcards to family or friends), children will need to provide us with certain personally identifiable information. The types of personally identifiable information is typically limited to first name and e-mail addresses. We also may ask users to provide certain information that is not personally identifiable, such as city or state of residence, date of birth and gender.  Use and Disclosure of Information: To participate in certain features, we may ask a visitor to register. When users who attempt to register indicate that they are children, depending on their age or location, we either collect no personally identifiable information from them or inform them that a parent or guardian’s consent is necessary to participate in the activity. To obtain consent, we will collect the e-mail address of the visitor’s parent or guardian in addition to that of the visitor. We use the parent or guardian’s e-mail address to obtain consent or notify parents or guardians of their child’s online activities and to enable them to unsubscribe the child from a newsletter or other similar activity. For visitors that we know are children, we will not condition participation in an online activity on the disclosure of more personally identifiable information than reasonably necessary to participate in the activity.  Unless we indicate otherwise or obtain consent, personally identifiable information collected from children is generally used by Topps or Topps’ agent and contractors for internal purposes, such as enabling visitors to enter our online contests or sweepstakes, to subscribe to an online newsletter, to play an online game, to provide customer service, and/or for the purposes for which the information was provided. We do not share children’s personally identifiable information with outside third parties not bound by this Policy for their own marketing purposes.  We may share children’s personally identifiable information with third parties to the extent reasonably necessary to: protect the security or integrity of our Sites; take precautions against liability; respond to judicial process or law enforcement agency request or investigation; or to the extent permitted by law or consistent with this policy or legal requirements.  Reviewing Information/Contact: If you would like to review any personally identifiable information that we have collected online from your child, have this information deleted, and/or request that there be no further collection or use of your child’s information or if you have questions about these information practices, you may email us at privacypolicy@topps.com; write to us at Topps US, One Whitehall Street New York, NY 10004; or call us at 1-888-GOTOPPS.
Going Global?  The European Union and its member states are, to put it mildly, difficult when it comes to data protection and privacy.  If you’re doing business in Europe, you’ll need to follow the EU’s Data Protection Directive – soon to be supplanted by a new Directive, the General Data Protection Regulation.  Seriously, consult a lawyer who knows what she’s doing to help shape your data protection regime if you’re transacting globally.  Example of some added language for EU requirements: “As Topps operates globally, we may need to transfer to and process personally identifiable information about you on our servers in the United States. Please note that the data protection laws of other countries, such as the United States, may not offer a level of privacy protection equivalent to that within the European Economic Area or your home country. Be assured, however, that we will take reasonable steps to protect personally identifiable information collected at our Sites. By using this Site, you expressly consent to such transfer.”
Thanks For Joining Me!  I guess it’s Q & A time then  (Assuming, of course, I haven’t blathered on for the full 2 hours)

Recommended

Terms of use
Terms of useTerms of use
Terms of useChaitanya Mutyala
 
Terms and condition of scorewiki.com
Terms and condition of scorewiki.comTerms and condition of scorewiki.com
Terms and condition of scorewiki.comSaurav Roy
 
A Guide To YouTube's Terms Of Service
A Guide To YouTube's Terms Of ServiceA Guide To YouTube's Terms Of Service
A Guide To YouTube's Terms Of ServiceAlex McGowan
 
Terms of use
Terms of useTerms of use
Terms of usekomisaharan
 
Privacy policy
Privacy policyPrivacy policy
Privacy policySally Evans
 
Answerbag
AnswerbagAnswerbag
Answerbagadjoiningguideb73
 
Tos
TosTos
TosErdenejargal Narantuya
 
Copyright, trolls and the Internet
Copyright, trolls and the InternetCopyright, trolls and the Internet
Copyright, trolls and the Internetwdsnead
 

Recommended

Terms of use
Terms of useTerms of use
Terms of useChaitanya Mutyala
 
Terms and condition of scorewiki.com
Terms and condition of scorewiki.comTerms and condition of scorewiki.com
Terms and condition of scorewiki.comSaurav Roy
 
A Guide To YouTube's Terms Of Service
A Guide To YouTube's Terms Of ServiceA Guide To YouTube's Terms Of Service
A Guide To YouTube's Terms Of ServiceAlex McGowan
 
Terms of use
Terms of useTerms of use
Terms of usekomisaharan
 
Privacy policy
Privacy policyPrivacy policy
Privacy policySally Evans
 
Answerbag
AnswerbagAnswerbag
Answerbagadjoiningguideb73
 
Tos
TosTos
TosErdenejargal Narantuya
 
Copyright, trolls and the Internet
Copyright, trolls and the InternetCopyright, trolls and the Internet
Copyright, trolls and the Internetwdsnead
 
Internet safety
Internet safetyInternet safety
Internet safetyAChuppTeaches
 
Privacy and the Law in the Oversharing Era
Privacy and the Law in the Oversharing EraPrivacy and the Law in the Oversharing Era
Privacy and the Law in the Oversharing EraJason Nathu
 
Copyright and internet_safety
Copyright and internet_safetyCopyright and internet_safety
Copyright and internet_safetyAChuppTeaches
 
Texas Recovery Disclosurea Fund
Texas Recovery Disclosurea FundTexas Recovery Disclosurea Fund
Texas Recovery Disclosurea FundKatherine Timm
 
ddos protection
ddos protectionddos protection
ddos protectionddos protection
 
Unit 14 lo2
Unit 14 lo2Unit 14 lo2
Unit 14 lo2harrymyerswest
 
Notice to client form
Notice to client formNotice to client form
Notice to client formTraci A. Weiss
 
Michael Whitford - Net 503 Policy Primer
Michael Whitford - Net 503 Policy PrimerMichael Whitford - Net 503 Policy Primer
Michael Whitford - Net 503 Policy Primerwhitty1516
 
Tatatu customer service phone number +【1-424-275-1131】
Tatatu customer service phone number +【1-424-275-1131】Tatatu customer service phone number +【1-424-275-1131】
Tatatu customer service phone number +【1-424-275-1131】Crypto Coins Help
 
Censorship essay
Censorship essayCensorship essay
Censorship essayOliviaBolt
 
Flickr policy primer net303 tung moo dean
Flickr policy primer net303 tung moo deanFlickr policy primer net303 tung moo dean
Flickr policy primer net303 tung moo deanmoodean
 
Task 7
Task 7Task 7
Task 7mollyclements_
 
Primary research
Primary researchPrimary research
Primary researchmollyclements_
 
Goffs glossy magazine
Goffs glossy magazineGoffs glossy magazine
Goffs glossy magazinemollyclements_
 
Matrikulasi 2
Matrikulasi 2Matrikulasi 2
Matrikulasi 2pumdatin
 
Block designs contents page
Block designs contents pageBlock designs contents page
Block designs contents pagemollyclements_
 
Proektirane1 online
Proektirane1 onlineProektirane1 online
Proektirane1 onlinekursove123
 
Naj hubaviq-kurs
Naj hubaviq-kursNaj hubaviq-kurs
Naj hubaviq-kurskursove123
 
LIBIA IMÁGENES DE LA GUERRA CON ESTADOS UNIDOS : OPERACIÓN AMANECER
LIBIA IMÁGENES DE LA GUERRA CON ESTADOS UNIDOS : OPERACIÓN AMANECER LIBIA IMÁGENES DE LA GUERRA CON ESTADOS UNIDOS : OPERACIÓN AMANECER
LIBIA IMÁGENES DE LA GUERRA CON ESTADOS UNIDOS : OPERACIÓN AMANECER Suxyer
 
Block designs for shoe
Block designs for shoeBlock designs for shoe
Block designs for shoemollyclements_
 
Binghamton University Mobile Task Force
Binghamton University Mobile Task ForceBinghamton University Mobile Task Force
Binghamton University Mobile Task ForceDrew Hill
 
Udgam Matters - April-May 2014
Udgam Matters - April-May 2014Udgam Matters - April-May 2014
Udgam Matters - April-May 2014Udgam School for Children
 

More Related Content

What's hot

Privacy and the Law in the Oversharing Era
Privacy and the Law in the Oversharing EraPrivacy and the Law in the Oversharing Era
Privacy and the Law in the Oversharing EraJason Nathu
 
Copyright and internet_safety
Copyright and internet_safetyCopyright and internet_safety
Copyright and internet_safetyAChuppTeaches
 
Texas Recovery Disclosurea Fund
Texas Recovery Disclosurea FundTexas Recovery Disclosurea Fund
Texas Recovery Disclosurea FundKatherine Timm
 
Michael Whitford - Net 503 Policy Primer
Michael Whitford - Net 503 Policy PrimerMichael Whitford - Net 503 Policy Primer
Michael Whitford - Net 503 Policy Primerwhitty1516
 
Tatatu customer service phone number +【1-424-275-1131】
Tatatu customer service phone number +【1-424-275-1131】Tatatu customer service phone number +【1-424-275-1131】
Tatatu customer service phone number +【1-424-275-1131】Crypto Coins Help
 
Censorship essay
Censorship essayCensorship essay
Censorship essayOliviaBolt
 
Flickr policy primer net303 tung moo dean
Flickr policy primer net303 tung moo deanFlickr policy primer net303 tung moo dean
Flickr policy primer net303 tung moo deanmoodean
 

What's hot (11)

Internet safety
Internet safetyInternet safety
Internet safety
 
Privacy and the Law in the Oversharing Era
Privacy and the Law in the Oversharing EraPrivacy and the Law in the Oversharing Era
Privacy and the Law in the Oversharing Era
 
Copyright and internet_safety
Copyright and internet_safetyCopyright and internet_safety
Copyright and internet_safety
 
Texas Recovery Disclosurea Fund
Texas Recovery Disclosurea FundTexas Recovery Disclosurea Fund
Texas Recovery Disclosurea Fund
 
ddos protection
ddos protectionddos protection
ddos protection
 
Unit 14 lo2
Unit 14 lo2Unit 14 lo2
Unit 14 lo2
 
Notice to client form
Notice to client formNotice to client form
Notice to client form
 
Michael Whitford - Net 503 Policy Primer
Michael Whitford - Net 503 Policy PrimerMichael Whitford - Net 503 Policy Primer
Michael Whitford - Net 503 Policy Primer
 
Tatatu customer service phone number +【1-424-275-1131】
Tatatu customer service phone number +【1-424-275-1131】Tatatu customer service phone number +【1-424-275-1131】
Tatatu customer service phone number +【1-424-275-1131】
 
Censorship essay
Censorship essayCensorship essay
Censorship essay
 
Flickr policy primer net303 tung moo dean
Flickr policy primer net303 tung moo deanFlickr policy primer net303 tung moo dean
Flickr policy primer net303 tung moo dean
 

Viewers also liked

Matrikulasi 2
Matrikulasi 2Matrikulasi 2
Matrikulasi 2pumdatin
 
Block designs contents page
Block designs contents pageBlock designs contents page
Block designs contents pagemollyclements_
 
Proektirane1 online
Proektirane1 onlineProektirane1 online
Proektirane1 onlinekursove123
 
Naj hubaviq-kurs
Naj hubaviq-kursNaj hubaviq-kurs
Naj hubaviq-kurskursove123
 
LIBIA IMÁGENES DE LA GUERRA CON ESTADOS UNIDOS : OPERACIÓN AMANECER
LIBIA IMÁGENES DE LA GUERRA CON ESTADOS UNIDOS : OPERACIÓN AMANECER LIBIA IMÁGENES DE LA GUERRA CON ESTADOS UNIDOS : OPERACIÓN AMANECER
LIBIA IMÁGENES DE LA GUERRA CON ESTADOS UNIDOS : OPERACIÓN AMANECER Suxyer
 
Block designs for shoe
Block designs for shoeBlock designs for shoe
Block designs for shoemollyclements_
 
Binghamton University Mobile Task Force
Binghamton University Mobile Task ForceBinghamton University Mobile Task Force
Binghamton University Mobile Task ForceDrew Hill
 
Task 2 prints need to upload
Task 2 prints need to uploadTask 2 prints need to upload
Task 2 prints need to uploadmollyclements_
 
Mattrikulasi doktor statistik1
Mattrikulasi doktor statistik1Mattrikulasi doktor statistik1
Mattrikulasi doktor statistik1pumdatin
 
Task 9 photos for my design
Task 9 photos for my designTask 9 photos for my design
Task 9 photos for my designmollyclements_
 
Contents page analysis
Contents page analysisContents page analysis
Contents page analysismollyclements_
 

Viewers also liked (20)

Task 7
Task 7Task 7
Task 7
 
Primary research
Primary researchPrimary research
Primary research
 
Goffs glossy magazine
Goffs glossy magazineGoffs glossy magazine
Goffs glossy magazine
 
Matrikulasi 2
Matrikulasi 2Matrikulasi 2
Matrikulasi 2
 
Block designs contents page
Block designs contents pageBlock designs contents page
Block designs contents page
 
Proektirane1 online
Proektirane1 onlineProektirane1 online
Proektirane1 online
 
Naj hubaviq-kurs
Naj hubaviq-kursNaj hubaviq-kurs
Naj hubaviq-kurs
 
LIBIA IMÁGENES DE LA GUERRA CON ESTADOS UNIDOS : OPERACIÓN AMANECER
LIBIA IMÁGENES DE LA GUERRA CON ESTADOS UNIDOS : OPERACIÓN AMANECER LIBIA IMÁGENES DE LA GUERRA CON ESTADOS UNIDOS : OPERACIÓN AMANECER
LIBIA IMÁGENES DE LA GUERRA CON ESTADOS UNIDOS : OPERACIÓN AMANECER
 
Block designs for shoe
Block designs for shoeBlock designs for shoe
Block designs for shoe
 
Binghamton University Mobile Task Force
Binghamton University Mobile Task ForceBinghamton University Mobile Task Force
Binghamton University Mobile Task Force
 
Udgam Matters - April-May 2014
Udgam Matters - April-May 2014Udgam Matters - April-May 2014
Udgam Matters - April-May 2014
 
Task 2 prints need to upload
Task 2 prints need to uploadTask 2 prints need to upload
Task 2 prints need to upload
 
Isla de malata cuba master
Isla de malata cuba masterIsla de malata cuba master
Isla de malata cuba master
 
Luis Lugo Isla de Malta cuba master
Luis Lugo Isla de Malta cuba masterLuis Lugo Isla de Malta cuba master
Luis Lugo Isla de Malta cuba master
 
Analysis 2 perfumes
Analysis 2 perfumesAnalysis 2 perfumes
Analysis 2 perfumes
 
Block designs perfume
Block designs perfumeBlock designs perfume
Block designs perfume
 
Mattrikulasi doktor statistik1
Mattrikulasi doktor statistik1Mattrikulasi doktor statistik1
Mattrikulasi doktor statistik1
 
Task 9 photos for my design
Task 9 photos for my designTask 9 photos for my design
Task 9 photos for my design
 
Contents page analysis
Contents page analysisContents page analysis
Contents page analysis
 
Goffs glossy magazine
Goffs glossy magazineGoffs glossy magazine
Goffs glossy magazine
 

Similar to Jim Peiser - Establishing Optimal Terms of Service and Privacy Policies

ICO terms and conditions
ICO terms and conditionsICO terms and conditions
ICO terms and conditionsSteven Fance
 
103-Terms+%26+Conditions.docx
103-Terms+%26+Conditions.docx103-Terms+%26+Conditions.docx
103-Terms+%26+Conditions.docxtheextraaedge
 
Site terms and conditions of use
Site terms and conditions of useSite terms and conditions of use
Site terms and conditions of useMarvinda Rajed
 
Terms of Service
Terms of ServiceTerms of Service
Terms of Servicegolferboy
 
Terms of Service
Terms of ServiceTerms of Service
Terms of Servicegolferboy
 
Terms of Use Policy Template
Terms of Use Policy TemplateTerms of Use Policy Template
Terms of Use Policy TemplateDemand Metric
 
Zoom terms of service zoom
Zoom terms of service zoomZoom terms of service zoom
Zoom terms of service zoomDanang Adhika
 
terms+%26+conditions
terms+%26+conditionsterms+%26+conditions
terms+%26+conditionstheextraaedge
 
Website Disclaimer
Website DisclaimerWebsite Disclaimer
Website Disclaimerlegal4
 
Terms of Use and Privacy Policies
Terms of Use and Privacy PoliciesTerms of Use and Privacy Policies
Terms of Use and Privacy PoliciesMarius Adomnica
 
Bonaz capital terms_and_condition
Bonaz capital terms_and_conditionBonaz capital terms_and_condition
Bonaz capital terms_and_conditionSuchita Tomar
 
Terms and conditions
Terms and conditionsTerms and conditions
Terms and conditionsTom Marshall
 
branded dialer app reseller business opportunity
branded dialer app reseller business opportunity branded dialer app reseller business opportunity
branded dialer app reseller business opportunity Dinesh Patel
 

Similar to Jim Peiser - Establishing Optimal Terms of Service and Privacy Policies (20)

ICO terms and conditions
ICO terms and conditionsICO terms and conditions
ICO terms and conditions
 
103-Terms+%26+Conditions.docx
103-Terms+%26+Conditions.docx103-Terms+%26+Conditions.docx
103-Terms+%26+Conditions.docx
 
Site terms and conditions of use
Site terms and conditions of useSite terms and conditions of use
Site terms and conditions of use
 
Terms of Service
Terms of ServiceTerms of Service
Terms of Service
 
Terms of Service
Terms of ServiceTerms of Service
Terms of Service
 
Terms of Use Policy Template
Terms of Use Policy TemplateTerms of Use Policy Template
Terms of Use Policy Template
 
Zoom terms of service zoom
Zoom terms of service zoomZoom terms of service zoom
Zoom terms of service zoom
 
terms+%26+conditions
terms+%26+conditionsterms+%26+conditions
terms+%26+conditions
 
Blip.tv Terms of Use
Blip.tv Terms of UseBlip.tv Terms of Use
Blip.tv Terms of Use
 
Website Disclaimer
Website DisclaimerWebsite Disclaimer
Website Disclaimer
 
SPICE PARK Terms of Service
SPICE PARK Terms of ServiceSPICE PARK Terms of Service
SPICE PARK Terms of Service
 
Tos
TosTos
Tos
 
Terms of Use and Privacy Policies
Terms of Use and Privacy PoliciesTerms of Use and Privacy Policies
Terms of Use and Privacy Policies
 
Tos
TosTos
Tos
 
Tos
TosTos
Tos
 
Terms
TermsTerms
Terms
 
Bonaz capital terms_and_condition
Bonaz capital terms_and_conditionBonaz capital terms_and_condition
Bonaz capital terms_and_condition
 
Terms and conditions
Terms and conditionsTerms and conditions
Terms and conditions
 
Busines Ssearch Ltd
Busines Ssearch LtdBusines Ssearch Ltd
Busines Ssearch Ltd
 
branded dialer app reseller business opportunity
branded dialer app reseller business opportunity branded dialer app reseller business opportunity
branded dialer app reseller business opportunity
 

Recently uploaded

Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 

Recently uploaded (20)

Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 

Jim Peiser - Establishing Optimal Terms of Service and Privacy Policies

  • 1. Terms of Service & Privacy Policies Setting the Ground Rules for Your Site Through Legal Mumbo-Jumbo james f. peiser, esq. jp@jamespeiser.com July 2, 2013
  • 2. One quick note…  This presentation discusses general legal issues, but it does not constitute legal advice in any respect, and is not the basis for an attorney-client relationship. I’d ask that no reader / attendee act or refrain from acting based on any information presented herein without seeking the advice of counsel, and expressly disclaim liability for any action taken or not taken based on the contents of this presentation.  Lawyers, am I right?  Seriously, though – this world moves fast, and occasionally the law keeps up, especially with respect to the ever-evolving world of privacy. So some of this information may get outdated quickly (or, because I don’t have an army of researchers handy, may already be outdated – but I’ve taken reasonable steps to have this not be the case).
  • 3. “ ” It is the beginning of wisdom when you recognize that the best you can do is choose which rules you want to live by, and it's persistent and aggravated imbecility to pretend you can live without any. - Wallace Stegner Terms of Service: Choosing Which Rules You Want to Live By
  • 4. Terms of Service: Just Another Contract, Really  Your Terms of Service is a contract between your company and the users of your site/product/service.  Like any binding contract, it creates a set of mutual expectations and obligations – that you will provide the service, and that the user will use the service in accordance with the Terms.  Acting against that expectation – a breach of the contract – generally would be grounds for terminating use of the service.  Terms should be narrowly tailored to your business – a hardware store wouldn’t have a “raw or undercooked foods” warning sign  Compare some selected parts of the Terms of Service/Use of a couple of well-known companies: TwitPic and Foursquare
  • 5. Use or Registration = Agreement  “By using Twitpic.com, you signify that you have read, understand and agree to be bound by these Terms and conditions.”  Silent on amendment process, if any, for regular “users” – separate government TOS includes language around amendments  Unclear whether “use” is akin to “registration” or includes passively accessing content (pictures)  “By registering for and/or using the Service in any manner, including but not limited to visiting or browsing the Site, you agree to all of the terms and conditions contained herein ("Terms of Use"), which also incorporate Foursquare's Privacy Policy, Foursquare's Intellectual Property Policy, Foursquare's Photo Guidelines, Foursquare's Venue Terms and Conditions, Foursquare's API License Agreement and all other operating rules, policies and procedures that may be published from time to time on the Site by Foursquare, each of which is incorporated by reference and each of which may be updated by Foursquare from time to time without notice to you in accordance with the terms set out under the "Modification of Terms of Use" section below. In addition, some services offered through the Service may be subject to additional terms and conditions specified by Foursquare from time to time; your use of such services is subject to those additional terms and conditions, which are incorporated into these Terms of Use by this reference. These Terms of Use apply to all users of the Service, including, without limitation, users who are contributors of content, information, and other materials or services on the Site, individual users of the Service, venues that access the Service, and users that have a page on the Service.”  A bit more useful, if overly legalese-y Be clear about the definitions of “use,” “registration,” etc.
  • 6. Adults Only?  “Twitpic is concerned about the safety and privacy of all its Users, especially children. Therefore, children under the age of 13 are not permitted to use Twitpic.com.”  You represent and warrant that if you are an individual, you are of legal age to form a binding contract, or that if you are registering on behalf of an entity, that you are authorized to enter into, and bind the entity to, these Terms of Use and register for the Service. The Service is not available to individuals who are younger than 13 years old. Foursquare may, in its sole discretion, refuse to offer the Service to any person or entity and change its eligibility criteria at any time. You are solely responsible for ensuring that these Terms of Use are in compliance with all laws, rules and regulations applicable to you and the right to access the Service is revoked where these Terms of Use or use of the Service is prohibited and, in such circumstances, you agree not to use or access the Site or Services in any way. • Set an age limit of at least 13 unless geared towards kids. • Avoid the “Columbia House” problem.
  • 7. Content / User Content Etc.  “TwitPic reserves the right to remove any image for any reason whatsoever. Specifically, any image uploaded that is pornographic or offensive in nature (including nudity, violence, sexual acts, or sexually provocative images.), infringes upon copyrights not held by the uploader, is illegal or violates any laws, will be immediately deleted and the IP address of the uploaded reported to authorities. Violating these terms may result in termination of your ability to upload further images. We reserve the right to ban any individual uploader or website domain from using our services for any reason.”  “We cannot be held liable for any damages. All data, photographs, videos, messages, graphics, comments, text, tags, or other materials ("Content"), are the sole responsibility of the person from whom such Content originated. You, and not Twitpic, are entirely responsible for all Content that you upload, post, email, transmit or otherwise make available through Twitpic. Twitpic does not control the Content posted and does not guarantee the accuracy or integrity of such Content.  “Twitpic shall not be liable for any statements or conduct of any third party using the service. By using Twitpic you may be exposed to Content that is indecent, objectionable or offensive.  Going to quickly flip to the actual TOS, as there is a lot in there about content.  Note the different flavors of Content specified  Never a bad idea to have different policies for different types of content: “If the User Submission includes a photograph, Foursquare's Photo Guidelines shall apply.”  Especially never a bad idea to spell out your (strongly held, opposed-to-it) position on child pornography: “Foursquare has a zero-tolerance policy against child pornography, and will terminate and report to the appropriate authorities any user who publishes or distributes child pornography.” Spell out control mechanisms and disclaim liability for problematic content – but ensure that proper compliance methods established.
  • 8. Termination  “TwitPic reserves the right to remove any image for any reason whatsoever. Specifically, any image uploaded that is pornographic or offensive in nature (including nudity, violence, sexual acts, or sexually provocative images.), infringes upon copyrights not held by the uploader, is illegal or violates any laws, will be immediately deleted and the IP address of the uploaded reported to authorities. Violating these terms may result in termination of your ability to upload further images. We reserve the right to ban any individual uploader or website domain from using our services for any reason.”  “Foursquare may terminate your access to all or any part of the Service and/or Add-to Link at any time, with or without cause, with or without notice, effective immediately, which may result in the forfeiture and destruction of all information associated with your membership. If you wish to terminate your account, you may do so by following the instructions on the Site. Any fees paid hereunder are non- refundable. All provisions of these Terms of Use which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.” Generally, you want to be able to terminate for any reason, but also specify most-terminable violations (NB: paid v. free, conversion, etc.)
  • 9. Indemnity  “You agree to indemnify and hold Twitpic, its officers and employees exempt from any claim or demand, including reasonable attorneys' fees, made by any third party due to or arising out of Content you submit, transmit, post or otherwise make available through Twitpic.”  “You shall defend, indemnify, and hold harmless Foursquare, its affiliates and each of its and its affiliates' employees, contractors, directors, suppliers and representatives from all losses, costs, actions, claims, damages, expenses (including reasonable legal costs) or liabilities, that arise from or relate to your use or misuse of, or access to, the Site, Service, Content, Add-to Link or otherwise from your User Submissions, violation of these Terms of Use, or infringement by you, or any third party using the your account, of any intellectual property or other right of any person or entity (save to the extent that a court of competent jurisdiction holds that such claim arose due to an act or omission of Foursquare). Foursquare reserves the right to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which event you will assist and cooperate with Foursquare in asserting any available defenses.” If a user violates your terms and causes actual damage to your business, ensure you have asserted your right to indemnification.
  • 10. Miscellany  “You agree that regardless of any statute or law to the contrary, any claim or cause of action arising out of or related to use of the Service or the Terms of Service must be filed within one (1) year after such claim or cause of action arose or be forever barred.”  “Data mining, "scraping", and/or unauthorized crawling of Twitpic by any means is prohibited unless explicit permission is given. Using any data from Twitpic (including images, data from images and/or users) that is not available through authorized channels is also prohibited unless explicit permission is given. Storing, saving and/or retaining images of any size is also prohibited.”  “Foursquare shall not be liable for any failure to perform its obligations hereunder where such failure results from any cause beyond Foursquare's reasonable control, including, without limitation, mechanical, electronic or communications failure or degradation (including "line-noise" interference). These Terms of Use are personal to you, and are not assignable, transferable or sublicensable by you except with Foursquare's prior written consent. Foursquare may assign, transfer or delegate any of its rights and obligations hereunder without consent. No agency, partnership, joint venture, or employment relationship is created as a result of these Terms of Use and neither party has any authority of any kind to bind the other in any respect.”
  • 11. Copyright Ownership and Licensing – Probably the Most Important Part of your Terms  Spell out your license that users grant you– along the lines of “By uploading content, you grant to [Company] a non-exclusive, worldwide, royalty-free, sub- licenseable and transferable license to use, reproduce, distribute, prepare derivative works of, display, and perform the content”  Facebook: “non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook. This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.”  Of course, users might not like it, but they are free to walk away.  You could also grant users a [worldwide, non-exclusive, non-sublicensable, non- transferable] license to use, modify and reproduce your own and your partners’ content, solely for personal use  If you have user-generated content, make sure you are very clear about UGC ownership.
  • 12. “ ” When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else. -David Brin How to create a Privacy Policy that Works For People and Everyone Else
  • 13. The Internet Is Still Not A Truck: It’s a Series of Tubes, and Has Very Little Respect for Geographic Boundaries  Email Monitoring Laws:  CT: Conn. Gen. Stat.§ 31-48d  Prior written notice to all employees required, advising of types of electronic monitoring which may occur.  Exception for suspected illegal activity  DE: Del. Code § 19-7-705  Employer must give a one-time written or electronic notice before monitoring email or Internet access or usage of an employee  Exceptions for maintenance and court orders  Only applies to companies with a “place of business” in Delaware  Misleading/False Privacy Policy Laws:  NE: NE Statute § 87-302 (14)  It’s a “deceptive trade practice” to “Knowingly makes a false or misleading statement in a privacy policy, published on the Internet or otherwise distributed or published, regarding the use of personal information submitted by members of the public.”  There’s also a bit about uninstalling spyware & (I think?) P2P clients, but that’s not an issue, right?  PA: 18 Pa. C.S.A. § 4107(a)(10)  Pretty much identical to Nebraska’s
  • 14. California All The Way – PII & CA  S. 22577(a): The term "personally identifiable information" means individually identifiable information about an individual consumer collected online by the operator from that individual and maintained by the operator in an accessible form, including any of the following:  (1) A first and last name.  (2) A home or other physical address, including street name and name of a city or town.  (3) An e-mail address.  (4) A telephone number.  (5) A social security number.  (6) Any other identifier that permits the physical or online contacting of a specific individual.  (7) Information concerning a user that the Web site or online service collects online from the user and maintains in personally identifiable form in combination with an identifier described in this subdivision. CA BUSINESS AND PROFESSIONS CODE SECTION 22575  (a) An operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service shall conspicuously post its privacy policy on its Web site, or in the case of an operator of an online service, make that policy available in accordance with paragraph (5) of subdivision (b) of Section 22577. An operator shall be in violation of this subdivision only if the operator fails to post its policy within 30 days after being notified of noncompliance.
  • 15. Back to 22575 For a Moment…  (b) The privacy policy required by subdivision (a) shall do all of the following:  (1) Identify the categories of personally identifiable information that the operator collects through the Web site or online service about individual consumers who use or visit its commercial Web site or online service and the categories of third-party persons or entities with whom the operator may share that personally identifiable information.  (2) If the operator maintains a process for an individual consumer who uses or visits its commercial Web site or online service to review and request changes to any of his or her personally identifiable information that is collected through the Web site or online service, provide a description of that process.  (3) Describe the process by which the operator notifies consumers who use or visit its commercial Web site or online service of material changes to the operator's privacy policy for that Web site or online service.  (4) Identify its effective date.
  • 16. Seriously, California?  California also has a “Shine the Light Law” - CA Civil Code § 1798.83  Applies to companies that share any of 27 types of users’ PII with third parties for direct marketing purposes.  Safe harbor: Under 20 employees  If you need to comply with this, be sure to place a link on your homepage that says “Your Privacy Rights” or “Your California Privacy Rights”  Provide contact details for users who want further information  Respond to any such requests – don’t have a mailbox that goes unchecked for years  Need to have a brief statement explaining the law and how users can opt out of having PII shared with direct marketers.  From Topps’ website: “If you are a California resident, you are entitled by law to request certain information regarding Topps’ disclosure to third parties of personal information for their direct marketing purposes. To make such a request, submit a written request to the address listed in the Contact section below, or send an e-mail to privacypolicy@topps.com, specifying that you seek your "California Customer Privacy Notice." Please allow thirty days for a response.”
  • 17. Oh, Massachusetts, You Too?  Data Protection in the US is highly fragmented – see federal laws like FCRP (Fair Credit Reporting Act), HIPAA (Health Insurance Portability and Accountability Act ), VPPA (Video Privacy Protection Act – applies to movie rentals, not ATM cameras. Yes, even Netflix records).  In 2010, Massachusetts’ data protection law, 201 CMR 17.00, became effective; while other states have enacted similar laws, this is almost certainly the most onerous.  Aimed at data security breaches, like TJX or Briar Group; puts onus on business that collected PII / customer data.  “Personal Information” is limited to “a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account”  If you’ve got a user in Massachusetts and you take credit cards, well… comply or risk $5,000 fines, in addition to the embarrassment of a security breach.  Requires a “Written Information Security Program,” applicable to all records containing personal information about a resident of the Commonwealth of Massachusetts.  Also, all your vendor contracts must specify compliance with MA laws.
  • 18. You’re Better Than That  The California laws sets minimum standards that all online businesses should adhere to as a matter of (a) compliance with respect to users in California and (b) getting on the road to best practices.  Doing the bare minimum shouldn’t be enough for the savvy entrepreneur.  Whether or not you need a WISP, having well-defined policies in place will go a long way towards establishing a solid culture of compliance.  Again, tailor your policies to your business – but consider how it might grow, and don’t be caught flat-footed, well-begun being half-done.  It’s really not that complicated:
  • 19. Essential Elements of Privacy Policy  What Information Do You Collect?  Registration / User-Supplied Information  Biographical information, email address, etc.  Include data collected through 3rd Party Login (OAuth - FB Connect, Twitter)  Automatically Collected  O/S, browser, geolocation, referral links, etc.  Again, even if third party (Google Analytics)  Cookies (or the like)  Disclose if you use.
  • 20. Essential Elements of Privacy Policy  What Do You DO With Said Information?  Purpose of collection (i.e., customizing user experience, sales, etc.)  Do you share it? And do you share the PII or aggregate data?  Internal recipients as well as third parties, and why?  Law Enforcement – Look for this landscape to change soon…  Transfer protocol in the event of a major corporate event – i.e., a sale of the company or bankruptcy  You take reasonable precautions with respect to security, etc.  How can users Change / Review stored information?  What Date was the policy last updated?
  • 21. Essential Elements of Privacy Policy  California OPPA and Shine the Light elements  COPPA elements  European elements
  • 22. Other Suggestions for Policy Drafting  Make it easy to read, use short sentences and prefer the active voice. Include links to definitions of jargon-y concepts if they’re unavoidable.  “HTML 5? I loved their show at Roseland!”  Don’t make promises you aren’t sure you can keep.  Pro-Tip: You aren’t going to be sure you can keep any promises.  “We’ll NEVER share your data! Not even with the NSA!”  Could pose a problem in the event of a security breach  Consider a simplified summary of the key elements up front, followed by a more fulsome discussion.  Have someone other than your attorney read it.
  • 23. A Word or 205 on COPPA  The Children’s Online Privacy Protection Act applies to sites allowing users under 13  Enacted in 1998, effective in 2000, rules promulgated by the Federal Trade Commission  The FTC has a very helpful FAQ on FTC.gov, “Complying with COPPA: Frequently Asked Questions”  Thankfully, the Rule has a safe harbor: “COPPA covers operators of general audience Web sites or online services only where such operators have actual knowledge that a child under age 13 is the person providing personal information.” (from said FAQ)  Twitpic’s Privacy Policy: “The Site is not directed to persons under 13. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, he or she should contact us. We do not knowingly collect personally identifiable information from children under 13. If we become aware that a child under 13 has provided us with personal identifiable Information, we will delete such information from our system.”  Foursquare’s: “ The Service is not available to individuals who are younger than 13 years old.”  Doesn’t address what happens if a child manages to sign up  Bottom Line: If you’re marketing to kids at all, COPPA compliance is extremely important.
  • 24. Sample COPPA Compliance (Actually Marketing to Kids)  At Topps, children’s privacy is important to us. We are committed to providing fun, entertaining, and secure Sites for all ages, particularly our younger users. Therefore, we have implemented the special measures described below to help children protect their privacy while online.  Information We Collect: There are many activities on the Topps Sites or portions of Sites directed to children that children can participate in and enjoy without providing personally identifiable information. To enable their participation in some of our interactive features (e.g., contests, newsletters, online games, electronic postcards to family or friends), children will need to provide us with certain personally identifiable information. The types of personally identifiable information is typically limited to first name and e-mail addresses. We also may ask users to provide certain information that is not personally identifiable, such as city or state of residence, date of birth and gender.  Use and Disclosure of Information: To participate in certain features, we may ask a visitor to register. When users who attempt to register indicate that they are children, depending on their age or location, we either collect no personally identifiable information from them or inform them that a parent or guardian’s consent is necessary to participate in the activity. To obtain consent, we will collect the e-mail address of the visitor’s parent or guardian in addition to that of the visitor. We use the parent or guardian’s e-mail address to obtain consent or notify parents or guardians of their child’s online activities and to enable them to unsubscribe the child from a newsletter or other similar activity. For visitors that we know are children, we will not condition participation in an online activity on the disclosure of more personally identifiable information than reasonably necessary to participate in the activity.  Unless we indicate otherwise or obtain consent, personally identifiable information collected from children is generally used by Topps or Topps’ agent and contractors for internal purposes, such as enabling visitors to enter our online contests or sweepstakes, to subscribe to an online newsletter, to play an online game, to provide customer service, and/or for the purposes for which the information was provided. We do not share children’s personally identifiable information with outside third parties not bound by this Policy for their own marketing purposes.  We may share children’s personally identifiable information with third parties to the extent reasonably necessary to: protect the security or integrity of our Sites; take precautions against liability; respond to judicial process or law enforcement agency request or investigation; or to the extent permitted by law or consistent with this policy or legal requirements.  Reviewing Information/Contact: If you would like to review any personally identifiable information that we have collected online from your child, have this information deleted, and/or request that there be no further collection or use of your child’s information or if you have questions about these information practices, you may email us at privacypolicy@topps.com; write to us at Topps US, One Whitehall Street New York, NY 10004; or call us at 1-888-GOTOPPS.
  • 25. Going Global?  The European Union and its member states are, to put it mildly, difficult when it comes to data protection and privacy.  If you’re doing business in Europe, you’ll need to follow the EU’s Data Protection Directive – soon to be supplanted by a new Directive, the General Data Protection Regulation.  Seriously, consult a lawyer who knows what she’s doing to help shape your data protection regime if you’re transacting globally.  Example of some added language for EU requirements: “As Topps operates globally, we may need to transfer to and process personally identifiable information about you on our servers in the United States. Please note that the data protection laws of other countries, such as the United States, may not offer a level of privacy protection equivalent to that within the European Economic Area or your home country. Be assured, however, that we will take reasonable steps to protect personally identifiable information collected at our Sites. By using this Site, you expressly consent to such transfer.”
  • 26. Thanks For Joining Me!  I guess it’s Q & A time then  (Assuming, of course, I haven’t blathered on for the full 2 hours)