Many individuals and businesses are refreshing their websites, as COVID-19 makes our online presence more important than ever. In the process of creating a new look or updating your content, it’s important to consider some often-overlooked legal matters.
Content on the Site
Be sure you personally or your business own or have permission to use all the content on the site – text, designs, images and videos. If a third party who is not your employee designed the site for you, be sure there is a written work-for-hire agreement that gives you the copyright in their work. Copyright law has some very specific work-for-hire requirements, so, absent this writing, you may not own the rights to elements of your site. Be sure that you have digital access to the underlying files so that you have the ability to make changes in the site without relying on a third party, whether it is an employee or another third party, in the years to come.
If the site displays third-party images or other content, be sure that you have obtained permission unless the content is in the public domain. You can’t assume that an image available for free online is not subject to copyright. There are “fair uses” of copyrighted content, but especially in a commercial context it is not generally advisable to rely on a fair use defense. So best practice is to ask permission when in doubt. (See our earlier blog on the use of third-party photos online.) Lutzker & Lutzker routinely represents and obtains compensation for photographers whose images have been used online without their consent.
Copyright Notice and Registration
Your website should prominently display a copyright notice (© Jane Jones Creative LLC 2020). This provides notice to the world that you own the content, and that users infringe it at their peril. If you have a specially designed or complex website, you may want to consider registering the copyright to your website with the Copyright Office. While registration is not required, it is a prerequisite to a infringement lawsuit, and timely registration prior to infringement allows for recovery of statutory damages (that is, damages that do not need to be specifically proven) and attorneys’ fees, which often makes it feasible to bring a lawsuit. As a practical matter, it also gives visitors to your site information as to who to contact if they wish to republish your material for their own purposes.
You also want to provide notice of any valuable trademarks. If your trademark is registered, you should display the symbol ® with the mark. If you have an unregistered mark, or one with an application pending with the U.S. Patent & Trademark Office, the correct symbol is ™. In the event you have a design mark registered, make sure that any updates to the graphic elements will not cause you to lose existing trademark protections when it comes time to file your affidavits of continued use with the Trademark Office. A design refresh may provide a good opportunity to consider registering for the word trademark alone. This will provide you with greater flexibility as your website and the image you want to project evolves. You may also find that you need protection for new uses of your trademark as your business model expands.
GDPR: If your website is visited by residents of the European Union, you are subject to the General Data Protection Regulation (GDPR) that became effective in 2018 to protect EU residents from privacy and data breaches. GDPR defines personal data very broadly and imposes preconditions to the collection of such data and imposes numerous other obligations on the collector of the data. GDPR also regulates the transfer of data to countries outside the EU. This might seem irrelevant to a U.S. business, but if the website reaches EU residents and their data is “processed” in the U.S., the provisions of GDPR will apply. See our blogs on GDPR and recent GDPR developments regarding international data transfer.
CCPA: The California Consumer Privacy Act, enacted in 2018 but effective as of January 1, 2020, was designed to give California residents more control over the personal information that businesses collect about them. It generally applies to for-profit businesses that meet one of the following requirements:
- have a gross annual revenue of over $25 million;
- buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or
- derive 50% or more of their annual revenue from selling California residents’ personal information.
Other State Privacy Laws: Since CCPA, many other states have introduced similar legislation to protect consumers. Nevada and Maine have enacted such legislation, and others have bills in progress. You should stay abreast of these bills in states where you have customers to remain in compliance with stricter requirements as they become effective.
COPPA: If your website is directed to children under 13 years of age, under the Children’s Online Privacy Protection Act, known as COPPA, you need parental consent to collect any PII from such users. There are specific requirements for compliance, including an online notice to parents and procedure for obtaining parental consent prior to collecting any PII. Although nonprofits are not generally subject to COPPA (with some exceptions), many choose to follow the FTC recommendations to comply as a matter of best practices.
If you host any third-party content on your site, you will want to protect yourself by taking advantage of a limitation on liability available to “online service providers” under the Digital Millennium Copyright Act (DMCA), 17 U.S.C. Section 512(c).
For example, you might be hosting third-party content if you post communications from users on relevant topics. Absent the DMCA protections, if any of the user’s material infringed the copyright of another person, your website would be liable for publishing it. If in doubt as to whether you could be considered an “online service provider,” it’s best to follow the simple procedures to qualify for the exemption from liability.