Previously on the CogitActive Saga:
In order to fulfill the ‘explicit consent’ GDPR requirement, WordPress added a cookie consent checkbox to the comment form.
… starting from the point where the story stopped.
Should I, and equally important, can I add a Privacy Policy consent checkbox to my comment form? Contrary to popular belief, and as convincingly demonstrated by Thomas Kahler, using an “I agree to Privacy Policy”, namely a click-wrap, to obtain consent (to the Privacy as a whole) is invalid. A better approach, in my opinion, is to provide a link to the Privacy Policy (within the comment form); thus making sure people can easily access it. But what do I know; I am neither a lawyer, nor an attorney.
… and continuing with Johnstonesnow claim:
Any form submission must obtain the user’s explicit consent, and not only that, but an agreement to terms and privacy policy, which can’t be inserted in Jetpack Comments either.johnstonesnow
My investigation ended up with the invalidation of both the “explicit consent” and the agreement to Privacy Policy component of Johnstonesnow’s claim (see GDPR part 6 – Comment form adjustment and GDPR part 7 – Comment form adjustment cont’d, respectively). However, a question remains what about the agreement to Terms of Use? Indeed, as mentioned in GDPR part 5 – Terms of Use, the rules and disclaimers set in your Terms of Use (aka “Terms of Service”, “Terms and Conditions”, or other similar agreement names) do not fall under the umbrella of privacy as covered by the GDPR
.
Brief recap
Even though a Terms of Use agreement is optional, it is advisable to have such a legally binding contract in place because its main purpose is to protect you. Generally, this agreement has an introductory statement like Use of the services constitutes acceptance of the Terms and Conditions
. This method to obtain consent – that is by the user’s action (e.g. by browsing a website) – is referred to as a browse-wrap (see GDPR part 7 – Comment form adjustment cont’d). As opposed to click-wraps, such agreements do NOT require any type of express manifestation of assent. Accordingly, websites just display a link to the Terms of Use, usually in the footer.
This is considered to be implied consent and, as already explained, implied consent does not exist in the GDPR
. Therefore, many people favor click-wraps because they also make the method of acceptance unambiguous (one of the requirement for consent under the GDPR). However, it appeared that this approach couldn’t be used for the Privacy Policy (see GDPR part 7 – Comment form adjustment cont’d). Specifically, using a click-wrap (e.g. “I agree to Privacy Policy”) will NOT ensure that your legal agreements are able to be upheld in the event of a legal dispute or if other issues arise
because such consent (for the Privacy Policy as a whole) is apparently invalid
under the GDPR. But is this issue true for the Terms of Use?
Some legalities
Now, as alluded earlier, the consent to enter into a contract and the consent in the context of data protection are different concepts with different requirements
. In other words, the GDPR is concerned with privacy law, not with your Terms of Use agreement. The question therefore is whether website’s Terms of Use are legally binding (and not if the method to obtain consent is GDPR compliant). The answer offered by upcounsel1, an online service that makes it faster and easier for businesses to find and hire legal help, is Yes, if they meet the elements that create a legally binding contract and how the terms are presented to the user for review and acceptance on the website
. What are these elements?
According to them, setting up enforceable Terms of Service requires specific placement, explanations and proper record keeping
. Essentially, they stress the importance of proper and obvious notification to users that the Terms of Service exist
. Accordingly, the legal agreements should not be buried in the website footer
; this being indeed2 insufficient
. Importantly, they also explain, If the Terms of Service agreement includes a unilateral provision which states the company can change the agreement without notifying the customers, the agreement is entirely unenforceable
. Good to know!
Browsewrap lacks a certain component that is essential in clickwrap: Notice.FreePrivacyPolicy
Now, it should be possible to implement proper and obvious notification
for browse-wraps as well. Be it with location relative to other links or font color – you name it – there are ways to increase the visibility of the link to the Terms of Use. Whatever design element you implement, make sure that this link is conspicuous enough to meet the requirement of notice. For instance, some sites use a banner that follow the user as they scroll the page; thus ruling out the user’s argument that they never saw it.
Not all browsewrap agreements are unenforceable. If links to your [terms of Use] are conspicuously placed on your website so that they are easy to see and find, it’s possible your agreement will be upheld in courts.KJ Dearie
The fact that browse-wraps do not require the user to acknowledge them before using a website can however be a problem3. Asides from the lack of affirmative action, actual notice can be hard to prove. Clearly, providing evidence (i.e. record keeping
) that the user had actual knowledge of the terms is an (unsurmountable) hindrance. In that sense, it is not surprising that click-wraps are advocated as the favored method to ensure that your legal agreements are able to be upheld in the event of a legal dispute or if other issues arise
. Note, however, that click-wraps are not enforceable either if too simple
, that is without an obvious notification that the Terms of Service exist and use of the website confirms the user agrees to these terms
.
Click-wraps agreements are like gateways that stop the users from entering and using a site until they’ve acknowledged and/or accepted its terms and conditions.KJ Dearie
For e-commerce website, the easiest – and best4 – way to create a binding contract is probably to set a mandatory click-wrap during checkout so that the buyer cannot processed until he has ticked the box. A similar approach can be used for websites that require any form of registration; the click-wrap can be implemented during the sign-in. But what about websites that do not sell anything or do not have any registration?
You may be familiar with those sites that ‘welcome’ you with a pop-up window asking forcing you to agree to their terms if you want to access their content. Granted, the pop-up meets rules for conspicuous display – in an obstructive manner, though. Personally, I hate this approach and I will not force such detestable practice on my visitors.
An hybrid solution
Admittedly, the likelihood of a court enforcing a browse-wrap is tenuous. Nevertheless, according to a study conducted by pactsafe (an esignature & clickwrap management platform), when a user has actual notice of the agreement, courts tend to uphold browswrap agreements
5. In keeping with their study, they observed that if the user lacks actual notice of the terms, the validity of the terms then depends on whether the user had inquiry notice of the contract’s existence
. Now, they also stress that establishing such notice often requires more than just a simple implementation of a browserwrap agreement
. Of course, given their business (see above) they pray to the sky click-wraps as the perfect solution. However, click-wrap agreements are not practical for information only sites, like mines!
You should ask for confirmation of acceptance of the T&C at any point where a visitor provides registration or needs to take some action.Net Lawman
Given these premises, I decided to combine the browse-wrap approach with click-wrap notice whenever possible (e.g. on forms). I think that the link to my Terms of Use (in the footer) is sufficiently conspicuous and easily accessible. Still, to make sure that the users of my services (i.e. not just the visitors of my sites) have actual knowledge of these terms, I will indeed implement a click-wrap (reminder) to all my forms, including the comment form. Definitively, this should provide increased visibility.
To be continued…
1 In a document entitled Are Website Terms and Conditions Legally Binding?. ^
2 My non-expert opinion on that matter is two-fold. First, I would qualified the location of the link (to the Terms of Use) in the footer as specific placement
because this is a common practice in most, if not all, websites. Second, I believe the link not to be hidden from sight (i.e. buried) if the footer is not crowded with other information/links indeed. Thus, a reasonably prudent person
would be able to find it. Of course, lawsuits rule, not me! ^
3 While not a legal resource, here is what you could read in Wikipedia: [a browse-wrap agreement] may only be enforced if the browsing user assents to it
. Specifically, for assent to occur the browse-wrap agreement should be conspicuous, state that there is an agreement, and provide where it can be located
. ^
4 See Making your terms and conditions stick. ^
5 Gizelle Fletcher (2019) Are my browsewrap agreements enforceable? Pactafe. ^