12 legal aspects to watch when developing a website
You are probably thinking now that "lawyers and doctors, the farther, the better." I don't blame you, we sometimes become unbearable ;-)
Although lawyers' assistance may not be essential in most aspects of our lives, it is highly recommended in many cases.
For example: nothing prevents you from buying a house without the advice of a lawyer; however, it may be convenient to do so, if you prefer to avoid unpleasant surprises, especially when it comes to creating your home in it.
Well, with websites development happens exactly the same: you can be a great web developer, maybe you have hired one of the best, you probably have developed an impressive website with an incredible front-end and back-end. But be careful, because if your perfect website overlooks essential legal aspects, you could get a tremendous scare in the form of penalties, damage to your brand, reputation and business... just to mention some examples.
Just to give you an approximate idea, I quote below some of the most relevant legal aspects, which you should monitor on your website. Some of them will probably sound familiar to you, if only for the number of notices that pop up every time you use internet.
This list is not intended to be exhaustive. In future articles of this blog we will be able to delve a little more into these and other legal aspects to consider... If you do not want to miss them, remember to subscribe to the KNOWMAD LAWYER blog to be the first to find out.
The legal notice of your website must contain, among others, the following data identifying the person responsible of the website:
- who the website holder is
- tax identification number
- registered address or professional domicile
- how to contact the website holder (at least an email address)
- if it is a company, details of the relevant commercial register.
- if the activity of the person responsible requires prior administrative authorization, details of the same.
- if the person in charge exercises a regulated profession (e.g. pharmacists, architects, etc.), details of the professional association to which the holder belongs, member number, academic title, rules applicable to said profession, etc.
- professional standards and/or codes of conduct applicable to the exercise of your activity.
In addition and not less important, the legal notice must be accessible from any page of your website.
If your website collects personal data -and almost certainly it does-, you must include a page detailing, among other aspects:
- who is responsible for the personal data processing (data controller)
- for what purpose such personal data is collected and processed
- how long they are preserved
- if personal data is shared with third parties (data processors)
- rights of the owner of personal data. Among others,rights to access, rectification, erasure and object.
- how the owner of personal data can exercise these rights
- how the owner of personal data you claim, if necessary.
2.2 Data Protection Obligations
In addition to the above, the current data protection regulations require that the data controller and the data processor or processors (which may or may not coincide with the website holder), even before setting up the personal data processing system, perform a detailed risk analysis (identify threats, assess risks and treat risks), in order to establish control and security measures, which guarantee the rights and freedoms of the interested parties.
The current regulations also require that a registration of processing activities is also carried out.
In certain cases, it may also be necessary to carry out a data protection impact assessment (DPIA).
The cookies policy of your website must contain, among other details, the following information:
- what a cookie is
- types of cookies on the website (operation, registration, access to social networks, etc.) and what they are used for
- Processing of cookies
- way to deactivate or remove them
The current regulations require that the user, prior to the installation of cookies on its device, is duly informed about the purpose of such cookies and the processing of its data. The user shall expressly authorize the cookies.
Especially -but not only- if you sell products or provide a service through your website, you should include on it the terms and conditions that govern the provision of such product or service. The clearest example would be an e-commerce, where you should detail the prices -including taxes and shipping costs-, purchase process, delivery conditions, etc.
5.1 Brands and Domains
If you are interested in certain domain name or the use of a specific commercial name, brand, logo... you better hurry up and register it -provided that the necessary conditions for such registration are given-, unless you want someone else to take it away! You shall previously make sure that the domain name you want to register does not conflict with any brand that is already registered.
Registration of trademarks or trade names may not be as simple as you think for different reasons; therefore, you better take experts' advice before incurring in unnecessary fees or expenses, if you are not completely sure whether or not the registration of the trademark or the trade name will be admitted.
5.2 Use of Contents
Watch out! Not everything you find on the internet (images, logos, music, videos ...) is there to be used indiscriminately. There is something called intellectual property rights (industrial property and copyright), which require that you must have the author's licence or authorization, in order to use certain content and as appropriate. Sometimes you may be authorized to use contents freely or by attribution, mentioning who is the author. So be careful which contents you use on your website!
Unless you want to become the 'spam king' and to receive loads of penalties, the first thing you should know, before sending commercial communications, is that your recipients shall expressly authorize you to do it. There is an exception if you have already contracted previously with the recipient of your commercial communications, you have obtained your personal data lawfully and the communications you send are related to the service you have provided.
You must also give your recipients the possibility to oppose and/or unsubscribe at any time, if they wish to do so.
In order to sell products and services in internet, there are several legal obligations that you must fulfill and that serve to increase the consumers protection. Considering that they do not see physically the product, they shall trust that your website is reliable and that one day they will receive the product that they have purchased. The main legal obligations are the following:
- Properly inform about the characteristics of the products or services that you offer
- Identity and contact details of the seller (legal notice mentioned under number 1 above)
- Total detailed price of the product or service, including taxes, expenses, etc.
- Payment options
- Return and withdrawal policy, if they change their mind and want to reverse the transaction
- Product warranty period
- Technical assistance and post-sale service
The SSL certificate confirms that a certain website has a security protocol and guarantees that the personal data uploaded on it is transmitted in a secure, encrypted and complete manner.
Therefore, if you have an e-commerce or if you collect users' personal data through subscription or any other forms, it is very important that your website has this SSL certificate. It will not only increase the security of your website, but it will also increase your customers trust, as well as your positioning (Google penalizes and does not index those websites that do not have an SSL certificate).
I mean not only suppliers and distributors of products that you sell through your website, but also any third party involved in the operation of your website. For example the website developer, the community manager in charge of you social networks, the responsible of your marketing campaigns, the designer of your logo, your copywriter, who provides you with such cool images or videos that you use. All these relationships should be regulated in writing, defining accurately each one's terms: object, services to be provided, economic conditions, obligations of the parties, term, intellectual and industrial property rights, liabilities and guarantees, confidentiality, etc.
When you publish a website, you must also consider who will be your recipients.
For example, if the content of your website is mainly adressed to under-age users, you shall take greater consent controls for the processing of personal data.
Likewise, if your website is addressed to an adult audience, you will have to restrict access to your content to under-age users.
If you plan to sell your products or services to users of a specific country or market -for example,wine sale mainly addressed to the Chinese market-, you should also take into account the local applicable regulations of such market, where most of your potential customers come from.
Love may last forever, but the relationship between client and community manager maybe not. Therefore -and in connection with points 2, 5 and 7 above-, it is very important that the owner of the website is also the owner of the social networks accounts (not the community manager). Keep in mind that your social media profiles are a very important part of your brand and reputation.
With this strange word, geotargeting or geosegmenting, I am referring to that great advertising and sales resource, which is the possibility of segmenting and identifying the origin of the website users through their IP geolocation, being able to optimize the advertising and products that we offer.
However, beware of the legal implications that it entails. Current regulations prohibit discriminatory practices based on nationality, place of residence or place where you are connecting from. This is what we call geoblocking.
An example for a better understanding: geoblocking implies that you cannot sell your products at higher prices to your client Jürgen, just because he visits your website from Germany, as opposed to the lower prices that you offer to Ramón just because he enters your website from Spain, unless there are objective reasons for said distinction i.e. higher costs of expedition, etc.
Nor can you offer different prices to Jürgen and Ramón, if both access your website from Spain or both do so from Germany.
In fact, these are not all the legal aspects that should be considered, only some of the most relevant or frequent ones. Think also that we have not deepened in each of them, nor have we entered to analyze the different cases that may occur. In any case, as I said above, we will deepen on these and other legal aspects to take into account in future articles of this blog.
In view of the above and answering the question at the beginning of this article:
Is it mandatory that you involve a lawyer to set in motion your website and start operating it?
The answer is 'no'. The only mandatory element is the electronic device that you need to create your website.
Is it advisable to involve a legal expert when doing so?
Yes, it is. And very much. Technology and the way we interact with it are becoming increasingly regulated. In addition they change at a dyzzing speed, as well as their legal implications.
Of course, if you have any doubt or need legal advice to set in motion your business, website or your clients', you can contact us and will be happy to help you.
If you found this article interesting and useful, please share it below on social networks. And in case you don't want to miss those that are yet to come, you can subscribe to receive the next KNOWMAD LAWYER blog posts.
In case you want us to write about any particular legal issue, leave us you comment below or send us a message and we will do our best to write about it as soon as we can..
And now, for those who want to qualify for honors...
Normative references of the article
-Regulation (UE) 2018/1725 of the European Parliament and of the Council, of 23 October 2018, on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data
-Royal Legislative Decree 1/1996, of 12 April, enacting the consolidated text of the Intellectual Property Act, regularising, removing ambiguities and harmonising the current legal provisions on the subject
-Regulation (EU) 2018/302 of the European Parliament and of the Council of 28 February 2018 on addressing unjustified geo-blocking and other forms of discrimination based on customers' nationality, place of residence or place of establishment within the internal market