Privacy Policies Can Be Held Against You Too

Commentary: As Mr. Horn previously discussed in his post, Ebay Liable for Breach of Contract Based on Violation of Terms and Conditions, the Missing Link case underscored the need to take caution in preparing website terms and conditions. There, eBay was held liable for failing to comply with its own terms and conditions. As Mr. Horn explained, this case emphasizes the importance of drafting terms and conditions that are directly applicable to the website and with which the company can comply. However, equally important is that the company is prepared and able to comply with the edicts of its privacy policy.

Privacy policies are critical documents for an e-commerce company. They generally outline what information is being collected by a company and how that information will be utilized. They are required in certain instances and by certain state laws. Moreover, the Federal Trade Commission (FTC) has offered precise guidelines with regard to the implementation of a privacy policy.

Notably, the FTC does not generally compel a company to adopt a privacy policy on its website. A significant number of cases brought by the FTC relating to website privacy policies not only concern the failure to have a policy, but also relate to enforcement actions against companies who fail to adhere to posted privacy policies they do have. In essence, while it is advisable to post a privacy policy, to do so and not adhere to it would be worse than not posting it at all. For example, in one of the landmark decisions in this area, the FTC brought suit against GeoCities, Inc., based on inconsistencies between its privacy practices and its stated policies. A settlement agreement was reached which required GeoCities to change its data collection policies and adopt a new privacy policy to protect consumer rights. In re GeoCities. Notably, this case is also beneficial because the settlement that was reached is instructive of the types of practices the FTC deems appropriate with regard to privacy policies and provides suggestions on implementation (i.e., where the notice should be placed on the website).

Again, this underscores the importance of making sure that the privacy policy, and all of a website’s legal disclaimers, are appropriate for its business. It is critical that the company take time to develop and precisely customize website terms and conditions and privacy policies. These documents need to suit the business’s needs, obtain the rights it needs against customers and website users, but also establish corporate standards that are reasonable and with which the company can easily comply.

Comments/Questions: ljm@gdnlaw.com

© 2008 Nissenbaum Law Group, LLC