Website Legal Requirements: 10 Rules to Ensure Compliance
By Frank Olivo and Laura J. Neville, web designers, it’s important for us to have as much knowledge of the legal requirements of the websites we build as we can. As one of the main channels through which organizations communicate with the general public, there are many legal requirements for websites — many of which you are likely, not aware this is not a comprehensive overview of every legal requirement for websites in every industry, this article will go over many of the main points any web developer should know about the legal requirements for websites.
Legal Requirements for Websites
1 Consent Notices
2. Privacy Policies and Data Storage Disclosure
3. Plagiarism and Copyright Laws
4. HTTPS for Ecommerce
5. Terms & Conditions
9. The Americans with Disabilities Act (ADA)
10. Website ADA-Compliance
Industry Specific Website Legal Requirements (USA)
ABA Requirements For Attorney Websites
HIPAA Requirements For Healthcare Websites
Requirements for Contractor Websites
Requirements for Financial Advisor Websites
A Final Note: Avoid Getting Sued
Why Do Web Designers Need to Know Website Legal Requirements?
It’s only natural that given the amount of technical, design, and marketing knowledge that goes into learning web design, you may consider it burdensome to have to know the legal requirements of the websites for your clients when building their websites, but it is an extremely important aspect of running a web design business. A misstep in the design of the website you build could land both you and your client in legal trouble. Trust me, you don’t ever want to get that addition to ensuring that the website you build doesn’t expose your client to any legal liabilities, being able to clearly and effectively communicate that you are aware of the legal requirements of the website you are proposing to build can serve as a point of differentiation for your web design business. Odds are when you submit your website proposal, there will be other web designers under consideration as well. Positioning yourself as the one who can help ensure the website will comply with legal requirements may be a factor in you getting the contract.
1. Cookie Consent Notices
The original content of a website is inherently copyrighted, whether the owner/creator registers it or not. Plagiarism is the unauthorized and/or unattributed use of someone else’s original your client provides you with content for their website, ensure that it does not infringe upon the copyright of another website. This includes web copy that your client may have copied from another website, as well as images downloaded from Google Image cluding infringing content on a website could result in a DMCA request, which would remove it from the search results, and possibly, the server it’s on. It could even result in a lawsuit.
If you are creating an ecommerce site, it is essential to employ HTTPS (Hyper-Text Transfer Protocol Secure). HTTPS is the secure version of HTTP, which is the system used to send information between a user’s web browser and a website.
An e-commerce website not using HTTPS could expose the credit card information of anyone attempting to make a purchase on the website, potentially exposing the customer to identity theft and maybe land your client in court.
A savvy client may ask, do I need a disclaimer on my website? And you will have the is some overlap between disclaimers and terms and conditions. Disclaimers can be part of the terms and conditions and should expressly disclaim any type of legal liability the site owner might experience by the use of their site. Accordingly, disclaimers will vary according to what type of site it is. Among other things, disclaimers can:Provide that users cannot use your original content without your permission;Disclaim expertise and responsibility for actions users take based on the site’s content;Provide that the site owner’s opinions are solely their own;Provide that the site content is informational only and not professional advice;Disclaim liability for third party and advertiser content on a site.
Under GDPR, websites in the EU and drawing traffic from EU citizens must ensure that personal data is gathered and stored legally and under strict conditions. Sites are required to protect that data from misuse and exploitation and must notify users of any data breach. Sites also must respect the privacy rights of data owners. There are hefty financial penalties for failing in any of these obligations. Under the GDPR sites must:Provide users with a way to give consent and to withdraw consent to the collection and use of their data;Notify users of a data breach within 72 hours of discovery of the breach;Give users a way to access the information being collected, stored, and processed;Restrict data collection and processing to only the data that is absolutely necessary for the completion of its business;Limit access to the data to only those employees needing the information to complete the process consented to by the user;Appoint a Data Protection Officer (DPO) to oversee GDPR compliance (required for any enterprise having more than 250 employees and any enterprise processing the personal data of over 5, 000 users in any 12-month period).
The Americans with Disabilities Act (ADA) is a U. S. law that prohibits discrimination based on also requires that websites be accessible to everyone, including those with disabilities. This means that the content on your website must be accessible to all, including those with hearing or visual website belonging to a business with at least 15 employees that is open more than 20 weeks a year is required to comply with the ADA.
Notable ADA Lawsuits Involving Websites
There have been several notable lawsuits filed against businesses with websites that were not ADA-compliant. Among them are:Domino’s Pizza – website inaccessible to the blindBeyoncé – website was missing alt text, among other issuesNike – missing alt text, contrast issues, empty linksAnd the list goes on… There are law firms whose entire practice centers on filing these lawsuits. In 2019, there were 2, 256 ADA website-accessibility lawsuits filed in the U. you build a website for a client that is required to be ADA-compliant, make sure they know that and that you include that in your scope of work.
Website Legal Requirements by Industry
My web design agency has only done websites for companies in the U. S., which has allowed us the opportunity to gain knowledge of the specific legal requirements for websites in a variety of industries—in the United States. Regrettably, we haven’t built any websites outside of the U. S., so we haven’t acquired any experience with industry-specific legal requirements in other countries that we can share with spite this, the following section should still be helpful in getting you asking the right questions about the legal requirements of a company’s website in specific industries where you operate. If you are a web designer in the U. S., I’m sure the following sections will outline some legal requirements you may not be aware are a few examples of the types of industry-specific legal requirements of websites.
ABA Requirements For Attorney Websites
U. attorneys are held to strict ethics rules when advertising both online and offline, and those rules apply to their websites. The ABA Rules of Professional Conduct 7. 1 – 7. 3 regulate what attorneys can and cannot say on their websites (and just as a sidenote, web designers and SEOs run afoul of these rules frequently without even knowing it) you’re interested, we have an in-depth article about attorney ethics and websites, but here are the important points you should know:An attorney website cannot say they specialize in or are experts in an area of law unless they hold such accreditation from a regulated body. In other words, an attorney website can’t say they specialize in car accidents or that they are expert divorce lawyers unless they hold their state court’s recognition of this. You cannot say anything that can be seen as misrepresentation. There are many ways this can occur, but here are some of the most common offenses:Passing off stock images of models in suits as attorneysMaking promises about legal outcomes i. e. “we will get you paid! ”Making unsubstantiated claims such as “Top Attorney in X City”Implying that you’ll get the same legal outcomes for a website visitor that you’ve gotten in the pastYou need an airtight disclaimer stating that any communications through the website don’t establish an attorney-client relationship. It also needs to state that the blog isn’t giving legal advice and that any past settlements do not make any claims about the likelihood of getting similar outcomes for the visitor’s is not a comprehensive list of all of the requirements of an attorney website, but they do outline the most common mistakes web designers and copywriters make when building websites for law firms.
If you build a website for any healthcare provider in the U. S., be careful about the way it collects patient health information (PHI), the Health Insurance Portability and Accountability Act of 1996, regulates the collection and sharing of patient health information. A web developer’s mistake or a hack could potentially expose PHI, exposing the healthcare provider to massive fines and a potentially devastating public relations nightmare.
The Most Common Culprit Is the Contact Form or Booking System.
The most likely scenario would be if a patient were to share anything about their health history in a contact form or booking system and that information were to become exposed through a hack. In such a case, this would be not very different than if a doctor were to leave your health files on a, if you build a WordPress website for a healthcare provider in the U. S., make sure the contact form and booking systems are HIPAA-compliant. At Sagapixel we use this service for our healthcare website contact forms, but there are several others on the market and I encourage you to look far as booking is concerned, your clients really should be using a service like ZocDoc for booking in order to avoid the potential liability of a custom system run on WordPress.
Many U. states require contractors to list their license ID on their website. Don’t forget to ask for this, as it could result in a fine.
Financial advisors have very strict regulations about using client testimonials and claims about potential results. They are all highly aware of these regulations and will typically tell you about them, but if they don’t, make sure you ask.
If there’s one lesson you take from this article, it should be this one: there are lots of ways you can mess up and get your client in trouble when building a website. If you do, they may decide to sue the U. S., Errors, and Omissions Liability Insurance will cover the costs of legal representation and any settlement arising from a lawsuit if they do. If you have any assets that could be at risk if one of your clients sued you, you should consider getting top of that, make sure you document having asked your clients about any regulations they face in their industry. Recommend they contact an attorney if they aren’t sure and make sure you keep a record of it all. If you inadvertently get them sued, you may have some protection if they approved your work and they explicitly told you there were no legal requirements you needed to follow.
Website legal requirements: laws and regulations in the UK …
Your business website is required to comply with current legislation or pay the consequences. Here’s a checklist of 7 legal requirements for your business to act on to keep your website, and your business, on the right side of the law.
As the business owner of a website, you have a legal obligation to keep your website compliant with current legislation.
Website legal requirements change frequently, and ignorance is no excuse for ensuring your business complies with all the legal issues and statutory requirements that govern the content and functionality of your website. I am not a solicitor, but wanted to share from my experience key areas for businesses to focus on. Of course, I recommend you get legal advice for any specific queries you may have.
Here is a checklist of 7 key website legal requirements:
1. The identity of your business
The Companies Act 2006 has the dubious honour of being one of the UK’s longest pieces of legislation, running to more than 700 pages long.
The Act requires you disclose certain information about the identity of your company on your website. This information doesn’t need to be on every page, but it does need to be easily found so it will typically go on your Contact Us page, or About Us page. You will also find placing some of this information on the footer section of your pages will be useful to both users, and for your search engine optimisation:
Company registered number
Place of registration, such as England and Wales
Registered office address
Your company name, postal address and company email address
How to contact your business via non-electronic means
Your VAT number, even if the website is not being used for ecommerce transactions
The name of any trade bodies or professional associations that the business is part of, including membership or registration details.
2. The right of users to grant consent for the use of their data
The GDPR regulations came into effect in May 2018. It is one of the most significant pieces of legislation improving the rights of individuals to understand how their personal data is being processed.
We have written a practical guide to help you make your website GDPR compliant, and the tasks you need to cross off your website compliance checklist include:
Preferences on your web contact forms set to default to “no” or blank, and users have to actively opt-in
Making it easy for users to withdraw their consent or opt-out
Forms should collect a minimum of information, and only the data required for the task at hand
Notifying users of cookies that are being used to track their behaviour
And have in place a data breach process in case the worse happens.
3. Your company policies and procedures
There are a number of standard pages for you to include on your website.
4. Consumer protection
If your company is selling online, then your business will need to comply with a range of legislation that includes the online and distance selling regulations as well as electronic commerce regulations and the consumer rights act.
This is a complex area, but on your checklist the top level issues you need to consider include:
The required information before an order is placed, including full costs, payment terms, delivery arrangements, and the rights to cancel
The required information after an order is placed, including a copy of the contract to purchase
That you fulfill the order in a satisfactory manner
That your goods and services are of satisfactory quality, fit for purpose, and as described on your website
Your website must accessible to everyone who needs it. If it isn’t, you may be in breach of the Equality Act 2010.
In practice, what this means for your website is:
meet level AA of the Web Content Accessibility Guidelines (WCAG 2. 1) as a minimum
work on the most commonly used assistive technologies – including screen magnifiers, screen readers and speech recognition tools
include people with disabilities in user research
and that you include an accessibility statement on your website
6. Cyber security and protecting personal data
The Information Commissioner’s Office has published a set of technical security processes that are considered to represent appropriate measures under the GDPR.
As a business, your responsibility is to take the necessary steps considered ‘appropriate’ to prevent personal data from being accidentally or deliberately compromised. In other words, it is your responsibility to prevent hacking and cybercrime.
In practice, this includes:
Implementing an SSL certificate on your website for the encryption of personal data
Updating your website software regularly, including your website operating system and your content management system
Testing your website for security vulnerabilities
7. Respecting copyright
You will notice most websites have a “Copyright 2018” statement in the footer. All websites and their content are inherently copyright protected provided they are original works, and adding that text can act as a deterrent from others stealing your content. But businesses of all types could be a victim of copyright infringement by unknowing or unscrupulous businesses who think nothing of copying someone else’s work and passing it off as their own
It is in your business interest that you exert your own right to your copyright and that you respect the copyright belonging to others.
Your copyright checklist includes:
that you are only making use of licensed or copyright free images. Here is a source of free images
that you are detecting other sites that could be infringing your copyright
that you are protecting your own website copyright
This checklist of website legal requirements was produced to help you with your ongoing web improvement. I welcome your comments, questions, and suggestions. Feel free to contact us if you would like to discuss the next step in your web development planning.
Web Site Legal Issues – BitLaw
This section discusses the legal issues involved with the creation of a web site. Many of the
topics discussed on this page are covered in greater detail elsewhere in BitLaw. The purpose
of this page is to present in a single page the issues that must be addressed during the
creation of a web site.
BitLaw’s discussion of web site legal issues is divided into the following parts:
Domain name concerns
Linking and framing
This page was written in part by Brad Bolin when he was intern working with Daniel A. Tysver.
Copyright concerns when creating a web site
A party is guilty of copyright infringement if they violate one of the five exclusive rights given to copyright owners under the
Copyright Act. Included in those rights are the right to prevent others from reproducing (or
copying) a work, publicly displaying a work, or distributing a work. As a result, web page
authors should take care not to copy the work of others. An Internet service provider can
also be found liable for copyright infringement even when they are not directly engaged in the
copying of protected materials, as is explained in more detail in the BitLaw section on ISP liability.
Obtaining images for a web page. One of the chief attractions of the World Wide Web is
the ability to use graphics to convey information to users. A sophisticated and
subtle graphical presentation is the hallmark of some of the Web’s most popular sites.
The following “rules of thumb” are meant to guide a web page creator when
selecting images for incorporation into a page.
Creating original images from drawing and painting programs: The best way to obtain images
is to create them in a drawing or other image creation program. In doing so, however, it
is best to start from scratch rather than from someone else’s creation. Even if an image
is significantly altered, the new image may infringe upon the copyright in the first image
by being a “derivative work. ”
Taking images from third-parties: The simple rule is, “Don’t steal someone
else’s images. ” The moment an original image (or string of text) is fixed on a hard drive for the first
time, it is protected by copyright. Any unauthorized copying of a protected image is
an infringement of the creator’s copyright, unless the use falls within one of the
very limited exceptions to the copyright law, such as “fair use. ” In most cases, it is unlikely
that the incorporation of an image into a commercial web-site would be considered a
Licensed images from the Internet: Some images, such as Microsoft’s “Internet
Explorer” logo, may be copied, but only if the would-be copier accepts the
terms of a license defining the permissible uses of the image. Often such licenses
provide that the copier cannot alter the appearance of the image in any way, and
may use the image as a link only to certain designated sites. (An example of a logo
license agreement can be found on MSNBC’s web-site. )
Clip-art Libraries Provided with Software: Other sources of licensed images include
clip-art files, such as those provided with Claris Home Page, Microsoft Front Page,
and Adobe PageMill software. Incorporating clip-art from these libraries into
a page does not violate copyright law, as these images are licensed to the purchaser
of the software for this purpose. To avoid liability, however, a webmaster must be
careful to obey the terms of all applicable license agreements. For instance,
the license may not allow a user to alter the images in any significant way.
Free Images Off the Internet: Some web sites provide images that are for use by
others. These images may be used in a web page, as long as the terms proposed by the
image creator are followed. Typically, these sites only require that some type
of credit is given to the author, including a link back to the author’s site.
However, there remains the possibility that the images were misappropriated at some
point and were not original creations of the alleged author. In these cases, use
of the images may infringe the copyright rights of the original author.
Developing text for a web page. The guidelines for text development are similar to
those for obtaining images. Truly original text, developed by the creator of the
web-site, may be used without copyright concerns. As with images, appropriating text
from third-parties without permission is illegal, unless there is some substantial
“fair use” justification for the
taking. Use of third-party text pursuant to a license agreement should follow the terms
of the license agreement. As for public domain works, one should never assume a work is
in the “public domain” without independent investigation.
is normally a violation of copyright law to appropriate scripting or programming from
someone else without permission. Many parties have made their scripts and applets
available for use by the public. In these cases, use is allowed as long as any
requirements set forth by the programmer are followed.
The selection and protection of a domain name may be the most important detail in the creation
of a web site. Domain names function as the address for a web site, and disputes over domain
names have become more common and more heated as the popularity of the Internet grows.
Selecting a Domain Name: Domain names have a first and second level. In the
domain name, the “” portion is considered the first or top level domain
name, and “bitlaw” is considered a second level domain name. The most common
top level domain (,,,, ) names are administered by InterNIC, although other top level domains are available and still more will be available soon. To obtain a
domain name using one of these top level domain names, a WhoIs search should be done to make sure
the name is not taken. In addition, it may be wise to perform a trademark search to verify that the chosen domain
name is not infringing on another party’s trademark.
Reclaiming a Domain Name Registered by Another: Occasionally, upon searching for a
domain name, a party may discover that someone else has already taken their corporate
name or trademark as a domain name. In most cases, there is little that can be done
because the other party has equal right to use that name. In some circumstances,
however, it is possible to contest a registered domain name
based upon superior rights to that name. Such a contest can be made through the
courts or through InterNIC’s domain name dispute policy.
Obtaining a Domain Name: If the name is available, a registration can be filed with
InterNIC using their on-line
Protecting a Domain Name: In order to better protect a domain name and to avoid losing
a domain name under the InterNIC domain name dispute policy, a domain name owner
should obtain a trademark registration on their
domain name. In order to obtain immediate protection, a registration can be obtained
through Tunisia. However, often the expense of a
Tunisian registration is not justified.
Obtaining Multiple Domain Names under Different Top Level Domains: Because of the new top level domain names that are currently
proposed, it may be wise for the owner of a strong trademark to obtain domain name
registrations under multiple top-level domain names. For example, the BitLaw web site
might be found under “”, “”,
“”, and “”. Multiple registrations may require
the overhead of maintaining a web site under each domain, but will prevent competitors
from obtaining the sites.
A trademark is a word, image, slogan, or other device
designed to identify the goods or services of a particular party. Trademark infringement occurs when one party utilizes
the mark of another in such a way as to create a likelihood of confusion, mistake and/or
deception with the consuming public. The confusion created can be that the defendant’s
products or services are the same as that of the trademark owner, or that the defendant is
somehow associated, affiliated, connected, approved, authorized or sponsored by trademark
owner. Since most web sites will contain discussions of products or services, web site
developers should be aware of the potential trademark issues.
Discussing the trademarks of others: There is nothing inherently wrong with the
identification of other party’s products on a web page by using their trademarks.
Nonetheless, some parties have made inappropriate
claims of trademark infringement every time they see one of their marks on
another party’s page. Sometimes, however, a web site does violate the trademarks of
another. Web page designers should avoid trademark usage that might cause confusion
among viewers as to the source or sponsorship of the web page. Such use might well
constitute trademark infringement.
Linking to another page through that party’s logo or trademark: It is common to find
a link to another web page made through a company’s name, trademark, or logo. In most
cases, this type of link will not cause trademark concerns unless the use causes the
type of confusion discussed above. However, the use of another party’s logo without
their permission may be more likely to raise the type of confusion that creates
trademark infringement, since a graphical logo arguably creates a stronger impression
of affiliation than mere text.
Selecting a trademark: To select a trademark, one should consider the relative strength of the mark. Certain marks are
stronger than others. Made up words, such as Kodak or Xerox make the strongest marks.
The next strongest marks are those words that have no relationship with the products or
services on which they are used, such as APPLE for computers. Marks that are
descriptive in nature, such as CLEARSCREEN for computer monitors, may be so weak that
they will not function as a trademark until they have been heavily used. After picking
a mark, a trademark search should be performed to
make sure that no one else has rights to the mark.
Protecting a trademark: Once a mark has been selecting, the best way to protect a mark
(in the United States) is through a federal
trademark registration. If the goods or services sold under the mark will be sold
internationally, trademark registrations in other countries should also be considered.
The term defamation refers to a false statement made about someone or some organization that
is damaging to their reputation. For a statement to be defamatory, the statement must be
published to a third party, and the person publishing the statement must have known or should
have known that the statement was false. The law of defamation is complex, as it has been
determined by numerous court decisions rather than one national statute. In addition, a claim
of defamation is subject to a variety of defenses, such as the First Amendment and (of course)
the defense that the statement was true. Because of the complexity of defamation law, a full
explanation of this area will not be set forth here, and is saved for others to provide.
While the Internet provides a new context in which a defaming statement can be made and
published, there is little new law relating to Internet defamation other than liability for service providers. Nonetheless, web page
developers must be careful to avoid defaming someone in their pages. If a statement is being
made that may damage the reputation of a person or organization, care should be taken to make
sure that the statement is not defaming.
Linking and framing concerns:
Links between pages are the raison d’etre for the world wide web. Without widespread linking,
the web as we know it would not exist. Nevertheless, there are questions about the legality of
such connections. For those interested in more information on any of the subjects below,
Bitlaw also contains an extended discussion of linking
Derivative Work Created by Linking-In Images Found on Other Sites: When the image
from another web site is incorporated into one’s own page by means of an unauthorized
IMG link, there is no direct copying by the creator of the link. Nonetheless, when the
visiting browser retrieves the image from the other web site and combines it with
the text on the current page, the creator of the web site may be guilty of contributory
copyright infringement for creating a derivative work. Consequently, one should
not include links to images found on another party’s web site without first getting
Passing Off: One can also utilize a link to pass off another’s work as one’s own.
For instance, one could tell the reader to click here to
see some of Brad Bolin’s best original comics. The link leads to a Doonesbury image
which is falsely claimed to be original to Brad Bolin. Consequently, the HREF link also
is a reverse passing off. Reverse passing off by using a link to pass-off another’s
work as one’s own most likely violates state law governing competitive business
Defamation: In addition to the type of direct defamation explained above, it should be noted that a link to another’s page or image
could be defamatory, and hence subject someone to legal liability. An example
defamatory link would be: “Some idiot killed my
cat, stole my invention, and threatened to destroy the Internet. ” The statement
itself does not identify the party. The link itself (assuming it actually linked to
someone) provides the context that turns the statement into defamation.
Trademark Infringement: As explained above, trademark
infringement occurs when one party utilizes the mark of another in such a way as to
create a likelihood of confusion, mistake and/or deception with the consuming public.
The confusion created can be that the defendant’s products or services are the same as
that of the plaintiff, or that the defendant is somehow associated, affiliated,
connected, approved, authorized or sponsored by trademark owner. As a result, any link
that falsely leads the end user to conclude that the web page author is affiliated,
approved, or sponsored by the trademark owner could lead to a claim of trademark
Problems with Frames: Frames are used to subdivide web pages into multiple parts. In
most cases, frames are used only to show multiple pages of content from the same site
at the same time. For example, frames could be used to divide a browser into two parts,
with one part containing an index for the web site and the second containing content
pages. While this type of use is perfectly legal, problems can arise if a frame is
used to show pages from two web sites at the same time. The use of frames in this way
can mislead the viewer of a site as to the creator of its content, possibly raising
issues of copyright infringement, passing off, defamation, and trademark
infringement, just like the linking situations described above. The party that
developed the Totalnews web site found this out
by using frames to show other news organizations sites at the same time as showing
their index and advertisements. The other web sites were not amused, and filed suit.
Frequently Asked Questions about website legality
What are the legal requirements on a website?
Here is a checklist of 7 key website legal requirements:The identity of your business. … The right of users to grant consent for the use of their data. … Your company policies and procedures. … Consumer protection. … Accessibility. … Cyber security and protecting personal data. … Respecting copyright.Oct 16, 2018
What is legal issue in website?
BitLaw’s discussion of web site legal issues is divided into the following parts: Copyright concerns. Domain name concerns. Trademark concerns.
Is web on web legal?
If you’re doing web crawling for your own purposes, it is legal as it falls under fair use doctrine. The complications start if you want to use scraped data for others, especially commercial purposes. … As long as you are not crawling at a disruptive rate and the source is public you should be fine.Jul 17, 2019