Are Your Website Policies Clear & Conspicuous?

James Chiodo, Certified Information Privacy Professional CIPP/US

With the new FTC and California State Laws beginning to be enforced as of January 1st, 2014, the term “Clear and Conspicuous” obviously needs to be understood by website and blog owners to comply with both old and new laws.

With the few exceptions, there is no law that requires all capitals and/or bold, for a disclaimer, disclosure or privacy policy. However, there is a collection of cases, FTC regulations, U.C.C. rules and California State laws that cause lawyers to advise their clients to use all caps and specific fonts.

Basically, each time an attorney gives advice to the client, that attorney is somewhere in his mind worried about being sued for malpractice. For that reason, most attorneys are risk-adverse and will, when unsure, go with the safest answer.

As to the current state of the law, the following applies to almost all Federal and State laws concerning disclaimers, disclosures and privacy policies. That wording is “clear and conspicuous,” without defining exactly what that is. However, the general definition given by most federal and state regulatory agencies is that the language in the body of a form is “conspicuous” if it is in larger or other contrasting type or color.” At a minimum, it should be at least the same size font as the surrounding text.

Click Here to see California Business and Professions Code 225575 requirements for posting website privacy policies. These requirements apply to most website owners no matter what state they live in.

Going back to the obvious question at hand, must you bold and cap the language to be “clear and conspicuous”?  No. But it is a good idea. Now if your lawyer has been practicing for some time, he is probably thinking of how things were prior to American General Finance, v. Bassett, 285 F.3d 882 (9th Cir., 2002). Note that this is a 9th cir. case which covers California and all its quirkiness.

The Court said it better than I could: Lawyers who think their caps lock keys are instant make conspicuous buttons are deluded.”

They went on to say, “In determining whether a term is conspicuous, we look at more than formatting. A term that appears in capitals can still be inconspicuous if it is hidden on the back of a contract in small type. See, e.g., Sierra Diesel, 890 F.2d at 114. Terms that are in capitals but also appear in hard-to-read type may flunk the conspicuousness test. See, e.g., id.; Lupa v. Jocks, 131 Misc.2d 536, 500 N.Y.S.2d 962, 965 (N.Y.City Ct.1986).

A sentence in capitals, buried deep within a long paragraph in capitals will probably not be deemed conspicuous. Formatting does matter, but conspicuousness ultimately turns on the likelihood that a reasonable person would actually see a term in an agreement. Thus, it is entirely possible for text to be conspicuous without being in capitals” (The bold and underlining is mine).

So all of the above can be distilled down to this: Certain key provisions, such as disclaimers and privacy policies must be clear and conspicuous, (as do warranties and liquidated damage’s clauses). One way to do that is to make it all caps and in certain fonts, but that isn’t always necessary.

Conversely, if the contract or policy drafter is hoping to pull one over on the signer or website customer, then even doing it in flashing neon is not going to cover you, because the courts have unanimously indicated that they will not enforce unconscionable or overly onerous terms.

If you are “trying to pull a fast one” on someone, the courts won’t help you. However, if you are trying to make a sound business decision or disclosure that allows you to identify your risk and adequately protect against it, through an open exchange of agreement and consent with the other party, it will most likely be okay.

Let’s examine the word “disclaimer” itself. We all know what to “claim” something is; without pulling out Webster’s, to claim something means to take responsibility for. And dis is simply the disjunctive form of it, as in not to claim, or not to take responsibility for. In a nutshell, a disclaimer does exactly that, it transfers the responsibility for something from one party to another: it is someone saying, “hey you; this is not going to be my problem; it is going to be yours.”

In analyzing disclaimers, there are two fundamental rules:

1) Disclaimers have to be clear and conspicuous, because,

2) They do something really significant – transfer responsibility
from one party to the other.

As shown in the Bassett case above, a website operator should not attempt to use disclaimers to try to sneak something past a visitor. For example, advertising a site as a free dating website, that requires credit card numbers only to verify age, and then on the disclaimer stating that the website visitor agrees to sign up for free credit score monitoring, will not fly.

But, if that same website operator wants to ensure that it does not get sued by someone who gets raped by someone they met through the dating site, that is perfectly acceptable and fair use of disclaimers. In practice, that would look like a disclaimer stating the website operator does not run background checks, and the visitor should make their own assessment of risk from any dating candidates, etc.

Let’s look at the dating website example above. By sneaking in a fee, the website operator is using the disclaimer portion of the agreement not to transfer risk, but instead as a CYA (Cover Your A#@) for doing something sneaky-not proper disclaimer usage. Conversely, in the example of the person being raped, the disclaimer took a foreseeable event and transferred the risk from the website operator to the website user.

Foreseeability simply means: is this something that is contemplated by the disclaimer? A disclaimer stating that “you won’t sue us if you get hurt by using our dating site” does not protect the website operator if his site is hacked and the visitors’ credit card numbers are compromised. Why? Because that transfer of risk was not contemplated by the disclaimer. It certainly could have been foreseeable, but unless the disclaimer was drafted such that it was identified and then disclaimed, the website operator would be in a world of difficulties.

Of course, that leads to the next natural question that any website operator should be asking: why not just have a disclaimer that disclaims all responsibility for anything ever.

Well, that has been tried. In fact, a number of jurisdictions have tackled the issue of online “throw in everything” disclaimers (disavowing of any responsibility for even gross negligence) and not a single one has been found to be valid.

Instead, website operators should look for a carefully crafted and properly researched disclaimer that protects the website operator against reasonably foreseeable risks and still remains enforceable.

This approach was taken in Virginia Legal Ethics Opinion 1842 (Sept. 30, 2008), which states that one way to avoid an inference that information submitted to a website will be kept confidential is to include a disclaimer on the website warning against disclosure of confidential or sensitive information and also warning the site has no duty to maintain the confidentiality of any submitted information.

“It would be prudent to avoid any misunderstanding,” states the ethics committee, “by warning visitors that information provided is general and should not be relied on as legal advice, and by explaining that legal advice cannot be given without full consideration of all relevant information relating to the visitor’s individual situation.”

The language in a potential disclaimer must be chosen with the utmost care.  It should accomplish the goal of avoiding misunderstandings of who bears the risk, and encompass as many potential contingencies as possible.

Website operators are playing Russian roulette when receiving visitors on their websites without the appropriate disclaimer(s). Disclaimers that are worded correctly will encompass as many contingencies as possible, so as to be interpreted in favor of the website operator.

This is not something that should be overlooked in taking a website “live,” nor should it be drafted by an individual without proper expertise in the area of disclaimers, specifically disclaimers for websites or blogs.


New California & Nevada Privacy Laws Affect Website and Mobile App Owners ➞ Read More