Website Law

There are three fundamental requirements for the formation of a legally enforceable contract, and they are as applicable online as offline.

• First, the contracting parties must agree on the terms of the contract, through the issue and acceptance of a contractual offer.
• Second, they must intend to create a legally binding agreement.
• Third, the contract must be supported by consideration: an exchange of value.

This post is concerned with the first of these requirements, a familiar subject to all law students, and known simply as “offer and acceptance”.  It considers the online application of the traditional principles of offer and acceptance.

The basics are these.  An offer has been defined as an “expression of willingness to contract on specified terms, made with the intention that it is to become binding as soon as it is accepted by the person to whom it is addressed” (Treitel, The Law of Contract, 12th Edition, p9).  An offer must be sufficiently clear, certain and communicated to the offeree (the person to whom the offer is made). The acceptance from the offeree must be equally clear, unequivocal and in response to the offer.  And the acceptance must mirror the terms of the offer and be communicated to the offeror (the person making the offer).

Websites as advertisements

The general principle is that adverts or displays of products do not constitute an offer.  Instead, they are said to be “invitations to treat”.

An invitation to treat precedes an offer in the contract formation process; it is an invitation to make an offer.  By contrast, an offer is capable of binding the offeree if it is accepted.

Websites used to market products and services may be considered as analogous to offline advertisements.  Generally speaking, such websites will communicate an invitation to treat, not an offer.

Online ordering

Internet transactions typically require the completion of web order form by the customer followed at some point by the clicking of a “complete order” button or link.  Regulation 11 of the Electronic Commerce (EC Directive) Regulations 2002 requires online traders to acknowledge receipt of an order by electronic means. After the submission of an order, the customer will usually be taken automatically to a new web page confirming whether or not the order has been placed successfully.  A confirmation email may also be sent.

In the absence of any factors to the contrary, there is a risk that the contract may be formed once the confirmation page is displayed or the confirmation email is sent or received.

An online trader’s T&Cs of sale may distinguish a confirmation page or email from a contractual acceptance.  In these circumstances, the buyer’s order will typically be categorised as a contractual offer.  Accordingly, the trader will not be obliged to fulfil the order until after acceptance.

This approach recognises that an online trader’s stock will be limited, and also that a trader may wish to retain some discretion over the persons with whom he contracts.

The trader’s T&Cs should specify what acts will constitute the offer and the acceptance. For instance, in relation to the sale of goods, the T&Cs may specify that acceptance will only take place (and, consequently, a binding contract be formed) once the customer is notified that goods have been shipped.

However, a statement in the T&Cs may not be conclusive in all circumstances.

If the order process has been configured in such a way that a reasonable customer would consider that a contract of sale has been formed, then a statement to the contrary buried away in the T&Cs may not assist a seller trying to avoid a contract.

Manufacturer-suppliers need to take particular care here.  In some circumstances an “advertisement” from a supplier who is also a manufacturer may amount to an offer.  Accordingly, sellers who are also manufacturers should be particularly careful to make it clear on their websites and in their T&Cs that the “advertisement” of products is merely an invitation to treat.

An example: £2.99 televisions

In 1999 Argos accidentally advertised Sony televisions for sale on its website at £2.99 instead of £299.99.  Subsequently, orders were placed and confirmed by Argos at the £2.99 price. However, since a website is generally construed as an invitation to treat, no binding contract had arisen between Argos and customers whose orders had not been expressly accepted.

Incorporation of T&Cs into contract

To be effective, a website’s T&Cs of sale must be agreed by both parties and incorporated into the contract. The T&Cs should be available to the customer before the placing of an order.

The usual way to ensure that T&Cs are incorporated into an online contract is to prevent the submission of an online order form unless the customer has positively indicated acceptance of the T&Cs, for example by clicking on an ‘agree’ button.  T&Cs assented to in this way will usually bind the customer.

Less explicit forms of consent may sometimes be sufficient.  A statement proximate to an “order” button that the sale is subject to the online trader’s T&Cs, posted on another webpage and accessible through a hyperlink, may amount to sufficient notice.

T&Cs governing website use

The use of websites by casual visitors is (for usability reasons) not usually made subject to active acceptance of the website’s T&Cs.

Usually such T&Cs will provide that they are accepted by virtue of the visitor’s use of the website.

Whether they actually create a binding contract will depend upon the specific circumstances, but in many circumstances there will be no contract.  This does not mean that such T&Cs have no value: they may act as valid licences, and the disclaimers of liability they contain may still be enforceable.  Of course, to serve these function the T&Cs still must be brought to the attention of the users.

Conclusions

There is no difference of principle between the process of offer and acceptance online and the process offline.

The main practical points to take away from this post are these:

• traders should take care to ensure that they are not prematurely bound by contract;
• to avoid being prematurely bound, traders should specify the acts that constitute the offer and acceptance in their T&Cs, and ensure that those T&Cs are properly brought to the attention of users and accepted by customers;
• traders should also ensure that the structure of their checkout process (usually dictated by shopping cart software) and statements on their websites generally do not imply that a contract is formed before time; and
• where particular caution is needed (e.g. because a seller is also a manufacturer) then a clear an unambiguous statement that the advertisement of products on the website does not constitute a contractual offer should be included on the website.

English law can be unfair.  In 1962, Peter Beswick agreed to hand over his business to his nephew, John.  In exchange, John contracted to pay a sum of money to Peter each week and, after his death, to Peter’s widow.  After Peter died, John decided not to pay.

He almost succeeded.  Peter’s widow could not sue under the contract herself as she was not a party to it — but she was administering Peter’s estate, and was able to enforce it on his behalf.

This is an example of the rule of privity of contract: just as only the parties to a contract can acquire legal obligations under that contract, they are also as a general rule the only parties which acquire any legal rights under it.  A third party, like Peter’s widow, cannot enforce a contract where they suffer a loss as a result of its breach.

The Contracts (Rights of Third Parties) Act 1999 (CRTPA) creates an exception which mitigates the harshness of this rule.  Where a contract confers a benefit on a third party, that party may acquire the right to sue.

It is important for businesses to be aware of CRTPA since it can give rise to sometimes unexpected legal risks, and can even prevent the rescission or alteration of a contract without the consent of persons who are not parties to the contract.

When does CRTPA apply?

CRTPA applies to most contracts, but some exceptions are stated in Section 6.  These include employment contracts and most contracts for the carriage of goods.

If a contract is not exempted under Section 6, then under Section 1 a person who is not a party to a contract may in his own right enforce a term of the contract if:

(a) the contract expressly provides that he may, or

(b) the term purports to confer a benefit on that person, unless the contract indicates in some way that that party was not intended to be able to enforce it.

Accordingly, unless it is intended that third parties should be able to enforce a contractual term, it is generally advisable to state explicitly in the contract that they cannot.

Under Section 1(3), the third party does not have to be explicitly named in the contract provided that they are identified as a member of a class or by means of a description.

As an example, if a contract between a wholesaler and a retailer explicitly referred to consumers, then any consumer whom the contract purported to benefit could potentially sue under it, unless of course their right to do so is excluded.

What are the effects of third parties’ rights?

Where a third party has rights under a contract as a result of CRTPA, under Section 1(5) they can take full advantage of all the legal remedies for any breach of contract that would be available to a party to that contract.

This means that they will be able to claim monetary compensation for any loss they suffer as a result of the breach.  In some circumstances they may even be able to secure an injunction or specific performance.  (An order for specific performance will require a party to fulfil their contractual obligations.)

It may also make it difficult to rescind such a contract or vary it in such a way as to extinguish or alter the third party’s rights.  Under Section 2(1), there are three circumstances in which such variation or rescission will require the consent of an affected third party:

(a) Where the third party has communicated his assent to the party which contracted to provide the benefit.

(b) Where the party which contracted to provide the benefit knows the third party has relied on the relevant term.

(c) Where the third party has in fact relied on the relevant term and the party which contracted to provide the benefit can reasonably be expected to have foreseen that they would do so.

Are there any restrictions to liability to third parties?

Under Section 3, parties to the contract can rely on all the usual defences to a claim for breach of contract.  So they can argue, for instance, that their liability should be limited because the third party has failed to limit their loss or has been contributorily negligent.

To prevent double recovery, Section 5 stops a party to the contract and a third party from both recovering the full amount for the same loss.

Practical consequences

When entering into a contract, it is prudent to consider whether the contract purports to confer benefits on any third parties which are named or identified as members of a class or by description in the contract.  If so, you should consider whether they may be able to enforce the terms and, if you do not want them to be able to do so, you should expressly state that they cannot.

Non-disclosure agreements (NDA) impose obligations to refrain from disclosing  information, take measures to protect the confidentiality of information and/or use information only for a specified purpose or purposes.

In this post, I look at the issues surrounding the use of NDAs in the IT industry, and consider some of the the typical situations in which they may be used.

Law of confidence

Obligations of confidentiality can arise under the law of confidence even where there is no contract.  However, as the Law Commission has recognised, the law of confidence is entirely judge-made, and breach of confidence litigation is an uncertain and unreliable way to protect business secrets (Law Commission Report No. 110 (1981)). In part for this reason, businesses shouldn’t rely upon the law of confidence alone, and should consider the use of an NDA, whenever they are disclosing confidential business information to others.

Confidentiality is a particularly important form of asset protection in the computer industry, where any technology-based competitive edge will not last long.

Confidentiality and intellectual property

The law concerning the protection of confidential information is closely related to  intellectual property law.  There are many uncertainties and gaps in the protection that intellectual property law affords to processes, techniques, ideas, and information in the IT industry – for instance, computer programs are not generally patentable in the EU.  The use of NDAs to create non disclosure obligations can be used to supplement intellectual property laws, and thereby to clarify some of the uncertainties and fill some of the gaps.

NDAs: drafting issues

Before considering the specific situations in which NDAs may be used, I will look at several of the key drafting issues affecting NDAs: the difference between unilateral and reciprocal agreements, ways of defining confidential information, the question of who is bound by an NDA, the duration of obligations and the impact of data protection law.

When to contract

As a general rule, it is better to sign an NDA before confidential information is disclosed, rather than after.  That said, an appropriately drafted NDA may protect information that was disclosed before execution.

Unilateral or reciprocal?

A reciprocal (sometimes called a mutual or two-way) agreement puts non-disclosure obligations on both parties and is appropriate when both sides are revealing sensitive information.  Where only one party is disclosing sensitive information, a unilateral (also called a one-way) agreement will be appropriate.

Defining confidential information

It is important to carefully consider the definition of confidential information in an NDA.  You need to ensure that the relevant information is covered, and that irrelevant information is excluded.  You should consider whether information provided orally should be included within the definition.

Whilst information needn’t be “top secret” to be protectable, and NDAs can protect information that wouldn’t be given protection by the law of confidence, a non-disclosure obligation may still be unenforceable on public policy grounds if the definition of confidential information is too wide – for example if it relates to trivial information.

Looking at this question from the other side of the fence, if you are going to be subject to confidentiality obligations under an NDA, you should take care to ensure that those obligations do not overly hinder your business activities.  This is especially important if the non disclosure obligations continue for a long period or indefinitely (see below).

Who is bound?

An NDA should identify the persons to whom information may be disclosed and, if not signed by all of those persons, should identify the means by which further onward disclosure will be prevented.  For example, the primary disclosee may be obliged to ensure that all persons to whom the information is disclosed enter into NDAs with the primary disclosee on specified terms that are enforceable by the disclosor as a third party beneficiary.

Duration of obligations

Confidentiality obligations under an NDA may be of a fixed or indefinite duration.  Businesses need to be especially careful when agreeing to be bound for an indefinite period.

Data protection

Information disclosed under and NDA may include personal data, and such personal data may be subject to data protection law.  Typically in these circumstances, the disclosor will be a “data controller” under the Data Protection Act 1998 while the disclosee will be a “data processor”.  A data processing clause may be used within the NDA to ensure information is not disclosed illegally.

NDAs: where are they used

I consider here four situations in which NDAs are very commonly used in the IT industry: when a new business opportunity is being negotiated; when a business is outsourcing software or web development work; when a developer is sub-contracting work to bring in additional resources or expertise; and when an employee is taken on.

New businesses

The process of negotiating a new business proposition (whether taking the form of a joint venture, a company, a partnership or otherwise) will almost inevitably involve the disclosure of sensitive information, such as financial figures, client lists, business ideas and technical process information.  It is usually sensible to protect the information disclosed during negotiations using a reciprocal NDA.

Software and web development

Much web and software development is outsourced to developers.  For some types of work, clients will want to impose non disclosure obligations upon the developers.  For example, where a the project is based upon a new technology, a new business concept, or a confidential business relationship, and NDA will be of considerable importance.

Sub-contracting

Design and development work may be sub-contracted by a developer to freelancers, whether to access additional resources or expertise.  In this situation, the developer will want to ensure that first, the sub-contracting of the work won’t involve the breach of any non disclosure obligations imposed on the developer by the client, and second, that appropriate non disclosure obligations are imposed upon the the persons to whom the work is sub-contracted.  Typically, the obligations imposed by the developer upon the sub-contractor will be as strong or stronger than those imposed by the client on the developer.

Employees

Employees may have access to at least some of the confidential information of a business. Non disclosure obligations, in a form approved by an employment lawyer, should always be imposed upon such employees.

Conclusions: one tool amongst many

NDAs are an important part of any business’s legal toolkit.  However, they are no use in relation to the disclosure of  sensitive information by those who have not signed-up to their terms.

NDAs should supplement practical information security measures (which are mostly just common sense).  For instance: restrict access to confidential information on a need-to-know basis; where possible, only provide object code to customers; larger organisations should institute an information security policy – one that includes regular reviews; lock doors, windows and filing cabinets; and so on.

The practices and processes of many businesses in relation to information security are less than ideal.  NDAs often contain a provision requiring that the disclosee protect the confidential information of the disclosor “with the same degree of care that the disclosee takes to protect its own confidential information”.  For some businesses, this is not a very high standard to meet!