GDPR part 5 – Terms of Use

Previously on the CogitActive Saga:
In addition to emphasizing the importance of processing the personal data in a fair and transparent way, as well as getting explicit consent from the users (for pretty much everything), they recurrently told about privacy policy and terms of service.

First things first, the General Data Protection Regulation (GDPR) does not require any changes to your Terms and Conditions¹. Indeed, the rules and disclaimers set in this legally binding contract (aka “Terms of Service”, “Terms of Use”, or other similar agreement names) do not fall under the umbrella of privacy as covered by the GDPR¹. Actually, the GDPR does not make any mention of Terms and Conditions agreements¹. That being said, these two documents, which have to be separate and distinct, often refer to one another. Hence, you should update any references to your Privacy Policy in your Terms of Use.

The GDPR is concerned with privacy law. Privacy Policies fall into that category, but Terms and Conditions agreements do not.Ross B.

The fact of the matter is that a Terms and Conditions agreement is optional¹. This contrasts with a Privacy Policy that is required by the GDPR and other privacy laws. This must be due to the difference in purpose between these two documents: the former exists to protect you, whereas the latter aims at protecting your users.

So, what does this post have to do with this mini-series about GDPR?

While not required by law, it is recommended to have Terms of Use for your website. Such agreement, which sets the rules that users must agree to in order to use your site (or services), is indeed incredibly useful, if only to indemnify yourself against any potential legal disputes. That is probably why most websites seem to have one. In view of that, I decided to create my own Terms of Use.

It is up to the website owner or app developer to create a Terms and Conditions for their own sake.Ross B.

What for?

According to WebsitePolicies, any site that has any form of interaction with its users, whether eCommerce, blog, social media, or professional, should include a terms and conditions page within it. Of course, such an opinion is biased; they want you to use their services to create custom-tailored agreements at an affordable cost. Now, despite their vested interest, the truth is that their advice – it is something that every website owner should consider essential – is actually worth following.

As mentioned above, the main purpose of a Terms of Use agreement is to protect you. Indeed, it is first and foremost a way to protect yourself by limiting liability. For example, you can include a warranty disclaimer to limit your liability in cases of errors, or inaccuracy, in the content presented on your site. Similarly, you cannot always control what your users do on your website; yet, you can protect yourself against their actions, be it posting illegal or fraudulent material, or using something that constitutes copyright infringement. In keeping with this idea, it is also a good place to remind them that international copyright laws protect your content as well.

When things go wrong, people want to find someone to blame. If you do not use disclaimer warranties on your website, then the blame could easily be put on you.Michael Curtis

In fact, Terms of Use are important for many reasons beyond mitigating liability. In particular, it is a way for you to set up rules and regulations for visitors using your website and/or services. Depending on the type of website, you may need to include a Termination clause (e.g. for site with registered account), a Refund Policy (e.g. for eCommerce site), in addition to the Intellectual Property clause already mentioned. If you have a blog, your Comment Policy will likely be a part of your Terms of Use. Better than long, explanatory phrases, here is a video by TermsFeed that list five main reasons why you should have a Terms of Use page:

by TermsFeed

In short, the Terms of Use help in dealing with problems or preventing them in the first place. Therefore, it is advisable² to have such an agreement in place, if only to protect your content from a copyright perspective and you from potential liabilities.

How to?

I thought that creating my Privacy Policy was a daunting task (see GDPR part 4 – Privacy Policy), but writing a Terms of Use agreement was definitively more intimidating. Although, there aren’t any laws regulating the way [Terms and Conditions] agreements need to be written or presented, they are meant to meet incredibly complex and highly specific scenarios. Such a dense document includes various provisions and clauses, and what is more uses a very specific type of language (i.e. legal jargon). In this regard, it is actually quite common nowadays to see a short summary in plain language below each section for people to understand what this is about.

“What about enlisting the help of an attorney?”
“Budget-wise, this is not an option!”
“Still, having a lawyer reviewing your Terms of Use would be a good idea.”

There are many articles on how to write Terms & Conditions, but no shortcut to create them. What about the many generators available online, you may wonder? They will put together a basic agreement; still, insofar as I am not conducting any business per se³, this should be a suitable option. Wrong! The exact content varies depending on the nature of the site and the services it provides. Templates simply cannot match your specific needs and will fail to provide adequate legal protection. According to many, they should be avoided! Now, it is true that not all generators are created equals; so does their pricing…

Importantly, you need first to have a good grasp of your personal situation. In this regards, apart from a Comment Policy for this blog, I naïvely thought that I would not need to add much to my Terms of Use. After all, I do not allow registration (see Network Settings), I do not sell anything nor charge⁴ for accessing my content. Little did I know about what to include indeed, until I went through other sites’ agreements. Only then, I realized that writing such a legal binding contract is a sensitive process and there was little likelihood it would be completed overnight.

After many drafts, and reading uncountable more guides on that matter, I however ended up with a seven-page long document that included many headers that I would never have thought of otherwise (e.g. “Disclaimer of Warranties”, “Limitation of Liability”, or other “Indemnification”).

Particular emphasis should be given to the limitation of liability clauses (and disclaimers), for example the case of malfunctions of the app or website.iubenda

A conspicuous location

Now, this document will not help you if your users cannot find it or are not required to accept it before to use your services (e.g. using an “I agree” checkbox). Generally, websites display a link to the Terms of Use in the footer. Given my recent modification of the latter (see Replacing “Proudly powered by WordPress” with a copyright notice), this part of the process was relatively straightforward, especially with the new addition to the site-info.php file (see GDPR part 3 – Oops!); this piece of code, in particular:

<?php
if ( function_exists( 'the_privacy_policy_link' ) ) {
	the_privacy_policy_link( '', '<span role="separator" aria-hidden="true"></span>' );
}
?>

Simply, the the_privacy_policy_link() function, which displays a link to your Privacy Policy as you may have guessed, has two optional parameters to define what to display before and after the link. In the example above, the first is set to nothing (empty single quotes). The second, however, is of particular interest because it adds a separator (role=“separator”) that will not be read aloud by a screen reader (aria-hidden=“true”). As already described in the previous post, this PHP code will output the following HTML:

<a class="privacy-policy-link" href="https://cogitactive.com/privacy-policy/">Privacy Policy</a>
<span role="separator" aria-hidden="true"></span>

And this will be displayed like this:

Privacy Policy /

Now, if you try this code on your site, you will not have the same result as I have on mine. In particular, you will almost certainly not see the / character (i.e. the divider). The reason why is to be found in the stylesheet of Twenty Seventeen. Indeed, if you compare the style.css file of this theme⁵ before and after the WordPress privacy release (i.e. Twenty Seventeen version 1.5 vs. 1.6), you will notice two additional CSS selectors:

.site-info span[role=separator] {
	padding: 0 0.2em 0 0.4em;
}

.site-info span[role=separator]::before {
	content: '\002f';
}

Yep, even though the separator (i.e. role=“separator”) is a divider that separates and distinguishes sections of content, on its own it doesn’t involve a visual separator other than a space. The developer behind Twenty Seventeen opted to visualize this separation with the / character, which encoding in CSS is \002f.

Once this figured out, it was straightforward to add a link to my Terms of Use in my footer.

Two actually! In the process, I noticed that there was a difference in color between the first two links and my copyright notice. Indeed, the stylesheet of Twenty Seventeen specifies the color #666666 for links within the site-into class (see Replacing “Proudly powered by WordPress” with a copyright notice for more on this class attribute). My copyright notice was nothing but plain text, and what is more, with no specific class; hence it defaults to the #333333 color instead. For the sake of homogeneity, I decided to link it to my website (and to remove the “CogitActive” part).

As for the second thing, you may have noticed in the above code the following attribute: class=“privacy-policy-link”. At first, I was quite puzzled because I could not find any related selector in the style.css file of Twenty Seventeen. Digging further, I discovered that the “Proudly powered by WordPress” link had also a class, namely class=“imprint”, that was not defined in the stylesheet of my theme either. I found the explanation in this ticket. Both classes were added so that at least going forward people will be able to target both links individually. Good to know, right?

Anyway, after modifying the site-info.php file for my blog, I had to do the same for my website. I am indeed using two separate child themes. So much work, knowing that…

Chances are that no one will ever read your Terms and Conditions, but they will certainly come in handy should any issues arise.Nellie Akalp

To be continued…

¹ Ross B. (2019) Will the GDPR Affect Your Terms and Conditions Agreement? TermsFeed. ^
² Whenever complex issues are at stake, it might be mandatory to have an accurate and valid Terms of Use agreement (e.g. if you run an e-commerce website). Definitely, you may want to consider seeking professional legal advice from a lawyer. ^
³ Indeed, CogitActive is (only) a web-based information resource for Neuroscience and beyond, as pointed out in the front page of my website. ^
⁴ Yet, your support is highly appreciated. See footer! ^
⁵ If you are using another default theme, you may want to consider checking this page. It highlights the differences introduced for this privacy enhancement for all the themes from Twenty Ten to Twenty Seventeen. Importantly, you will see that the changes are not limited to the style.css file. ^

What do you think?

Like ()
Agree ()
Disagree ()
Thank you ()