Website Law

When should a business seek to insure the risks that may arise out of the ownership of a website? There is no simple answer, but in general terms a good insurance policy is a good way of managing the risks of any business venture.

Creating a website is relatively simple; however the legal exposures that come with a website are anything but simple. The fundamental issue is this: both the content and the functionality of a website can expose a business to legal claims by third parties, and the list of potential exposures is emerging, developing and potentially complex.

For instance, an error in the information on a website could lead to claim in negligence, copied text or images could lead to a copyright infringement claim, and ecommerce functionality could lead to liability under sale of goods or consumer protection legislation.

One way that businesses protect themselves against legal claims is using professional indemnity insurance (PII). Indeed, in some industries PII is mandatory. Of course, having a PII policy doesn’t mean a business lacks confidence in the quality of its services! Any business can be vulnerable to a claim of negligence when professional advice or services fail to meet a client’s expectations.

Insurance policies exist that are marketed as ‘cyber liability’ or ‘internet liability’ insurance and that specifically cover the risks associated with website and internet selling. In many cases these are, in fact, simply specialised PII policies. They will not usually cover the offline side of the business, and if you are considering such a policy, you should check that you are not paying an excessive premium given the narrower cover.

Notwithstanding the existence of specialised cyber-liability policies, most standard PII policies will cover some of the risks associated with running a website. There are a wide variety of PII policies available that may be suitable for a web entrepreneurs or SME venturing into cyberspace. So, if you have a PII policy, you may already benefit from some cyber-coverage.

When taking out a PII policy, the two main questions you have to ask yourself are these: what risks do you want to protect against? and what level of financial coverage is required?

To answer the first question, you will need to catalogue and assess all the legal risks associated with your particular website. For example, a business that provides advice will want to make sure that its insurance policy protects it against negligent misstatement. A website owner whose users are allowed to publish content on the website should ensure that his or her policy covers, in an appropriate way, claims in defamation and for the infringement of intellectual property rights.

Generally, a more complex website will give rise to more risks, and the coverage of more risks will increase the cost of the policy. Premiums may be higher for websites publishing user content. Another factor affecting policy cost is the age of the technology or business model: coverage for newer technologies and business models may entail higher premiums because risks may be harder to assess.

There are some other types of cover that a company may consider in obtaining in addition to professional indemnity cover:

• Legal expenses – This would cover the legal costs for any claim that arises against the insured. This may include the costs of defending any claims brought by dissatisfied customers or by regulatory authorities (e.g. claims by HMRC for discrepancies in the insured’s tax returns).

• E-risks – This would specifically protect the insured against any damage caused by hackers or viruses. This kind of policy might provide coverage where an email list is stolen and used by another person, or where a virus affects the insured’s website and stops the insured providing the services that are normally available on the website.

One of the good things about the insurance industry is that there is no shortage of providers. Consequently, good deals are available for those willing to invest the time and effort in finding the right policy. A web search for “professional indemnity insurance” will find dozens of providers in moments.

A good insurance provider will be able to advise how you can lower your exposure – and potentially lower your premium. For instance, using professionally-drafted legal documents or having lawyers review your website systems may help.

Standard policies can be purchased over the internet without the need to use a broker. Where you need non-standard cover, however, you should speak directly to a broker.

I’m often asked whether a lawyer is needed for a particular contract job, or whether a template document would be adequate.

It can be a frustratingly difficult question to answer.

In seeking out legal services, small businesses usually want reassurance that they are “covered” for legal risks, but aren’t necessarily interested in learning about the exact nature of those risks. However, all business involves risk, and no contract is perfect. The real question is whether the risks are acceptable. But if a business owner or manager isn’t interested in learning about the risks, how are they going to make that assessment?

Sure, template legal documents can help reduce legal risks and aid legal compliance. All else being equal, if you are entering into a contract you will be much better off using a well-drafted template than starting from scratch, or patching something together from documents found on the internet (this may constitute copyright infringement). However, a template adapted by a non-professional will rarely be the optimal way of managing legal risk or ensuring compliance. The fact is that no legal template supplier can ever advise a customer that a template is an optimal solution.

A template is a tool, or set of tools, nothing more and nothing less. Asking a supplier of template legal documents whether a particular template is adequate for a particular job is rather like asking a shopkeeper selling plumbers’ tools whether a particular set of tools will enable you to install a new plumbing system. The tools may well be designed for exactly that sort of job, but some of the tools may be superfluous, and additional tools may be needed. Even if you have all the right tools, that’s no guarantee that you are going to do a good – or even adequate – job. The outcome depends as much, if not more, on the skills of the person doing the work than upon the quality of the tools. If I installed a new plumbing system at home, you can be sure there would be leaks aplenty, even if I used the best tools in the world.

The one big advantage of using templates is cost: templates are a lot less expensive than lawyers, and with good reason. When you buy a template you buy an electronic file that can be resold many times. When you instruct a lawyer you are buying someone’s time – hopefully someone who has spent years acquiring relevant expertise. Even an inexpensive commercial lawyer will charge £120 to £150 per hour; an expensive one may have an hourly rate in excess of £500. The costs of instructing a lawyer to draw up a commercial contract will vary dramatically, depending primarily upon the complexity and scope of the job and the efficiency of the lawyer, as well as the the lawyer’s standard rate. For instance, a software licence agreement might cost anywhere between £750 and £15,000. A template software licence agreement would usually sell for less than £100.

With a good lawyer, you can be reassured that a contract properly reflects the business/transaction, that main legal risks relating to the contract have been identified and where practicable dealt with or mitigated, and that regulatory compliance issues have been dealt with. You also save yourself the task of adapting a template (although you will need to spend time giving the lawyer instructions, and checking the documentation produced to ensure it meets your commercial needs).

Of course, templates and lawyers aren’t binary opposites. If you instruct a lawyer, 99 out of a 100 times the lawyer will use a template or precedent as a starting point for their work. So, in one sense, you are always buying a template, and the question is not whether a template is adequate, but whether paying for the services of a lawyer is commercially justifiable. If it is, you should.

I’ve just finished working on a new template terms and conditions of use document for marketplace-type websites. This process has not been as straightforward as it should have been. Both the Ecommerce Regulations and the Distance Selling Regulations are poor fit for this kind of website, because of the range of different contractual relationships that this kind of website can give rise to.

When considering this kind of site, we need to distinguish between:

• the website operator
• buyers
• sellers
• casual users

The website operator has distinct legal relationships with buyers, sellers and other users. In addition, each time a sale occurs, a buyer will contract with a seller. Usually, the website operator will not be a party to contracts of sale entered into via the website by buyers and sellers.

Clearly, the Distance Selling Regulations will apply to sales by a seller acting in the course of a business to buyer who is a consumer. Website operators may want to assist sellers in complying with the Distance Selling Regulations in this respect, perhaps by supplying terms and conditions of sale that the seller can use. However, operators will want to avoid any responsibility for sellers’ legal compliance, and may therefore want to refrain from offering this kind of help, notwithstanding that that may lead to a lower level of legal compliance.

What is uncertain is whether the Distance Selling Regulations will apply to the operator-seller relationship in the situation where the seller is not acting in the course of a business. Can a seller be a consumer? The common sense definitions of these words would suggest not, but the legal definition of “consumer” has proven flexible in the past. A cautious website operator may want to either prohibit consumers from becoming sellers, in order to avoid this problem, or alternatively ensure that all the contract provisions that will apply between the operator and sellers are consumer law-compliant.

Another issue concerns the application of the Distance Selling Regulations to the operator-buyer relationship, and the point at which they might apply. The definition of “distance contract” in the regulations suggests that they apply from the point of registration in respect of the contract with the operator (as well as at the point of sale in relation to the contract with the seller) but many of the provisions in the Regulations (notably those concerned with the “cooling off” period specified by the Regulations) only make sense in respect of contracts where the consumer is paying money to the supplier.

Turning to the Ecommerce Regulations, it is clear that the provision of the website services by the website operator to both sellers and buyers in relation to sales made via the website will be “Information Society Services” within the meaning of the Ecommerce Regulations. Again, what is less clear is at what point the procedural obligations under the Ecommerce Regulations become operable – at the point of registration, at the point of purchase of a product listing (where relevant), at the point of sale, or at multiple points?

Another question is this: can a seller be considered to be a supplier of “Information Society Services” within the meaning of the Regulations?

So as to avoid clogging up the template with repetitive procedural requirements, I made a number of assumptions in the drafting of the template: (i) that the Distance Selling Regulations will not apply to the operator-buyer relationship (because the buyer is not paying the operator except to the extent that the operator is acting as a payment processor on behalf of the seller); (ii) that sellers will never be treated as consumers (arguably, selling is the very antithesis of consuming); (iii) that sellers will not be considered to be suppliers of “Information Society Services” (because it is the operator providing those services); and (iv) that the operator’s obligations vis-à-vis both the seller and the buyer under the Ecommerce Regulations apply at the point of registration. Of course, this approach may not the right approach for any given website.

You can see the fruits of this labour on Website Contracts.