What you need to know about Terms of Service and Privacy policies
Author: Samuel Michaels, JD
SM Legal
A Terms of Service (alternatively called a Terms & Conditions) is a legal document provided by a business to their customers. It is usually posted on a dedicated page on the business’ website. The Terms of Service describes the business’ product or service, sales process, and specific rules regarding cancellations, refunds, and returns. The Terms of Service will also often explain how customers should interact with the website, and how the business protects its property and content. Most online businesses will pair a Terms of Service with a dedicated Privacy Policy.
In Ontario, a Terms of Service must adhere to the minimum standards of the Consumer Protection Act (CPA) and the Personal Information Protection and Electronic Documents Act (PIPEDA). The CPA protects customers from faulty goods, misrepresentation, and delayed deliveries, among other protections. PIPEDA, on the other hand, deals specifically with the collection and storage of personal information online.
A Terms of Service can set out specific requirements for your business and customers, subject to the CPA and PIPEDA. The Terms of Service can include clauses regarding payment processing, limiting liability exposure, and protecting access to intellectual property. Without a Terms of Service, the business will have to rely on the default rules in the CPA and PIPEDA. However, the CPA and PIPEDA were designed to protect customers, not sellers. In order for the seller to protect themselves, their business will often rely on a Terms of Service in cases of customer disputes or complaints.
Usually, a Terms of Service will be broken down into sections and clauses. The language in a Terms of Service should be clear and concise, and not overburdened with legalese. Over the past few years, especially, national and international institutions (most notably the European Union) have pressured online businesses to ensure their Terms of Service documents are clear and legible for readers.
Privacy Policy
Because of the onerous restrictions imposed by the Personal Information Protection and Electronic Documents Act (PIPEDA), most online business should have a Privacy Policy. Like a Terms of Service, a Privacy Policy is a legal document often posted on a dedicated page of the business website. The Privacy Policy describes how and why the business collects user information, how user information is stored, and steps for customers to request access to their information.
A company’s Privacy Policy must be compliant with the requirements and restrictions of PIPEDA. In general, PIPEDA requires businesses to seek consent before collecting user information, to only collect necessary information, and to only disclose information when necessary for legal or business purposes. Businesses which advertise online must also adhere to Canada’s anti-spam legislation (CASL). Lastly, In Ontario, businesses should also be aware of the Personal Health Information Protection Act, which regulates the collection and disclosure of medical information in the province.
Companies that conduct online business internationally should also take into account privacy legislation in their customers’ jurisdictions. Of specific concern, the European Union’s General Data Protection Regulation (GDPR) imposes many requirements on companies with European customers.
The Privacy Policy is a central legal document for protecting a business’ online activities. It should list exactly what information the business collects, what is done with that information, and how it is stored. The Privacy Policy should also outline the business’ accountability procedure and disclosure procedure. Often, a Privacy Policy will also include contact information for the company’s Privacy Officer and complaints process.
As consumer attitudes change, more information is being freely exchanged online. Aware of this evolution, governments are trying to crack down on businesses which collect or disclose information without user consent. In this evolving landscape, having a clear and comprehensive Privacy Policy can prove essential for online businesses to protect themselves and their customers.
Further Action: Please go to Client Lounge