We need to talk about them because the risks associated with operating a website with inadequate ToUs (or none at all) are huge. By “huge”, I mean that they could result in lawsuits or reputational loss that could bankrupt your business.
So, let’s briefly examine those risks and how to manage them. We can start by looking at the typical dangers of using your website as an extension of and/or marketing portal for your business.
What Could Possibly Go Wrong?
Here are just a few examples of the kind of things that can go wrong with various kinds of websites:
- Digital bulletin board-type businesses normally sell advertising space, allowing users to post content on the website, usually in exchange for payment. Without appropriate protections in their ToUs, such businesses will be liable for whatever content is posted even if that content is illicit. They may also become the target of complaints and lawsuits if service interruptions prevent the bulletin board from operating after advertisers have paid to advertise.
- A digital payment operator like AsiaPay or Ezypay will usually have full e-commerce capabilities, allowing users to access a source of funds and arrange delivery to a designated recipient. Most will request and store only the minimum information required to complete the transaction but nevertheless that information is potentially at risk of being used for improper/illegal purposes. A rival business owner might launch a DDOS attack to disable the website or a hacker could deface the website to diminish goodwill or make a political statement.
- Although school websites typically store a lot of information (i.e.: about the school, its academic programs, and its faculty, etc.), they seldom feature any e-commerce capabilities. Their intended use is primarily for users to access and take note of information but again, that information may be stolen or illegally altered without being detected.
- A bank’s website might conceivably feature all of the above operational features as well as provide connections to third party websites offering various non-bank services or goods. Criminals often use bank websites to gain access to customer records for the purpose of later committing fraud.
Also keep in mind that any services available on your websites might be interrupted either due to failure of a designated internet content provider (ICP) or a server or other hosting medium. Alternatively, the software responsible for conducting business on your website could malfunction, resulting in transactions that are not recorded, products not being delivered, and refunds not processed.
Without suitable exclusions of liability set out in ToUs, the worst possible outcome won’t just be loss of confidence in your brand; your business could be sued and held liable for any losses that customers suffer due to interruptions or failures.
However, an appropriate set of ToUs can avoid or limit the impact of all of the above risks.
How ToUs Can Protect Your Business
The primary role that ToUs play is to regulate how the website can be used and by whom. They function like the terms and conditions of a conventional written contract because they are regarded as legally enforceable contracts that you stipulate.
All websites engaged in e-commerce should contain suitable terms of sale (i.e.: addressing pricing, refunds, shipping policies, risk of loss, etc.). They should also include limited representations and warranties tailored to the business, so that potential liabilities for certain foreseeable events such as interruption/suspension of service, late delivery and/or loss of data, will be excluded.
Websites that are merely used to project an online presence for the business (but not involved with selling goods or services) still need ToUs but the scope of protections will usually be more limited because the risks associated with operating such websites are more limited.
In other words, ToUs are essentially risk management tools: by ensuring that all necessary protections are spelt out in the ToUs, you will set clear expectations for users and hopefully avoid most disputes. And, for any disputes which you cannot unavoid, the scope of liability will be reduced because users will be legally bound by your ToUs.
Online businesses need to comply with all relevant laws as well as exercise appropriate oversight over the use of their websites to ensure that the business is fully protected and not prone to embarrassing lapses that might reduce public confidence in them.
We know that you’re busy and you might not have budgeted for any legal expenses but now that we have highlighted some of the legal risks involved with operating your website, would it be prudent to take your website ‘live’ without a properly curated set of ToUs? Would you risk waiting to install a sprinkler system in your business until after it has been destroyed by fire?
In addition to helping to limit your legal risks, a set of properly drafted ToUs can also serve as an effective “blueprint” for your business, outlining the appropriate procedures that users need to follow in order to complete their purchase or other desired functions. It tells users that you are complying with the law and best practices.
If your website currently doesn’t have proper ToUs or if your business has scaled significantly since the ToUs were first prepared, now would be a good time to have them reviewed by a lawyer.
Richard is a senior lawyer in our firm’s Corporate and China Practice and regularly advises fintech and other technology businesses on a range of legal issues including compliance, licensing and other business transactions.
Prior to qualifying as a solicitor, Richard spent nearly 8 years in the private equity industry and frequently draws on that experience when advising founders, startups and investors on seed and venture capital fund-raising stages.
A fluent mandarin speaker, Richard established OLN’s Shanghai office in 2006 and practiced in China until 2020 but still advises clients on M&A, corporate, commercial and employment matters in China.