Legal risks of internet business



We are all well acquainted with many of the commercial risks associated with an internet business – developing a successful product or service in an increasingly saturated technology marketplace, pricing it properly, utilising the best marketing and social media channels, and the like.

But what about the legal risks? There is nothing worse than launching the next ‘new thing’ only to discover that you have not adequately protected yourself against the theft and republishing of your original content or failed to consider the fact that European consumers have far greater rights with respect to the use and protection of their personal information than customers in the US and many other countries.

The end results can range from minor inconvenience all the way to crippling legal liability, and your internet business is finished before it ever really got started. While this article cannot provide a comprehensive survey of every possible legal risk that could potentially affect your internet business, we can suggest some contractual protections that should help minimise your exposure. We do recommend retaining attorneys who understand internet law to help protect you properly.

Terms of Service

Terms of Service (ToS) are contractual provisions and notifications that govern a potential customer’s visit to your business’ website. We use the word ‘potential’ because many individuals will visit your website but not necessarily buy anything or engage in any sort of formal transaction. Because of this, internet businesses need a set of ‘rules’ that dictate what the potential customer can expect while they are browsing, even if they ultimately decide not to form a relationship with the business.

The legal provisions contained within ToS can vary depending upon the type of internet business, but most cover at least the following: (i) choice of law/jurisdiction – what laws apply to any transactions between the business and the customer (this may depend upon where the customer resides); (ii) venue – where any legal disputes arising out of the web content or the customer’s interaction with the website will be resolved; (iii) intellectual property – what information or content is owned by the website and what limits on its possession or use apply to the customer or visitor; (iv) code of conduct – those activities that are acceptable or unacceptable when visiting the website; (v) warranties and disclaimers – representations regarding the content on the website, (vi) limitations of liability – a statement that the owner of the internet site has little or no liability for anyone who visits the site; and (vii) references to other terms – this can include privacy, use of cookies or something specific to the business of the website.

The law with respect to the enforceability of ToS is pretty straightforward, and courts have held that merely accessing the website means that the visitor has actually consented to all of the terms and conditions, even if they did not read the ToS. However, the ToS do have to be available on the website and clearly accessible.

This may make some consumers scratch their heads – how can a visitor can agree to a contract without ever so much as looking at the terms? The reason is simple – courts believe that it helps to bring legal clarity to internet business operations and a sense of predictability to those who visit but do not buy. Of course, if a customer does not wish to be bound by unseen terms, they have an alternative – do not access the website.

That being said, it is important to remember that ToS should reflect the business and its operations, and properly cover and protect the website. If, for example, a website does not allow users to post comments or interact in any way with the content on the site, there would be no need to incorporate a Code of Conduct. Do not add terms that you do not need, just for the sake of having them.

The applicability of ToS to someone who actually purchases goods or services from an internet business is debatable, since courts prefer customers actually read and agree to internet legal terms when they are giving up something of value, such as money. Accordingly, the best practice is for an internet business to have purchasers agree to a ‘click agreement’, which becomes a record of the customer agreeing to specific legal provisions.

Click agreements

Clicks agreements are, in some sense, not much different from regular agreements governing the purchase and sale of products or services. Just as a brick and mortar business wants its sales to be governed by a fixed set of provisions in case a dispute arises, the same is true for an online business, where a click agreement serves as the equivalent of written proof that the customer agreed to the contractual terms associated with the transaction. Click agreements usually cover more purchase related terms such as provisions for returning the goods or services purchased, warranties regarding their use, the scope of any licence acquired for the use of the product, limitations on transfers, and the like, but they generally overlap with the ToS on things like choice of law and venue.

The ‘agreeing’ of the click agreement can occur in a variety of ways, but more often than not the click agreement is part of the registration process to set up an account or to become a user of a site and can, in many instances, require the user to consent to other terms or policies. So for instance when a potential customer goes to, a click agreement window will appear, and the customer cannot proceed without agreeing to the terms and conditions, privacy policy, and the use of cookies.

Once the customer clicks the ‘continue’ button, the internet business makes an electronic record for the customer, which serves as digital evidence of their agreement to the legal terms contained within the click agreement.

Privacy policies

Privacy policies are used to let customers know how their personally identifiable information is going to be used by the internet business. Although there is no general law in the United States which requires businesses to post a privacy policy (except in certain regulated industries like banking and healthcare), the Federal Trade Commission (FTC) has made it very clear that if you do post a privacy policy, you had better adhere to it or face severe regulatory repercussions. Of course, things change the minute you enter Europe. Privacy in Europe, which is governed by the 1995 EU Data Directive and the soon to be enacted General Data Protection Regulation, gives EU citizens much greater control over their personal information than their counterparts in the US. So it is not just a function of putting in whatever provisions in a privacy policy you think will be effective – the privacy policy must take into account the privacy and data security laws of the country where the business resides, and quite possibly where each of its customers reside.


Since the internet has no geographic or temporal boundaries, which law applies to a given business transaction is more complicated than it initially seems. Therefore, it behoves all internet businesses to clearly establish internet agreements that not only protect their legitimate business goals, but that also protect the rights of customers and comply with governmental expectations.


Peter S. Vogel is a partner and Eric Levy is a senior attorney at Gardere. Mr Vogel can be contacted on +1 (214) 999 4422 or by email: Mr Levy can be contacted on +1 (214) 999 4918 or by email:

© Financier Worldwide


Peter S. Vogel and Eric Levy


©2001-2019 Financier Worldwide Ltd. All rights reserved.