By Deborah Shinbein
Deborah Howitt Shinbein, LLC
6. User-Generated Content. When a site enables users to post comments, photos, or other content on the site, it is possible that the user will post something violating a third party’s copyright, publicity or privacy rights, or content that is defamatory (a false statement of fact about a third party tending to harm that party’s reputation). Fortunately, if a site is merely a platform enabling users to post content (without giving specific instructions to post something defamatory, infringing, etc.), certain “safe harbors” may protect the site from liability. The Digital Millennium Copyright Act (“DMCA”) protects service providers from liability for infringing third party content posted on the site, as long as the site follows the procedures described here, including:
- Register a designated agent to receive infringement notifications, using the form at the link above;
- If you receive a DMCA “take down notice,” remove the infringing content promptly and follow applicable notification requirements; and
- Follow other requirements of the DMCA such as terminating repeat infringers.
For liability related to defamation, privacy/publicity, and other matters, Section 230 of the Communications Decency Act may provide immunity from liability as long as the site did not specifically request the posting of defamatory or illegal content. Be sure your site’s policies and features are set up to take advantages of these important safe harbors.
7. Domain Names. Choosing a domain name can be tricky because the same domain registry is used by businesses in all industries. This is different than trademark registration, as the United States Patent and Trademark Office prevents entities from registering confusingly similar marks for similar goods or services. When choosing a domain name, you should do a search on the USPTO site and via search engines, to see if the domain name may potentially conflict with a third party’s trademark or domain name. You may want to consider adding another word to the domain name to differentiate it from other domains in order to avoid potential conflicts or liability. If a third party has registered a domain in a bad faith attempt to divert another site’s traffic, the injured party can bring a proceeding under the Uniform Domain-Name Dispute Resolution Policy (“UDRP”). The party bringing the UDRP action typically must prove that the domain name was registered in bad faith with knowledge that it could cause confusion with the complainant’s mark. The UDRP is faster and less expensive than litigation, and the victor will receive the domain name registration, but monetary damages are not awarded.
8. International Users. If your site attracts users from other countries, you should be mindful of the different laws applicable to users in those countries. Sites collecting and/or transferring personal information from international users must comply with data privacy laws and regulations, which may vary depending on the country from which the user/data originates and how the data is collected and used. Laws regarding contract formation and financial transactions vary among countries as well. You may attempt to structure your site and its terms/policies to ensure that international users are agreeing to be governed by U.S. laws, but other steps may still need to be implemented depending on the nature of the site, particularly with regard to data collection and transfers.
9. Data Security. Security breaches can cause public relations disasters, in addition to loss of donors and volunteers if your organization is viewed as untrustworthy. Your site should take industry standard security precautions as necessary based on the nature of the data collected and other functionality on your site. For example, sites collecting online donations via credit card will obviously need more substantial security than a site merely offering information on the entity. Depending on your site and the nature of your business, you may need to consider the use of firewalls, data encryption, Payment Card Industry Data Security Standards (if you collect payments via credit cards), and other available security measures. In addition, you will need to ensure compliance with differing state laws regarding encryption of personal data and security breach notification. Your site may also be subject to industry-specific data security requirements, which can also vary depending on the nature of data collected, so be sure this complex area of law is evaluated based on your entity’s unique circumstances.
This concludes our current “top 10” list. However, there are numerous other potential traps, which can vary depending on the nature of the site and its products or services. Be sure to consult an attorney and update your site’s terms, policies, and practices as needed based on changes to your site and practices over time. In addition, this area of law tends to evolve rapidly, so you should have your site reviewed every few years to evaluate necessary revisions.
Deborah Shinbein has been helping clients with Internet, technology and media law matters for over 15 years. She held legal positions at The Walt Disney Company and Examiner.com, as well as at major law firms, before recently forming her own Denver, CO based law firm. She has no affiliation with Leaffer Law Group LLC. Feel free to send questions to firstname.lastname@example.org or visit www.debshinbein.com.