8 Best-Practices for Website Legal Compliance

July 29, 2016 - 19 minutes read

photo-htmlCode-1454165205744-1440x960
You’re a savvy web developer. You mastered PHP and WordPress a decade ago. Javascript just doesn’t seem as fun anymore with all these fancy frameworks around. These days, you know so much Bootstrap CSS that you’ve started to dream in columns of 12 (well, actually, more like an eye-pleasing col-md-8 padded on both sides by col-md-2’s). You’re the forefront of the front-end. To you, ReactJS is old news.  And what’s the hubbub about Angular 2?  Yes, that’s you.  And like any software engineer worth his or her salt, you know there are pesky legal issues that exist in the world beyond cyberspace. But you’ve always been able to rely on your legal advisors (or your naysaying compliance team) to keep you on the right side of the law.  You’ve always been able to rely on others to give you advice about website legal compliance.

But now you’re at a three-person start-up.  Cash is running low; there is no additional funding on the horizon; and your CEO and that insufferable marketing guy are both looking to you to ensure that everything is kosher for the new site you’re developing. “Hey, I’m no lawyer,” you tell them.  But they both remind you that you were hired you because your resume screams experience. At some point the CEO says, “Look, just try your best. We can’t afford a lawyer, and we’ve got tons of other things to do. Just figure it out — this is your domain. Just don’t screw it up.” (These days, that’s leadership.)

If you’ve ever found yourself in this position, this guide is for you. It won’t tell you everything.  It’s not intended as true legal advice for your particular website, but it will help you wrap your head around some of the biggest areas of concern.

Disclaimer: Before we begin, let’s all take a deep breath and remember that every website is different, and every fact-pattern and legal scenario is different. There is simply no substitute for having an experienced attorney review your website to ensure that it is legally compliant and adequately protects your company’s legal rights.  It is true that many common legal issues for start-ups fall within the realm of sales, operations and general business compliance.  But there are some legal issues that fall uniquely within the esoteric realm of design and software engineering.  While the following list is not exclusive, these are some of the most important rules of thumb that every front-end webdev should follow as a general practice. Again, this article is not intended as legal advice.  It’s just a high-level guide that should help you spot some common issues of concern.

1.  Never Use Copyrighted Works Without Permission.

Copyright infringement is not something to be taken lightly. In some cases, the willful infringement of a copyrighted work may entitled the copyright owner to substantial statutory damages and attorneys’ fees.

A copyright is a right of ownership in intellectual property that gives the author of an original work the right to profit from the work and control its reproduction or distribution. The copyright owner can prevent others from copying, displaying, and reproducing the work.

A copyright can protect various types of literary or artistic works like books, articles, pictures, photos, movies, and pretty much anything else of artistic value. Which means that you need to be mindful of copyright disclaimers and reservations of rights. Copyrights can also cover software — including open-source software — so be sure to look closely at the license accompanying any source code you find on GitHub or Bitbucket. (See Item #3 below)

Roughly speaking, copyright infringement occurs when a person violates an exclusive right of the copyright holder by using the work without a license and beyond the scope of the “fair use” exception under the Copyright Act.  (See Item #2). That said, the best way you can avoid running afoul of the copyright laws is to actually purchase a license for whatever image, song, video clip, etc. you intend to use. A license covers not only a particular piece of artwork or original expression, but also the manner in which you use it. If possible, always check with the copyright author to see under what parameters you may use the item in your business.  If you’re up against the wall, then to make things easy, try to find a reputable stock photo service that will allow you to use or purchase an image under a broad license that allows you use it as you wish.

2.  The “Fair Use” Doctrine Is Not Carte Blanche to Alter Images in Photoshop and Then Claim Them As Your Own

Related to this prior point, don’t buy into the sophomore notion that the doctrine of “fair use” is a license to do as you please with copyrighted works.  This is especially true with images that you can easily obtain from the internet.

Yes, it is true that section 107 of the Copyright Act exempts certain types of “fair use” as non-infringement. Under 17 U.S.C. § 107, “the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.” But ultimately, what amounts to “fair use” is a case-by-case inquiry, and there are no bright-line tests that will provide an easy answer.

Under section 107, the courts will look at the following factors to determine if the use of a copyright work amounts to fair use:

“(1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
(4) the effect of the use upon the potential market for or value of the copyrighted work.”

The inquiry is complex, and a showing on one or more of these elements does not necessarily amount to fair use. A deep legal analysis is necessary.  If you’re venturing into “fair-use” land, then there is no substitute for an attorney’s review of the actual materials that you intend to claim as fair use.

The prevalence of memes, .gif’s and viral infographics in online marketing has made the use of images and photos a particularly fraught area of concern. All webdevs and online marketers should be mindful that a Photoshop license does not entitle them to stamp some funny text on someone else’s photo or image and then claim it as their own. Just look, for instance, at the case of a reputable street artist who altered an Associated Press image of then-candidate Barak Obama and created the infamous “Hope” poster. The AP demanded that the artist pay compensation for using its image in his work.  The artist sued on the basis that the item was “fair use”, but the defense did not get him that far and the case was ultimately settled out of court in a confidential settlement that, in all likelihood, granted some form of compensation for the unauthorized use.  Stories like these are not isolated incident.  There are several online publishers who have similarly had to endure the cost and humiliation of a well-founded cease-and-desist letter.

All this said, if your boss is too cheap to seek legal advice, then — at the very least — make sure you or your company has purchased the rights to use, modify and/or display the images you are asked to incorporate into your work. It could save you all countless headaches down the road.

3.  Look Closely At The Licenses Required for Third-Party Libraries.

Any savvy computer user will know that copyright and other intellectual property protections extend to software itself. This is why companies like Microsoft and Adobe ask you to click through the voluminous legal agreements that are Software Licenses — i.e., so that they can ensure that end users are not usurping those companies’ legal rights or pirating the software to others.

Software licenses are ubiquitous and important.  They govern the use and redistribution of all types of software, including third party libraries. It’s common for junior developers to think that they can download third party libraries from package managers like Homebrew, Apt and pip, or even from open-source private repos like GitHub and Bitbucket, with impunity.  I mean it’s open source, so why really worry about licensing issues?  Well, I hate to be the bearer of bad news, but the precise terms of third party licenses often differ on important issues like linking, distribution, modification, commercial-use, etc. Some licenses are highly restrictive and may require you to reveal your source code and even hold the author harmless from any liability related to its use.  Does your app run on a native device or just via the web?  Is it bundled in a distribution package with other dependencies?  How to the various licenses in play interact?  It’s good to do your diligence up front so that you aren’t prejudicing your legal rights or impairing the ownership you expect to retain over your project.

4.  Don’t Name Your Customers and Clients on Your Site Without Permission.

Webdevs who sell customized themes on sites like Themeforest often like to include placeholders for customer lists and customer logos. I can’t help but laugh (or smh) when I see themes include sample .jpegs with reputable brands.  Blindly throwing those placeholders into a new site like a junior-high multimedia project is a really BAD idea. If not done properly, it could expose your company to a host of legal claims, including claims for trademark infringement and false endorsement.

That said, you shouldn’t be using any customer names — and especially any customer trademarks — without appropriate permissions. Not only is it a good business practice and a key indicia of whether a business team actually knows what they’re doing, it will avoid you massive legal headaches down the road.

5.  Ensure That Testimonials Are Fair, Accurate and Appropriately Documented.

Similar to #4, you should obtain appropriate permissions from any customers if you intend to use any such testimonials or their pictures on your website.  Testimonials also raise other issues relating to fair disclosure laws, so you should try to consult with an attorney about (i) how to obtain appropriate consent and/or licenses and (ii) how to present testimonials fairly and accurately.

6.  Don’t Give Anyone Access To Your Code Repo without a Solid NDA and Related Agreements.

Yes, it’s tempting to outsource some of your front-end development to contractors when you need things done by yesterday. But you shouldn’t be sharing any of your source code with anyone until you get a signed confidentiality agreement and an assignment of rights.  Each case is different, and there may be other agreements that you’d want to execute with any contractors on your team.

7.  Use Security Best Practices; Implement XSS and CSRF Controls; Implement Client-Side Safeguards; and, If Possible, Get an Independent Security Review.

One of the hottest areas of litigation right now are claims related to false statements related to security practices. If you are a web-dev — whether a backend dev, front-end dev, database architect, whatever — you need to secure your application using industry-standard best practices. If you don’t know how to secure your application from cross-site scripting, cross-site request forgery, and common database-related attacks like SQL injection, then you need to get up to speed on these things ASAP.

Privacy by design is a real thing, and you should always be designing your software with user-privacy in mind. In California and Massachusetts, for instance, there are strict data protection laws that could cost you dearly in the event of a data breach. Ideally, you should also take the time to obtain a security review of your software before deployment.

The California Attorney General publishes a yearly report on commercial data breaches; their causes; common threats and vulnerabilities; and recommended best-practices to reduce these risks.  It’s worth checking out.

8.  Ensure That All Legally-Required Pages and Notices are Built-Out and Reviewed By an Attorney.

Privacy policies, mandatory disclosures and terms of service/terms of use are very hot areas in consumer protection at the moment. You don’t want to mess around with the Federal Trade Commission, the California Attorney General, or the legions of private attorneys hoping to file suit under the California Unfair Competition Law and its counterparts.  These agencies devote massive portions of their budgets to policing websites and their legal compliance obligations.

That said, you should have an attorney review your site before you launch to ensure that you’re not setting yourself up for trouble down the road. Don’t be fooled by online form generators. You need well-tailored documents to protect your legal rights and ensure that users are well informed about how the use of your site will affect their privacy rights.

Legal Compliance is Important to Quality Web Development

In conclusion, it’s important for developers to be mindful of important legal issues and be responsible as to the rights of others. Like it or not, when you deploy sites to the internet, the decisions you have made as a web developer will affect the legal rights of others. That is a responsibility that should not be taken lightly. Not only is it important for your company’s best interests and bottom line, but it also ensures the continued growth and progress of the internet in accordance with good sense and quality standards. And that is a good thing for everyone in cyberspace.

If you are a web developer or business owner in need of advice and counsel on internet legal issues or general best-practices, you should contact us to discuss your matter and inquire about the services we can provide.