You’re probably vaguely aware that any time you sign up for a new web account— Facebook, online banking, whatever — you have to agree to the provider’s terms of service. No one actually reads them. But if you have a website — passive, active, or otherwise — terms of service are a key component of mitigating risk. Here are six tips for using them effectively.
Don't DIY! Website terms of service don’t vary much from site to site which makes it tempting to borrow someone else’s, insert a couple of changes, and pass them off as your own. And you certainly don’t need a lawyer to write them from scratch. But do make sure that your TOS identify and address risks specific to your venture.
Make them a binding contract. Make it crystal clear — in big, bold print - the the TOS are a binding contract. Otherwise, the user could argue that he didn’t knowingly become a party to a formal agreement. From a legal perspective that’s probably a pretty lousy claim, but if you really think attorneys shy away from arguments just because they're weak or frivolous . . . you're very wrong.
Require "active" confirmation. You don’t have to make the user scroll through your entire TOS, but you should make her take some action (like checking a box) before continuing. That way she can't claim that she was unaware that the TOS even existed.
Add the confirmation to the database. You can make it virtually impossible for a user to claim she didn't know she was entering into a contract by adding an acknowledgement check-box that records the confirmation in the database. You now have documented proof that the user actively agreed to be bound. If the user doesn’t check the box, she can’t register.
Make the TOS easily accessible. You must give the user an opportunity to read the TOS. Make sure access to the page is easy. If the user can’t open and read the policy, it’s going to be tough to insist that she comply with its terms.
Review and update your TOS regularly. Rules, laws, and best practices change. For example, in May of 2018, the European Union’s new data management law, the GDPR, took effect. The legislation fundamentally changed website user rights and added a host of obligations to service providers. Any company with even tangential business links to the EU had to make major adjustments not only to its TOS but also to its data management protocols. Failure to comply can have serious consequences like steep fines.