We wanted to make this post short and to the point.  In this day and age, user generated content is a large part of our technology products.  As such, this raises issues like Copyright infringement and privacy, which can expose web and mobile application entrepreneurs to extensive liability.

There are steps that we can take, however, to limit our exposure to liability.  Below is a discussion of these preventative steps – usable by most modern websites that collect user data or host user generated content. By no means is this list exhaustive – each situation is unique and we highly advise that you consult a seasoned Intellectual Property (“IP”) attorney when considering these protections.

1.  Have Users Agree To A “Terms of Use” (Terms of Service Agreement) 

Terms of Use (“TOU”) (also known as Terms of Service) are terms and conditions that a customer must agree to in order to use a service.  TOUs can cover a range of issues, including acceptable user behavior online, a company’s marketing policies, and copyright notices.

Really great TOUs are drafted to meet the individual specifications of a website.  They have powerful implications and should not be taken lightly. For a full appreciation of a TOU, see this post by intellectual property attorney Jill Bowman (its pretty amazing).

Some of the major flaws in TOU agreements are related to the protections that people seek under the Digital Millennium Copyright Act (“DMCA”) as explained by startup guru Dana Shultz in his blog post on the issue.

Here is an example template for a Terms of Use for a web or mobile application that hosts user generated content.  This is merely an example and is not intended to be used directly on your website.  Use it only as a reference for when you speak to an attorney.

Some major considerations for a TOU – Contributed by Jessica Hubley, Esq. (subject to Disclaimer)

  1. Limit the site’s liability to users to some very small dollar amount (e.g., $10 or fees actually paid for services in the past 6 months);
  2. Have the user indemnify the site for any third party claims arising from their use of the site; and
  3. Include an arbitration clauses to reduce class action suits.

2.  Comply With The DMCA

The Digital Millennium Copyright Act (“DMCA”) provides web and mobile application owners protection against liability for copyright infringement resulting from content uploaded by third party users.  Providers, however, must comply with the DMCA to be eligible for such Safe Harbor.  For more information on this topic, see another great post by Jill Bowman.  Below are two things your company can do to help fall under these Safe Harbors.

  • Register With The Copyright Office 

The Company must apply as an online service provider and designate an agent with the Copyright Office to properly rely on the limitation of liability from copyright infringement under the DMCA. Additional information and the forms are available at http://www.copyright.gov/onlinesp/. You can designate a member of your team as the “agent.”  The filing fee is $100.

Most modern web and mobile application TOUs are written to rely upon the DMCA limitation of liability.  If your TOU does rely upon the DMCA, then you should take these precautions.  Again, consult an attorney versed in IP law for proper compliance.

  • Institute (and diligently follow) A DMCA Policy
Which can include: 1) A working notification system (if a copyright owner tries to find you – they can), 2) a procedure for dealing with complaints from copyright owners regarding infringing content on your website, 3) a system that allows copyright owners to collect the information they need to issue DMCA complaints.

3.  Have A Privacy Policy On Your Application

A privacy policy is a legal discloser that describes the ways a party gathers, uses, discloses and manages a customer’s “personal information.”  Its purpose is to inform your users of how you collect and use their data – therefore, like your TOU, it is important that this is drafted to your particular application’s data usage features.  Where companies get themselves into trouble is by making disclosures that are inaccurate regarding user’s data or do not maintain their TOUs over time.  Privacy policies should be updated whenever there is a change in the way a company uses user’s customer information.

In most cases, someone’s name, address, email address, and telephone number are considered personal information. Health information, sexual orientation information, location information, and financial information (among others) may be considered “sensitive information” as well as “personal information,” and may be subject to more stringent protections both in tort and by virtue of specific statutes such as the Health Insurance Accountability and Portability Protection Act (HIPAA) or the Fair Credit Reporting Act (FCRA). (Contributed by Jessica Hubley, Esq. (subject to Disclaimer)):

The FTC requires that websites that deal in users’ personal information have a “clear and concise” privacy policy that explains, in a digestible manner (Contributed by Jessica Hubley, Esq. (subject to Disclaimer)):

  1. What types of information the company or website collects;
  2. How the company or website uses that information;
  3. With whom the company or website shares that information; and
  4. How the company or website secures that information.

Like the TOUs, find an attorney well versed in IP law and have them take a look at your Privacy Policy.  There are also organizations like TRUSTe and P3PWiz that offer templates and consulting to help with policies. You may find some good information from the International Association of Privacy Professionals (IAPP).

Finally, if your site collects information from children, includes health or financial data, or you have operations in other countries, there may be additional laws with which you must comply.  We plan to expand this blog post to capture these additional regulations…so stay tuned.

About the author

Matt Faustman

Matt Faustman

Matt is the co-founder and CEO at UpCounsel. Matt believes in the power of online platforms to change antiquated ways of life and founded UpCounsel to make legal services efficiently accessible. He is responsible for our overall vision and growth of the UpCounsel platform. Before founding UpCounsel, Matt practiced as a startup and business attorney.

View all posts


    • Yes, there are. Check out the one by Jill Bowman on this blog post. It is one of the best IP law blogs out there. What specifically are you looking for?

  • Great post guys – this really shed some light on some of these things. The privacy stuff seems to be really important these days.

  • An extension to my comment above about using arbitration clauses in a TOU:

    “Including a provision in your terms of service that requires users to arbitrate their claims against you may help your website avoid class action lawsuits over your content or your treatment of user’s personal information. A recent Supreme Court decision in AT&T v. Concepcion (link) teaches that such provisions in form Terms of Use require litigants to pursue individual dispute resolution rather than class action litigation. Individual actions are too costly to be worthwhile for plaintiff’s lawyers who work on contingency, so including an arbitration provision will probably deter such lawyers from trying to construct a class action against your website.”

Post a Job on
UpCounsel and get
high quality legal work done

Post a Job on UpCounsel
/* ]]> */