The 5 Legal Areas Where Websites Blow It

It wasn’t all that long ago that the web was very much a forum without laws. This is no longer the case, but many Legal Areas Where Websites Blow Itwebsite operators haven’t picked up on this fact. With this in mind, let’s take a look at the five legal areas where website owners most often go wrong when operating online.

1. Not Taking Advantage of DMCA Protections

User-generated content is at the heart of the web these days. “UGC” comes in many forms, but it essentially boils down to anything a website allows a user to upload to the site. In the case of a site such as YouTube, this means videos and comments on videos. For a blog or e-commerce site, uploads can include comments, product reviews, and forum discussions. More progressive sites such as may even allow users to upload video reviews of products.

Given all this interaction, I’m shocked how few websites take advantage of the safe harbor liability protection provided in the Digital Millennium Copyright Act of 1998. This law is considered controversial by users who republish content and copyright owners who see their works used without authorization. This controversy does not extend to website operators. The DMCA is perhaps the single most important law protecting online businesses that allow user-generated content.

Why is the DMCA so helpful to websites? When complied with properly, the DMCA provides websites with immunity from being sued for copyright infringement for content uploaded by users. YouTube provides us a perfect example. If I copy part of a film in a movie theater with my phone and then post it to YouTube, I’ve infringed on the copyrights of the producers of the movie. Those producers can sue me for copyright infringement. However, they are precluded from suing YouTube because of the protections provided by the DMCA.

Online operators that allow users to upload, well, anything should be DMCA compliant and may want to consider our DMCA agent service. The process is relatively simple, and inexpensive.

2. Privacy Law Face Plants

As Mr. Snowden and the NSA recently revealed, the concept of privacy is fairly laughable these days in the United States. Given this, many website operators seem to feel they either do not need a privacy policy or can just write whatever they like and post it.

This belief is inaccurate and dangerous.

Let’s be clear about a few things:

  • You must have a privacy policy,
  • Your privacy policy needs to accurately reflect your privacy practices,
  • You must actually follow your privacy policy, and
  • You must disclose particular types of information in the policy.

If I had to guess, perhaps 90 percent of all websites have inadequate privacy policies. This shortcoming acts as a target for predator attorneys and the FTC. You most likely fall within this 90 percent grouping.

Don’t believe me? Open a second window and pull up the privacy policy for your website.

  • Do you disclose whether you comply with “do not track” signals from browsers and privacy software?
  • Does your policy contain language disclosing if third parties can track your visitors through the website?
  • Do you reveal the exact types of personal information you collect from visitors and how you use that information?

If the answer to any of these questions is anything other than an unequivocal yes, you are violating various privacy laws and inviting unwanted legal attention. FTC fines start at $16,000 per violation, so you might want to get that taken care of pretty quickly.

3. Copying Terms and Privacy Policies

Did you copy your terms of use or privacy policy from another website? This one just kills me. Why would you do this? The terms and privacy policies of your site are contracts with your users. You are legally bound to follow the information detailed in each agreement. By copying the terms and privacy policies of other websites, you are begging to be sued. You might as well walk into a law firm and yell,

“Please sue me!”

To understand why, let’s return to the privacy policy discussion we just had in the previous section of this article. I mentioned three simple questions you must raise, answer and disclose in your privacy policy. Those questions require answers specific to how you run your online business and website. If you copy a random privacy policy from another site, the disclosures in your privacy policy are going to be incorrect!

Let’s consider an example. You copy a privacy policy from The privacy policy includes a disclosure indicating the site complies with “do not follow” signals by disabling all cookies it uses to track such visitors.

The only problem? Your website does no such thing. You have just breached your own privacy policy! This violation creates a slam dunk case for any attorney looking for sites to sue.

Another classic problem is the terms contain a copyright policy listing a DMCA agent that you haven’t retained. When that agent receives notice of a copyright complaint, they are not going to forward it to you. The agent has no idea of who you are!

Do not copy the terms or privacy policy of other sites. Doing so just invites disaster.

4. Will Not Sell User Information

You know the old saying that no good deed goes unpunished? Our fourth topic highlights this notion. Pull up just about any website online, and you will see a clause in the privacy policy reading, “We will never sell, rent or disclose your information” or something of this sort.

Finally, a company that cares about your privacy!

Ummm…also a company that is eventually going to have a very unhappy owner. The problem should be obvious. 

What if you want to sell the website one day?

99.9 percent of buyers are going to view the database of user information as an integral part of the purchase transaction. If your privacy policy contains a clause prohibiting the transfer of that information, you have an enormous problem.

This scenario occurred with a dating site in 2013. offered to buy for $700,000, but ultimately withdrew the offer. The problem? The Texas Attorney General objected to the sale. The privacy policy for contained language promising users that the company would not transfer their personal information to other parties. As you can imagine, a dating site without any users is as useful as Kim Kardashian without a camera within 10 feet of her. Well, perhaps not that useless.

Can you imagine selling your site for $700,000 and watching the transaction fall apart because you included a clause of this type in your privacy policy? That would be a very painful lesson.

5. Shooting Yourself In The Corporate Foot

You should form a business entity for any online business. Why? The purpose of a corporation or LLC is to create a shield between the debts and liabilities of the online business and your personal assets. This approach provides time tested legal protection, but many website owners open themselves up to personal liability by failing to operate the entity adequately.

A business entity only protects you if it is run as an independent entity pursuant to the legal requirements of the state it is formed in. If this does not occur, a creative attorney can argue the entity should be set aside and the owners held personally liable for the debts and liabilities of the business. Unfortunately, many online businesses open themselves up to this risk when operating online.

One of the factors a court will look at when considering whether a business entity should be set aside is the ownership status of the assets in the business. For an online business, typical areas of investigation include whether you or the business entity are listed as:

  • The owner of the domain name,
  • The contracting party for web design work,
  • The contracting part on the hosting account,
  • The owner on any copyright filings,
  • The owner on any trademark filings,
  • The contracting party on freelancer contracts, and
  • The contracting party on other legal agreements specific to your business.

If you are listed as the party on most of these documents, you can have a significant legal problem on your hands. Let’s be clear. The business entity should own all the assets of the company. If someone uses the “who is” function to investigate your domain, they should see the company listed as the owner. If a majority of the ownership documents are signed by you personally instead of as an officer of the entity, a judge is going to be more receptive to a claim the entity should be set aside. That is the last thing you want to see happen, so check your business documentation to make sure you are not sitting on a time bomb.


Do these five areas cover everything you need to be concerned about as a website operator? No. The days of the web being a lawless platform where anyone can run amuck are over. For better or probably worse, we are now venturing into the days where laws applicable to the web not only exist, but there are far too many of them!

The key to minimizing your risk is to get ahead of the game before a lawyer shows up at the door with lawsuit in hand. Make sure to consult with an attorney familiar with internet law concepts before that happens.

Richard A. Chapo, Esq.