Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

Starting an Online Business

Introduction

There are a number of fundamental legal issues that must be considered prior to launching an online business. The issues presented vary depending on the nature of the website that underpins the business, how it was developed (e.g. by whom), and the forms of intellectual capital that it contains. This tutorial will discuss the implications of applicable law and provide a suggested course of action regarding same, where appropriate. It will also discuss a host of issues that may not be initially apparent to an online entrepreneur, even to entrepreneurs that have been doing business online for quite some time.

There are also a number of business processes that have legal implications due to the fact that business is being conducted online. Many of these are non-existent or irrelevant (for the most part) when conducting business offline. In short, the online context matters. Although starting an online business has never been easier (i.e. given the number of high quality tools available), the online context creates its own kinds of complexity, especially given the number of online contracts an entrepreneur may need to enter into, including, but not limited to, the following: 1) terms of use; 2) website development; 3) affiliate; 4) non-disclosure; 5) employment; 6) hosting; 7) advertising; 8) marketing and 9) operating agreements.

In addition, there are intellectual property issues related to copyright, trademark, domain names and others that must be attended to in order to mitigate online legal liability, including taking advantage of certain “safe harbors” provided by applicable law. These safe harbors are available if, and only if, the correct processes are followed by the business. Furthermore, doing business online encompasses many of the same business/legal risks and challenges that any business faces, including developing a business concept that can be monetized and doing business using the appropriate legal structure (e.g. Limited Liability Company, Corporation, Professional Associations, etc.).

In short, the intent of this online business startup tutorial is to sufficiently describe many of the legal and business issues surrounding doing business online. The various categories of the tutorial are all written with this objective in mind.

By now this question is almost never asked because all of us are familiar with online businesses such as Amazon.com, eBay, Google, Facebook and countless others. For our purposes an online business is any business on the Internet that sells products, services, or advertising, online. The difference between a website and an online business is that the latter sells something using the global communications infrastructure of the Internet. For many online businesses advertising is a principal source of revenue (e.g. huffingtonpost.com).

The entrepreneur’s business model will determine the kinds of agreements and arrangements that must be entered into in order to conduct business. For example, any business that accepts credit cards online must either use a third party payment processor (e.g. PayPal) or build the systems sophisticated enough to manage this business process internally (e.g. Amazon). Fortunately, there are now enough pre-built services available for an online business to “plug into” that it is not a question of reinventing the wheel. Rather, the question is how to put all these movable parts into a coherent whole and make it sustainable (i.e. profitable) over time. That said, if a business did choose to process and store credits cards online then it would almost certainly have to comply with the FTC's Red Flag Rules.

Again, depending on the business model, different online businesses will face different legal risks. For example, if you decide to launch a specialized social networking site wherein users can register and upload content, then you must be aware of the protections afforded by the Digital Millennium Copyright Act (“DMCA”). The DMCA affords an online business a considerable amount of protection if certain processes and procedures are implemented and followed. What kind of protections does the DMCA provide? It provides protection (i.e. a “safe harbor”) against third party copyright liability for content that your users upload that may infringe on some other person or entity’s intellectual property (i.e. copyright). The safe harbor is provided only if the online business implements, and follows, the statutory requirements of the DMCA.

The critical question here is not simply having the "right" legal language in the various agreements (e.g. your terms of use) but rather whether the business has implemented and followed the business processes that underpin the language. Courts are not fooled by "flowery" contractual language but rather want to know what the business did in fact (e.g. did it do what it said it would do in its terms of use). It is imperative that an Internet Lawyer advising an online entrepreneur understand the underlying processes that must be implemented and followed, in addition to the required contractual language.

The most common forms of business entities in the U.S. is the sole proprietorship, the corporation (of various flavors), general and limited partnerships, and the limited liability company ("LLC"). The primary difference between the various business entities generally fall into two major categories: 1) whether they provide limited liability to owners; and 2) how the IRS treats the entity from a tax perspective.

What is limited liability? Limited liability is a business concept wherein a partner, investor, or shareholder cannot lose more than the amount invested in the business. Thus, the investor, partner, or shareholder is not personally responsible for the debts and obligations of the business in the event that these are not fulfilled, provided that certain basic rules of the road are followed. Limited liability applies to certain business organizations (e.g. a corporation or LLC) and not to others (e.g. a sole proprietorship).

In general, and for obvious reasons, limited liability is the kind of protection that an online entrepreneur wants, and therefore, most online businesses choose either a corporation or an LLC as a business entity type. For example, assume your net worth is $250,000 and you decide to invest $25,000 in an online business. Further assume that you get sued for copyright infringement and get a judgment against your business. The most you could lose (assuming you have followed the rules of the road) is $25,000. Your entire net worth would not be exposed and subject to the judgment. In short, limited liability is a legal doctrine that encourages investment without compelling the entrepreneur to put at risk their entire life's savings.

What are the rules of the road that must be followed? At the risk of gross oversimplification, the principle rules of the road are as follows: 1) you must appropriately create the entity in a state of your choosing; 2) you must follow certain annual processes and procedures in said state to maintain the entity active; 3) you must pay taxes to the IRS in a manner consistent with the type of entity selected; and 4) you must maintain the books and records of your business completely separate from your personal financial records. Although these formalities are not overly burdensome, they must still be followed according to applicable law or you risk losing the designated business entity status.

Formation of a corporation or LLC in most (if not all) states is relatively straightforward. However, the tax implications of these entities should be discussed with your attorney and/or CPA. Further, if the corporation or LLC is made up of multiple shareholders (for a corporation) or members (for an LLC) then things can get complex rather quickly. Why? Because once you have more than one individual involved issues regarding business entity governance become important to resolve at the onset. These issues include, but are not limited to, who owns controlling interest in the entity, who will manage the entity, how will the sale of shares or units of membership be handled, what happens if one of the owner dies, etc. These types of issues are dealt with in shareholders agreements for corporations and in operating agreements for LLCs.

Despite the low barrier to entry there are still pitfalls that the uninitiated should be aware of. For example, most online entrepreneurs will choose to form an LLC or corporation in their home state, and generally this is a good idea because it simplifies the annual reporting process. However, for historical reasons and/or for reasons that are more germane to large corporations, some may choose to form an entity in a differnt state (e.g. Delaware). If you are fairly certain that you are sitting on the next "Facebook" then a different state may be the way to go, but you may stilll need to file paperwork in your home state as a "foreighn entity" if you maintain an office in there.

For an in depth overview of LLCs click here. An overview of corporations can be found here.

Online liability and the risks related to it can take many forms including risks and potential liability related to: 1) commercial email (i.e. SPAM); 2) online speach (e.g. defamation; 3) intellectual property (e.g. copyright and trademark); 4) marketing and advertising (e.g. affiliate relationships); 5) contracts (e.g. website development, terms of use, employment, etc.); 6) privacy and protection of consumer data (e.g. website privacy policies and sales transactions); 7) jurisdictional (i.e. where will a suit be litigated); and 8) others depending on the specific vertical that the online business targets (e.g. healthcare and adult entertainment).

The next section of this tutorial will summarize the prominent laws and regulations that control doing business online. This section attempts to paint a big picture view in order to get you grounded. Although doing business online has matured significantly since the early days of the Internet, and there are some online legal doctrines that are more or less settled, there are still numerous legal issues that play out in the online context in novel ways. That said, there is simply no way possible to eliminate all risk or legal liability regarding doing business online. Even if it were possible, it would be cost prohibitive for all organizations, especially for startups. Our recommended approach for minimizing online liability and maximizing the protection of your legal rights is quite simple to state but like many things in life, not quite so simple to execute, and that is: “an ounce of prevention is worth a pound of cure.”

The challenge for any online startup is to balance the legal risks, and the costs necessary to protect its rights, with all the other risks and expenses that the venture faces. A good way to think about this issue is by using an insurance policy as a metaphor. There are some relatively inexpensive (although clearly not free) balanced strategies that minimize an online business' legal exposure, while at the same time ensuring that its rights are protected within existing budgetary constraints. Like any insurance policy, the ROI only kicks in when the unexpected happens. In the online busines context, depending on the nature of the website that underpins the business, there are many opportunities for the unexpected to happen, especially due to the fact that many of the most popular (and economically viable) sites thrive on user generated content (e.g. social networking website) and thereby open the door to third party liability (e.g. copyright), from sources that are, more or less, outside the business' direct control.

It is anticipated that many online startups will incorporate a social component into their business models and thereby be exposed to the risks described above. However, even those online startups with no social component will be exposed to one or more of the categories of risk described in the introductory paragraph of this section. Further, all online startups should take some basic steps to protect their intellectual property rights. The next section of this tutorial will discuss laws tha apply to the online business context and ways to mitigate the legal risks pertaining to same. It will also discuss, where appropriate, common sense steps that online entrepreneurs can take to protect their rights.

There is general maxim that applies to the online world equally, if not more so, then it does to the bricks and mortar business world, and that is this: the more successful your online business becomes the more of a legal target it will have on its back. It is prudent to give serious consideration to online liability issues before launching.

This section of the tutorial will review laws that play a prominent role with respect to doing business online. Depending on your business model and/or the vertical that your online business targets, some will be more important to you than others. For similar reasons some may not apply to you at all. However, business models evolve and often change dramatically over time. We encourage online entrepreneurs to develop a basic legal literacy in all of these areas so that you are not blindsided down the road. The intent here is not to provide exhaustive coverage of the applicable law, but rather to provide an introduction and point to additional resources, where appropriate, that provide more in depth coverage.

Table of Contents

Copyright is the workhorse of the Internet from the point of view of applicable law.This doctrine protects expressions that are manifested in a fixed and tangible medium. In the United States it is controlled predominantly by federal law (via the 1976 Copyright Act and the U.S. Constitution) and internationally (via the Berne Convention). The author of a copyrighted work acquires a set of exclusive enforceable rights including: 1) the right to make copies; 2) the right to distribute; 3) the right to make derivative works; and 4) the right to public performance.

There are now few formalities attached to obtaining a copyright. However, in the U.S., registration is required if the author wants to bring an infringement suit in federal court. Registration prior to an alleged act of infringement is also required if an author wants to get statutory damages, as opposed to having to prove actual damages. Proving actual damages in a copyright action can be quite difficult as a practical matter. So it turns out that registration is an important consideration that often gets overlooked by online entrepreneurs. Unlike trademarks and patents, copyright registration is relatively straightforward and inexpensive.

Copyright attaches to websites, photos, videos, blogs, music, books and a myriad of other artifacts of expression captured in a fixed medium. Almost any imaginable use of the Internet as a medium will expose an individual or organization to copyright implications, either as a user or creator of content. Much has been written about the intersection of copyright law and the Internet. Our copyright tutorial provides a good overview for online entrepreneurs and should get you grounded with respect to basic doctrinal issues.

However, what gets little coverage is how obscenely expensive it is to prosecute and/or defend a copyright infringement action. Although this report from the U.S. Copyright Office does not mention hard dollars, a copyright infringement lawsuit in federal court can easily take two or more years and costs hundreds of thousands of dollars. Here's the money quote from the report:

We are sympathetic to the concerns of individual authors about the high cost of litigation and how, in many cases, the individual creator may have little practical recourse in obtaining relief through the court system, particularly against infringements involving small amounts of actual damages. This problem, however, has existed for some time and goes beyond the orphan works situation, extending to all types of infringement of the works of individual authors. While there are some mechanisms in place to help address the problem, such as enforcement by collective organizations or timely registration to secure the availability of statutory damages and attorneys fees, we believe that consideration of new procedures, such as establishment of a “small claims” or other inexpensive dispute resolution procedure, would be an important issue for further study by Congress. It is not, however, within the province of this study on orphan works.

Most online startups and small businesses simply cannot afford to engage in this type of litigation. Therefore, from a practical economic perspective the best practice is to adopt a defensive posture that mitigates liability and to protect intellectual property rights as much as possible within existing budgetary constraints. A topic related to costs but often not discussed under the economic rubric is the copyright fair use defense. Fair use is an affirmative defense, which means that you only get to assert it once you have been sued. In short, you are already in litigation and it will be quite expensive to assert this defense even if you are right. Litigating a copyright action is so expensive that most online startups and small businesses risk bankruptcy in pursing such actions. It is little consolation that your position was legally correct if litigation destroys the economic foundation of your online business.

[Table of Contents]

Trademarks

Trademarks are yet another form of intellectual property ("IP") that have implications for online businesses.  In the U.S. protection is provided both by Federal statute (i.e. the Lanham Act) and state statutory and common law (see What Law Controls?). Under the Lanham Act, a seller of goods and services must register with the U.S. Patent and Trademark Office ("USPTO") in order to get the desired protection. The registration with the USPTO can be done completely electronically and the agency's website provides many useful tools for conducting trademark searches, as well as providing other helpful information that guides the registration process. That said, the casual user should be forewarned that there is a "hierarchy of complexity" with respect to various Federal IP registrations, with copyright residing at the low end of the complexity hierarchy and patents at the high end. Trademark registration falls somewhere in between.

The trademark implications for online businesses take many forms and are often much more complex than online copyright issues. Further, there are no online safe harbors that exists under federal trademark law.Online trademark issues include, but are not limited to: 1) domain names; 2) advertising; and 3) secondary liability (both vicarious and contributory). Of particular interest to online startups is selecting a desirable name and corresponding trademark for their legal entity. This is a case where "a rose by any other name" definitely may not smell as sweet. Why is that? It turns out this if you want to use the name of your legal entity as part and parcel of your trademark (and brand), then the name you select at the onset carries signficant weight. The bottom line is that some names are easier to trademark than others.

The extent to which any given mark (e.g. a business name in this case) is deserving of protection usually depends on what is referred to as the "strength of the mark." The strength lies along a classification continuum as follows: (1) arbitrary (and fanciful) marks; (2) suggestive marks; (3) descriptive marks; and (4) generic marks. Arbitrary marks qualify for the most protection (if other requirements are met) and generic marks qualify for no protection (descriptive marks also qualify for no protection unless the mark has acquired "secondary meaning" (see What are the requirements?). Each node of the continuum is a legal term of art defined by both statutory authority and case law. The name Apple, for computers, is often an example given of a fanciful mark. Google and Twitter would also be considered either fanciful or arbitrary marks for their respective businesses. These names, in general, experience very little (if any) difficulty in acquiring a federal tradenmark registration. Depending on the arbitrariness of the name, these organizations probably had little trouble obtaining the corresponding domain names as well (i.e. simply because they were likely to be available).

Of course, there is no requirement that a business use its name as its trademark. In fact, businesses can obtain any number of marks (e.g. one per product) as long as the requirements are met. In practice however, an online startup is usually focused on a single product or service, and entrepreneurs' first inclination is to use the business/product name as the trademark. Therefore, it is important to give serious consideration to business/product names very early in the launch cycle. It may also be tempting to pick a business or domain name that is similar to a competitor's. However, this strategy should generally be avoided at all costs, because the aspiring online entrepreneur is inviting a lawsuit, something that he or she can ill afford. A better strategy, as discussed above, is to pick a completely arbitrary or fanciful name for your entity, product or service. Trademark litigation is as expensive as copyright litigation. A defensive posture is a best practice here as well, for obvious reasons.

The discussion above highlights one of a number of legal issues that confronts an online entrepreneur with respect to trademarks. Our trademark tutorial provides an overview of basic trademark doctrine and should provide enough information to assist you in asking the right questions prior to launching your online business.

[Table of Contents]

Digital Millennium Copyright Act (DMCA)

The Digital Millennium Copyright Act ("DMCA") is a complex piece of legislation that contains a "hodgepodge" of legislative themes including: the implementation of WIPO treaties, the criminalization of anti circumvention technologies (i.e. digital rights management technologies or DRM) and the limitations of liability contained in Title II. The DMCA amended Title 17 of the U.S. Code (i.e. the copyright statute) and consists of five titles.

Essentially Title II added section 512 to the copyright statute which is located here. Sectiion 512 creates four new limitations on liability for copyright infringement by online service providers. The limitations are encomapassed in the following categories: (1) transitory communications; (2) system caching;(3) storage of information on systems or networks at direction of users; and (4) information location tools. They each mitigate liability based on the conduct of the service provider.  

If complied with, each category will prevent a plaintiff from recovering money damages from a service provider and may also restrict a plaintiff's ability to get injunctive relief. The categories are independent from each other, qualifying under one does not imply a qualification under the others. Finally, failure to qualify does not mean that other defenses are not available to the provider (e.g. fair use). The key phrase with respect to the DMCA is "if complied with" which means much more than having the appropriate language in your websites terms of use. Although you certainly need certain pertinent language in your terms of use, equally important is to register an agent with the U.S. Copyright Office and follow the statutory processes and procedures.

The DMCA "safe harbor" provision is an excellent illustration regarding the importance of people, process and platform with respect to online compliance. It is the people (e.g. training) and processes (i.e. implementation)  that underpin the legal compliance language that makes a real difference with respect to building a "good compliance story." Technology often has a subtle but important role to play as well (e.g. capturing which version of your terms of use a registered user accepted by clicking "I Agree"). An Internet Lawyer, in addition to drafting the appropriate language, must be prepared to discuss the people, process and platform issues. 

[Table of Contents]

Communications Decency Act (CDA)

Section 230 of the Communications Decency Act of 1996 codified at 47 U.S.C. § 230. Section 230(c)(1) provides immunity from liability for providers and users of an "interactive computer service" who publish information provided by others:

(c) Protection for “Good Samaritan” blocking and screening of offensive material

(1) Treatment of publisher or speaker No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

(2) Civil liability No provider or user of an interactive computer service shall be held liable on account of—

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or

(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).

Essentially Section 230 of the CDA provides a "safe harbor" (i.e. immunity) from defamatory statements made by third parties on a website. In order to qualify for the safe harbor a website owner must meet each of the following prongs: 

  1. The website owner must be a "provider or user" of an "interactive computer service."
  2. The cause of action asserted by the plaintiff must "treat" the website owner "as the publisher or speaker" of the harmful information at issue.
  3. The information must be "provided by another information content provider," i.e., the website owner must not be the "information content provider" of the harmful information at issue.

What this means in practice is that a website owner (i.e. an Information Service Provider) cannot be sued if a third party user posts defamatory comments about a person or entity on the website's blog, as long as it is not the website owner doing the posting. The third party user obviously does not receive immunity and can still be sued. In short, the website owner (e.g. Facebook) receives immunity from user generated content.

There are limitations to Section 230. For example, it does not apply to federal crimes, intellectual property, or if the website owner contributes to the development of the offending content. Ripoff Report has been sued numerous times for defamatory third party content as has yet to lose a Section 230 case.

[Table of Contents]

Computer Fraud and Abuse Act (CFAA)

The Computer Fraud and Abuse Act ("CFAA") is a law passed by the United States Congress in 1986, intended to reduce cracking of computer systems and to address federal computer-related offenses. Although the CFAA is primarily a criminal law intended to reduce the instances of malicious interferences with computer systems and to address federal computer offenses, an amendment in 1994 allows civil actions to brought under the statute, as well. It is now often used by employers to go after employees that misuse corporate computer systems.

The Act (codified as 18 U.S.C. § 1030) governs cases with a compelling federal interest, where computers of the federal government or certain financial institutions are involved, where the crime itself is interstate in nature, or where computers are used in interstate and foreign commerce. It was amended in 1988, 1994, 1996, in 2001 by the USA PATRIOT Act, 2002, and in 2008 by the Identity Theft Enforcement and Restitution Act. Subsection (b) of the act punishes anyone who not just commits or attempts to commit an offense under the Act, but also those who conspire to do so.

Clearly computers used within a business to conduct Internet transactions would fall under the category of computers used in interstate and foreign commerce and that is part of the reason that employers have begun to use the CFAA against allegedly rogue employees. The Ninth Circuit held as follows in US v. Nosal (9th Cir.; Apr. 28, 2011), regarding exceeding "authorized access" under the CFAA:

as long as the employee has knowledge of the employer's limitations on that authorization, the employee 'exceeds authorized access' when the employee violates those limitations. It is as simple as that.

In Nosal, the authority was execeeded because the employer had a written computer usage policy which the employee allegedly violated. It is important that these type of policies be part of the employment agreement that the employee signs upfront, if the employer wants to leverage the agreement in a subsequent dispute.

[Table of Contents]

Electronic Communications Privacy Act (ECPA)

Under the Electronic Communications Privacy Act ("ECPA") "electronic communication" means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce, but does not include (A) any wire or oral communication; (B) any communication made through a tone-only paging device; (C) any communication from a tracking device (as defined in section 3117 of this title); or (D) electronic funds transfer information stored by a financial institution in a communications system used for the electronic storage and transfer of funds. Other key ECPA definitions can be found here. The ECPA is codified as Title 18 U.S.C. Sections 2510-2522.

Electronic communications as defined by the ECPA arguably encompasses nearly  all messaging that occurs on the Internet and therefore, with respect to an online business, its scope is quite broad. 

Title I of the ECPA, which is often referred to as the Wiretap Act, prohibits the intentional actual or attempted interception, use, disclosure, or “procure[ment] [of] any other person to intercept or endeavor to intercept any wire, oral, or electronic communication.” Title I provides exceptions for operators and service providers for uses “in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service” and for “persons authorized by law to intercept wire, oral, or electronic communications or to conduct electronic surveillance, as defined in section 101 of the Foreign Intelligence Surveillance Act (FISA) of 1978.” 18 U.S.C. § 2511.

It provides procedures for Federal, State, and other government officers to obtain judicial authorization for intercepting such communications, and regulates the use and disclosure of information obtained through authorized wiretapping. 18 U.S.C. § 2516-18. A judge may issue a warrant authorizing interception of communications for up to 30 days upon a showing of probable cause that the interception will reveal evidence that an individual is committing, has committed, or is about to commit a “particular offense” listed in § 2516. 18 U.S.C. § 2518. Title I also prohibits the use of illegally obtained communications as evidence. 18 U.S.C. § 2515.

Title II of the ECPA, which is called the Stored Communications Act (SCA), protects the privacy of the contents of files stored by service providers and of records held about the subscriber by service providers, such as subscriber name, billing records, or IP addresses. 18 U.S.C. §§ 2701-12.

Title III of the ECPA , which is called the Pen Register and Trap and Trace Statute, requires government entities to obtain a warrant before collecting real-time information, such as dialing, routing, and addressing information related to communications. Real-time collection of this information is usually done using a pen register or trap and trace device.

Employers are starting to use the ECPA and the SCA in action against former employees. However, these are murky waters. Employers should see the advice of a Technology Lawyer before proceeding.

[Table of Contents]

Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM)

The CAN-SPAM Act of 2003 was signed into law by President George W. Bush on December 16, 2003. It established the United States' first national standards for the sending of commercial e-mail and requires the FTC to enforce its provisions. The CAN-SPAM Act sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.

Despite its name, the CAN-SPAM Act doesn’t apply just to bulk email. It covers all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service,” including email that promotes content on commercial websites. The law makes no exception for business-to-business email. That means all email – for example, a message to former customers announcing a new product line – must comply with the law. Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $16,000, so non-compliance can be costly. Here's what the FTC has to say regarding compliance with the Act:

  1. Don’t use false or misleading header information. Your “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.
  2. Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message.
  3. Identify the message as an ad. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.
  4. Tell recipients where you’re located. Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail receiving agency established under Postal Service regulations.
  5. Tell recipients how to opt out of receiving future email from you. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future. Craft the notice in a way that’s easy for an ordinary person to recognize, read, and understand. Creative use of type size, color, and location can improve clarity. Give a return email address or another easy Internet-based way to allow people to communicate their choice to you. You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you. Make sure your spam filter doesn’t block these opt-out requests.
  6. Honor opt-out requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request. Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN-SPAM Act.
  7. Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.

CAN-SPAM expressly preempts all state laws that are designed to regulate unsolicited commercial email. The effect of the preemption is to eliminate many state law regimes that are inherently more restrictive than CAN-SPAM. The primary exception is that state laws are not preempted to the extent that they prohibit misleading or deceptive advertising. For example, a state’s unfair trade practices statute can still be applied to an email advertisement with false or misleading content.

WIth a few exceptions only the FTC or State Attorney Generals can bring an action under CAN-SPAM. The Act provides no private right of action against violators. The primary exception is that an Internet Service Provider has a private right of action under the new law, presumably because an ISP's business is most directly affected (i.e. its bandwidth) by spam based commercial emai. 

[Table of Contents]

Defamation

The United States Supreme Court (USSC) transformed the common law of libel via a series of cases that essentially provided a first amendment overlay to the doctrine. Under the common law of libel a plaintiff was required to show the following four elements: (1) defamatory statement; (2) identification—“of and concerning the plaintiff;” (3) a publication of the statement; and (4) damages, but only for slander.

Defamation has its roots in two common law torts: slander and libel. Slander is a harmful statement conveyed in a transitory form (e.g. an oral statement). Libel is a harmful statement conveyed in some fixed medium (e.g. a newspaper, magazine, blog, etc.). From the point of view of cyberlaw we are almost exclusively concerned with defamation that is libelous.

The leadings USSC cases are Sullivan v. NYT (Sullivan) and Gertz v. Robert Welch (Gertz). These cases imposed a fault element to the four common law elements whenever the speech was of “public concern.” They also made the status of the plaintiff a controlling factor in the analysis. Under Sullivan the plaintiff, if a “public official,” was now required to show “actual malice” under a clear and convincing evidentiary standard. Under Gertz, a “private” plaintiff was required to show some degree of fault, left up to the discretion of the states (in practice negligence).

A later USSC case, Hepps, added to the plaintiff’s burden by requiring a showing of “material falsity.” That is, post Hepps, for a matter of public concern the plaintiff was required to prove six elements in order to prevail—the four common law elements, either actual malice or negligence, and that the statement was false in a significant way. Hepps shifted the burden from a defendant's burden of proving truth as a defense, to the plaintiff's burden of proving falsity. For plaintiff's that are public officials or public figures, proving all six elements is a high hurdle indeed.

For a private plaintiff (i.e. not a public official or public figure), bringing an action regarding a statement that was not of public concern; the common law of libel remained essentially unchanged. How is defamation law different online? In general, there is not all that much different about the defamation legal regime online, with a few exceptions. As noted above the CDA provides an "interactive computer service" (e.g. a website) with a "safe harbor" from defamation liability for statements made by third parties. That is one of the reasons that Rippoff Report has been universally successful in defending plaintiff defamation claims made against it because of statements made by users of its service.

Although there are no shortage of defamation suits brought because of online activity, the fact of the matter is that the elements of defamation are often difficult to prove. One central reason is that opinions do not count as defmatory statements. The EFF has a good overview of online defamation. Here's what it says about opinions versus assertions of fact:

Courts look at whether a reasonable reader or listener could understand the statement as asserting a statement of verifiable fact. (A verifiable fact is one capable of being proven true or false.) This is determined in light of the context of the statement. A few courts have said that statements made in the context of an Internet bulletin board or chat room are highly likely to be opinions or hyperbole, but they do look at the remark in context to see if it's likely to be seen as a true, even if controversial, opinion ("I really hate George Lucas' new movie") rather than an assertion of fact dressed up as an opinion ("It's my opinion that Trinity is the hacker who broke into the IRS database").

However, as discussed in the online liability section of this tutorial, online entrepreneurs must keep in mind that being right under the law does not mean that you will not be sued. Clearly, Rippoff Report has spent plenty on legal fees defending its online business model. Most online startups do not have this luxury and need to be especially careful with respect to legal liability mitigation strategies. Even an unwarranted suit can cause significant economic hardship for a startup.

[Table of Contents]

Privacy

There is probably no “hotter” cyberlaw issue today than privacy. Consumers often ask, “What are all those e-commerce sites doing with our data?” Businesses need to be aware of the various statutes and regulations that govern the collection and dissemination of personal data. A well drafted website privacy policy (and enforcement of same) is imperative for all online businesses. It should go without saying that whatever information is collected must also be protected. Negligence with respect to how private information is secured may lead to legal liability, not to mention the loss of business and embarrassment in the marketplace.

Depending on the nature of your online business one of the following statutes might apply: 1) the Heath Insurance Portability and Accountability Act (HIPAA)—protecting medical data, 2) the Gramm-Leach-Bliley Act— protecting financial data, and 3) the Childrens Online Privacy Protection Act (COPPA)—protecting collection of data for children under the age of thirteen. Furthermore, if you are doing business internationally the European Union Directive on Privacy may also be applicable. The EU is interested in promulgating an international standard that would be presumably enforceable in the U.S. and elsewhere.

Under the authority of Section 5 of the FTC Act, which prohibits unfair and deceptive practices, the FTC has brought a number of cases to enforce promises made in website privacy policies, including those promises made regarding the securing of consumer personal data. The FTC is also quite active in research and reporting on privacy issues. Due to recent high profile breaches and growing consumer concern over privacy, expect to see more legislation and/or regulations in this area in the near term.

The bottom line here is that organizations cannot afford to be cavalier about the protection of consumers’ personal information. Having no policy or compliance program is probably the quickest route to liability. At a minimum an organization that collects and uses personal information, must do so consistent with their online privacy policy, and be able to show a credible, good faith effort at compliance. This alone may not be enough to avoid liability, but it could prove quite helpful in mitigating it.

[Table of Contents]

Summary

The list of applicable online laws provided in this section is obviously not exhuastive, but merely representative. Often, depending on an online startup's business model, other laws will apply. For example, industry specific laws apply to healthcare, to the financial services industry, and to the adult entertainment industry. Even within industry niches, online business models vary widely. This is especially true with respect to the online contracts that may be required. Startups that want to mitigate online liability should seek counsel from an Internet Lawyer with in depty knowledge on the online context.

[Table of Contents]

An online business, like any other business, must keep accurate records of its business transactions and pay income taxes (State, Federal or both depending on the state and the type of entity). There are lots of good tutorials and/or overviews of basic accounting concepts on the Internet (see here and here). Therefore, the objective of this section of the tutorial is not to cover this material, but rather to highlight some information that may not be readily found elsewhere, especially with respect to online startup business issues. In short, we want to present the high level legal issues surrounding accounting, taxes, and other record keeping requirements.

Presumably before you have started worrying about accounting and taxes you will have selected a business entity (e.g. sole proprietorship, LLC, S-Corp., C-Corp., etc.). Accurate records must be kept regardless of the business entity selected but LLCs and Corporations will generally require more rigorous accounting. One of the primary reasons for this is that LLCs and Corporations provide a business owner (member or shareholder) with limited liability, but that limited liability is only "guaranteed" if accurate records are kept and said records (and corresponding funds) are not intermingled with personal records and funds.

Essentially, if the rules of the road are followed with these entity types then an owner only stands to lose, at most, what they have invested in the business. The concept of limited liability ensures that an owner's personal assets are protected. If the rules of the road are not followed then a potential litigant may be able to "pierce the corporate veil" and thereby attach a judgment to the owner's personal assets. Obviously, online business owners, like their brick and mortar counterparts, do not want this kind of exposure. Although keeping accurate records is usually the bane of an entrepreneur's existence, it is more than just a necessary evil, ultimately it is the only way that the viability of the business can be assessed as well as providing the aforementioned benefits.

What other kinds of records does an online business need to track and maintain? The layman's answer to this question is lots, but let's start with the obvious. Most online businesses require a privacy policy and a terms of use. These are essentially online contracts. OK, but why do they have to be tracked? The documents will change over time as an online business model evolves. Most online businesses, especially those with a social networking component and those that sell goods, require a user to register on the website. Registration almost always requires that a user click "I Agree" to the privacy policy and terms of use; so far so good.

However, as these documents change over time, how does the online business owner know which version of the documents were agreed to? From an evidentiary perspective, a court of law will not likely accept the validity of a contract when the version and date of acceptance cannot be proved with certainty. The best practice is to save the text of these agreements whenever a user clicks "I Agree." Furthermore, a user should be forced to accept modifications to these documents anytime they change.

Often a privacy policy and terms of use are one of many online contracts that an online business may automate. For example, affiliate agreements and advertising agreements may be automated in a similar fashion. Certainly, automation of contract acceptance is not a legal requirement so why do it? The answer to this question is obvious to online entrepreneurs. Automation reduces the administrative burden of contract acceptance and allows the business to scale. Without the ability to automate the required business formalities an online business is likely to be still born. However, with automation comes the burden of tracking these formalities in manner not usually required in the bricks and mortar world. 

In addition to online contracts that an online business requires for its own purposes, it is likely to enter into any number of online contracts for online services that it procures in order to conduct business. For example, any online service such as PayPal, AdWords, AdSense, and Quickbooks Online will require a business owner to enter into a contract. Business owners are well advised to keep copies of these agreements for future reference and not simply rely on the service provider's record keeping.

If you are launching an online business you will certainly be engaged in online marketing activities. Even most brick and mortar businesses now market online. This section of the tutorial covers basic online marketing rules of the road from a legal perspective. It also points you to some tools and resources that you will want to become familiar with. A fair warning is required to the uninitiated: there is lots of online marketing snake oil being sold on the Internet and therefore buyer beware.

Anyone person or entity promising quick results and/or get rich quick solutions should raise the required red flags. The tools and techniques available are powerful (e.g. SEO, Affiliate Marketing, PPC, etc.) and cannot be ignored, you simply need to tread carefully and invest in, what amounts to a significant amount of time, in becoming literate. This is really no different than acquiring marketing acumen in general, but on the web the choices are often overwhelming and confusing. 

Intellectual Property Basics

There is simply no alternative for an online entrepreneur other than to acquire a basic understanding of the intellectual property ("IP") issues that govern the Internet. You can get most of what you need by having a basic understanding of copyright and trademark doctrines. You clearly don't need the level of knowledge of an IP attorney. What is required from a basic business perspective is knowledge of what to do and what not to do, and the ability to recognize when legal help is necessary or prudent.

There are a number of online copyright myths that you should clearly understand. In short, because something is freely available does not make it free for you to use. Copyright generally attaches (with a few exceptions) to ideas that are captured in a fixed tangible medium. This includes almost everything on the Internet such as text, graphics, photos, videos, email, etc. Even in cases where the fair use doctrine legitimately applies, it pays to be cautious.

What is widely misunderstood about the fair use doctrine is that it is an affirmative defense, which from a practical perspective means that by the time you get to invoke the defense you have already been sued. With rare exceptions, unless you have deep pockets and are interested in "making law," you can't afford to defend a copyright suit. The simple harsh economic reality is that those that have the gold continue to make the rules, the rest just get to live by them. This is clearly an area where you need to look before you leap and seek the counsel of an Internet Lawyer if you have doubts regarding how to proceed.

OK, but what does this have to do with online marketing? The now famous quote by Marshall McLuhan that the "medium is the message" applies here in a slightly modified context. For our purposes the "medium is the marketing." We leverage the medium represented by the global communications infrastructure of the Internet to get our marketing messages out to the world. It is tempting to "borrow" what others are doing effectively by simply copying their work.

Instead of "borrowing" which is illegal and otherwise not all that astute from a business perspective, online entrepreneurs need to use the inexpensive enabling technologies available to them to create. This strategy not only prevents you from being sued into oblivion but also has the upside business potential of creating a meaningful and lasting brand. We now live in an intellectual capital driven economy and all entrepreneurs, but especially online entrepreneurs, need to have a basic understanding of IP simply to be effective business owners and marketers.

Online Contracts Basics

Although it is certainly not obvious that contracts are ubiquitous in cyberspace, a close inspection tells a different story. As a general rule, whenever you download software from the Internet there is contract/license agreement in play. Whenever you sign-up with a social networking site or a blogging platform, a contract is in play. When users register on your site, a contract is in play (i.e. your terms of use).

If you sign an agreement with a consulting company to develop your website, a contract is in play (or should be). If you sign an affiliate marketing agreement, a contract is in play. Contracts are as foundational to an online business as they are to businesses in general, even more so. An online entrepreneur launching a startup is likely to encounter more contracts than their brick and mortar counterparts. For example, many websites are monetized through advertising. You will need contracts with your advertisers that clearly spell out such things as payment terms and the kinds of advertisements you will or won't accept.

If you choose to market your business through brand advertising on other sites, you will certainly almost always be required to sign a contract. You will need to pay special attention to all the terms and conditions, and especially to the "legalese" regarding forum selection clauses, arbitration provisions, termination clauses, etc. In short, your online marketing activities are certain to be controlled via contract doctrine. You need to become comfortable reading contracts and seek advice of counsel where appropriate. If you choose to launch an affiliate program, the contractual relationships pertinent to your online marketing initiatives will become mission critical to your business. You are going to want to ensure that your affiliates are treated as independent contractors and not as agents of your business entity.

See the online contracts section of this tutorial for more specific information regarding various agreements.

Emerging Law

There are a number of laws the have recently been promulgated, or are about to be promulgated, that will have a direct and perhaps significant impact on online marketers. A few of these prominent laws are discussed here. However, the challenge for online marketers (and for an Internet Lawyer as well) is how to track the legal trends over time. This space is quickly evolving and privacy and security issues continue to preoccupy politicians of both parties.

Why? Because the privacy and security lobby is vocal and can readily get the attention of politicians for several reasons: 1) they vote; and 2) the laws promulgated are often "feel good" laws that although they may have serious detrimental unintended consequences for online marketers, they otherwise go largely unnoticed by the mainstream media (i.e. except media focused on these issues such as the PMA), and do not cost politicians much to enact.

We prefer to deal with the legal reality on the ground in this tutorial as opposed to making policy arguments in favor or opposition of these laws. For obvious practical reasons the reality, like it or not, is what online entrepreneurs must contend with day to day.

Restore Online Shoppers' Confidence Act (ROSCA)

ROSCA was passed in the lame duck session of 2010 in order to counter overly aggressive and questionable marketing practices imposed on unsuspecting consumers, usually by third party companies working in collaboration with reputable websites. At the heart of the issue is "data pass" financial transactions. A 2009 report prepared by Senate staffers describes the issue as follows (paraphrased):

Companies gain access to online consumers by entering into financial agreements with reputable online websites and retailers. These companies sell club memberships to consumers as they are in the process of buying movie tickets, plane tickets, or other online goods and services.

The companies insert their sales offers into the "post transaction" phase of an online purchase, after consumers have made a purchase but before they completed the sale confirmation process. These offers generally promise cash back rewards and appear to be related to the transaction the consumer is in the process of completing. Misleading "Yes" and "Continue" buttons cause consumers to reasonably think they are completing the original transaction, rather than entering into a new ongoing financial relationship with a membership club operated by these third party companies.

Consumer billing information is "passed through" to these third party companies without requiring consumers to re-enter it, thereby depriving consumers of notice that they are entering a new ongoing financial relationship with the third party company.

The full text of ROSCA is available here. Below is a summary of the prohibitions:

(a) Requirements for Certain Internet-Based Sales- It shall be unlawful for any post-transaction third party seller to charge or attempt to charge any consumer’s credit card, debit card, bank account, or other financial account for any good or service sold in a transaction effected on the Internet, unless--

If you are launching an online business you will certainly be engaged in online marketing activities. Even most brick and mortar businesses now market online. This section of the tutorial covers basic online marketing rules of the road from a legal perspective. It also points you to some tools and resources that you will want to become familiar with. A fair warning is required to the uninitiated: there is lots of online marketing snake oil being sold on the Internet and therefore buyer beware.

Anyone person or entity promising quick results and/or get rich quick solutions should raise the required red flags. The tools and techniques available are powerful (e.g. SEO, Affiliate Marketing, PPC, etc.) and cannot be ignored, you simply need to tread carefully and invest in, what amounts to a significant amount of time, in becoming literate. This is really no different than acquiring marketing acumen in general, but on the web the choices are often overwhelming and confusing. 

Intellectual Property Basics

There is simply no alternative for an online entrepreneur other than to acquire a basic understanding of the intellectual property ("IP") issues that govern the Internet. You can get most of what you need by having a basic understanding of copyright and trademark doctrines. You clearly don't need the level of knowledge of an IP attorney. What is required from a basic business perspective is knowledge of what to do and what not to do, and the ability to recognize when legal help is necessary or prudent.

There are a number of online copyright myths that you should clearly understand. In short, because something is freely available does not make it free for you to use. Copyright generally attaches (with a few exceptions) to ideas that are captured in a fixed tangible medium. This includes almost everything on the Internet such as text, graphics, photos, videos, email, etc. Even in cases where the fair use doctrine legitimately applies, it pays to be cautious.

What is widely misunderstood about the fair use doctrine is that it is an affirmative defense, which from a practical perspective means that by the time you get to invoke the defense you have already been sued. With rare exceptions, unless you have deep pockets and are interested in "making law," you can't afford to defend a copyright suit. The simple harsh economic reality is that those that have the gold continue to make the rules, the rest just get to live by them. This is clearly an area where you need to look before you leap and seek the counsel of an Internet Lawyer if you have doubts regarding how to proceed.

OK, but what does this have to do with online marketing? The now famous quote by Marshall McLuhan that the "medium is the message" applies here in a slightly modified context. For our purposes the "medium is the marketing." We leverage the medium represented by the global communications infrastructure of the Internet to get our marketing messages out to the world. It is tempting to "borrow" what others are doing effectively by simply copying their work.

Instead of "borrowing" which is illegal and otherwise not all that astute from a business perspective, online entrepreneurs need to use the inexpensive enabling technologies available to them to create. This strategy not only prevents you from being sued into oblivion but also has the upside business potential of creating a meaningful and lasting brand. We now live in an intellectual capital driven economy and all entrepreneurs, but especially online entrepreneurs, need to have a basic understanding of IP simply to be effective business owners and marketers.

Online Contracts Basics

Although it is certainly not obvious that contracts are ubiquitous in cyberspace, a close inspection tells a different story. As a general rule, whenever you download software from the Internet there is contract/license agreement in play. Whenever you sign-up with a social networking site or a blogging platform, a contract is in play. When users register on your site, a contract is in play (i.e. your terms of use).

If you sign an agreement with a consulting company to develop your website, a contract is in play (or should be). If you sign an affiliate marketing agreement, a contract is in play. Contracts are as foundational to an online business as they are to businesses in general, even more so. An online entrepreneur launching a startup is likely to encounter more contracts than their brick and mortar counterparts. For example, many websites are monetized through advertising. You will need contracts with your advertisers that clearly spell out such things as payment terms and the kinds of advertisements you will or won't accept.

If you choose to market your business through brand advertising on other sites, you will certainly almost always be required to sign a contract. You will need to pay special attention to all the terms and conditions, and especially to the "legalese" regarding forum selection clauses, arbitration provisions, termination clauses, etc. In short, your online marketing activities are certain to be controlled via contract doctrine. You need to become comfortable reading contracts and seek advice of counsel where appropriate. If you choose to launch an affiliate program, the contractual relationships pertinent to your online marketing initiatives will become mission critical to your business. You are going to want to ensure that your affiliates are treated as independent contractors and not as agents of your business entity.

See the online contracts section of this tutorial for more specific information regarding various agreements.

Emerging Law

There are a number of laws the have recently been promulgated, or are about to be promulgated, that will have a direct and perhaps significant impact on online marketers. A few of these prominent laws are discussed here. However, the challenge for online marketers (and for an Internet Lawyer as well) is how to track the legal trends over time. This space is quickly evolving and privacy and security issues continue to preoccupy politicians of both parties.

Why? Because the privacy and security lobby is vocal and can readily get the attention of politicians for several reasons: 1) they vote; and 2) the laws promulgated are often "feel good" laws that although they may have serious detrimental unintended consequences for online marketers, they otherwise go largely unnoticed by the mainstream media (i.e. except media focused on these issues such as the PMA), and do not cost politicians much to enact.

We prefer to deal with the legal reality on the ground in this tutorial as opposed to making policy arguments in favor or opposition of these laws. For obvious practical reasons the reality, like it or not, is what online entrepreneurs must contend with day to day.

Restore Online Shoppers' Confidence Act (ROSCA)

ROSCA was passed in the lame duck session of 2010 in order to counter overly aggressive and questionable marketing practices imposed on unsuspecting consumers, usually by third party companies working in collaboration with reputable websites. At the heart of the issue is "data pass" financial transactions. A 2009 report prepared by Senate staffers describes the issue as follows (paraphrased):

Companies gain access to online consumers by entering into financial agreements with reputable online websites and retailers. These companies sell club memberships to consumers as they are in the process of buying movie tickets, plane tickets, or other online goods and services.

The companies insert their sales offers into the "post transaction" phase of an online purchase, after consumers have made a purchase but before they completed the sale confirmation process. These offers generally promise cash back rewards and appear to be related to the transaction the consumer is in the process of completing. Misleading "Yes" and "Continue" buttons cause consumers to reasonably think they are completing the original transaction, rather than entering into a new ongoing financial relationship with a membership club operated by these third party companies.

Consumer billing information is "passed through" to these third party companies without requiring consumers to re-enter it, thereby depriving consumers of notice that they are entering a new ongoing financial relationship with the third party company.

The full text of ROSCA is available here. Below is a summary of the prohibitions:

(a) Requirements for Certain Internet-Based Sales- It shall be unlawful for any post-transaction third party seller to charge or attempt to charge any consumer’s credit card, debit card, bank account, or other financial account for any good or service sold in a transaction effected on the Internet, unless--

This section of the tutorial will review a subset of contracts that an online startup may require in order to launch. This is not an exhaustive list but rather representative of contracts that are often required.

Terms of Use & Privacy Policy

There are a number of legal issues and potential liability that a properly drafted terms of use and privacy policy may protect an online entrepreneur against. Court's have long recognized clickwrap contracts (agreements, licenses, etc.) if the user is provided ample opportunity to read and accept the agreement. Acceptance is foundational to contract doctrine. This is a concept that should make perfect sense even to a lay person. A contract that is not properly accepted is not valid and will not be enforced by a court of law. On the Internet it is now quite common (almost universal) to require acceptance by forcing users to click "I Agree" before proceeding (e.g. when registering on a social networking site).

Although the "I Agree" acceptance mechanism is almost universally used, what may not be as obvious is the required processes that need to underpin electronic acceptance. In short, it is now a recognized best practice to save the text of the terms of use and privacy policy (and of any other electronically accepted contracts), as well as the version of these documents, along with the other information that is captured during registration (i.e. saved in a database along with other information). Why? Because this provides the website owner with strong evidence of acceptance should a legal dispute arise down the road.

It turns out that process issues are important in any number of instances where an online contract is in play. For example, a privacy policy that contains flowery language regarding steps the website owner takes to protect user data without the necessary processes in place to actually provide the protection, is essentially a worthless document. The same holds true for DMCA Safe Harbor contractual language often found in a terms of use document. If you want to take advantage of the Safe Harbor then you need to have the appropriate processes in place, without the processes your Safe Harbor is likely to be in jeopardy.

In short, the Internet Lawyer you select to help guide your online startup should be prepared not only to draft electronic contracts in a manner that provides maximum protection, they must be prepared to discuss the underlying processes required to substantively underpin the contracts.

Advertising Contract

Many online startups will leverage advertising as a critical component of their monetization strategy. It is important to have the appropriate agreements in place with advertisers. An agreement with an advertiser will contain a number of required clauses, depending on the specifics of the arrangement between the parties, including definitions of widely used industry terms such as "CPM," "CPI," and "CPA" (i.e. so as to eliminate ambiguity); implementation and operations of advertisements including effective dates; right to refuse certain kinds of advertisements (if applicable); payments and refunds; renewal clauses; truth in advertising; etc.

Furthermore, the contract between a website owner and an advertiser should contain the necessary disclaimers including the fact that the website owner does not (and cannot) guarantee results based on advertisements. In addition, sensitive business information may be shared with the advertiser (e.g. traffic metrics and advertising rates) which the website owner wants to maintain as confidential. Therefore, the requisite confidentiality clauses must be expressly provided for and the necessary process steps taken.

Finally, as with all electronic contracts, the appropriate governing law, forum selection, and arbitration clauses must be incorporated. Although these clauses are often "negotiated" with advertisers, the website owner may be in a position to dictate these terms depending on the strength of the website's traffic.

Affiliate Contract

First of all we need to answer the question: "what is affiliate marketing?" As the previous link suggests, affiliate marketing is a subset of online marketing wherein a website drives traffic to another website in exchange for some form of compensation. Many of the Top 500 online retailers have implemented successful affiliate programs and there are few barriers to entry for online entrepreneurs that want to do the same. That said, you will want to pay attention to emerging legal issues that threaten to dampen the enthusiasm that has fueled affiliate marketing.

If you decide to launch an affiliate program you will likely want to have an electronic contract in place that makes it easy for prospective affiliates to join your program. This strategy allows your affiliate program to scale and reduces the administrative burden of contract management. So what are the terms and conditions that your affiliate contract should contain? The specific answer to this question will depend largely on the type of business you are in, but in general your affiliate contract will want to specify:

1) how links to your site are managed;

2) who owns the responsibility for maintaining the affiliate site;

3) restrictions that you want to place on affiliate conduct;

4) how commissions and tracking will be managed;

5) the term of the agreement and how it may be terminated by either party; and

6) the use of affiliate marks and logos.

The list of terms and conditions enumerated above are obviously not exhaustive. They simply reflect the kinds of issues you will want to think through, most likely with the advice of counsel.

Professional Services Contract

There are any number of professional services contracts that many online startups may engage in, but one in particular is almost universal in nature. Which one? The "website design and development" contract that you engage in with the third party that builds your website.

Obviously this assumes that you are not a technology startup, in which case you are likely building your own website. However, it does assume that your website is mission critical to your business and that it provides content that is unique and/or novel in order to attract potential customers. In short, your website is likely to be much more than a "business card website" and will require significant investment of capital (i.e. relative to your overall startup budget). 

What are the legal issues to look out for? They are numerous and will partly depend on the type of website being built (i.e. the complexity of the code and content that underpins it). Here are some legal issues that almost always apply:

1) Determining ownership of the intellectual property ("IP") of your website. Unless specifically provided for in a contract prior to the commencement of design and development, you may be surprised to learn that you do not own the website that you paid for, but rather have only acquired a license to use it. First of all, what does it mean to own your website? Ownership in this context primarily means ownership of the copyright, trademark, domain name, and other IP rights attached to the work you have paid for. The legal issues surrounding ownership are quite complex and encompass copyright's work-for-hire doctrine as well the requirements that surround the assignment and transfer of copyright ownership as well as other analogous IP transfers. In short, a contract is always required so that the rights of the parties regarding ownership are clearly expressed.

2) Determining the scope of work and how to handle modifications thereto. Because the design and development of a website is a creative effort, it is next to impossible to specify all the requirements upfront. Therefore, a critical challenge that must be dealt with in the contract is how the inevitable modifications to the scope will be managed. Often, an iterative approach is used wherein the project is broken down into phases so that later phases can incorporate what was learned early in the lifecycle of the project. A failure to deal rationally with what is often referred to as "scope creep" will frustrate both parties and could result in a dysfunctional and/or disastrous outcome; both of which are obviously something to avoid.

3) Specifying the compensation schedule including reasonable late payment penalties where applicable. Given the rise of India and Brazil as economic powers in the information technology space, it is likely that many online startups will be working with international consulting companies. In this case, the payment currency should also be expressly provided for in the contract or statement of work. Working with international companies also raises issues regarding applicable law, jurisdiction and venue. All of these issues should be addressed in the contract in order to provide a semblance of certainty should a dispute subsequently arise.

4) Specifying suitable indemnification clauses often running in both directions. The online entrepreneur clearly wants indemnification against the consulting company violating the intellectual properties rights of third parties during the development of the website. Similarly, the consulting company may want indemnification regarding any intellectual property provided by the entrepreneur (e.g. photos, graphics, videos etc) for incorporation into the site.

5) Specifying reasonable non-compete, conflict of interest and confidentiality clauses. From an online entrepreneur's perspective, you certainly are not interested in paying to educate the consulting company on your specific Internet niche business in order for them to subsequently leverage this knowledge with a potential competitor. You need contractual assurances that the company you are hiring to build your website will not engage in this kind of behavior and that they will otherwise maintain all of the information you provide them as confidential. However, the consulting company will not be keen on limiting who they can do business with, for obvious reasons. Achieving the "right" degree of protection will have to be negotiated.

The issues described above are not exhaustive, but rather illustrative of the kinds of issues you can expect in a website design and development contract. Unless you are experienced in these matters then it is recommended that you seek advice of counsel before proceeding.

It is quite possible that an online startup, depending on the business model, could engage in any number of professional services contracts. It is important that the Internet Lawyer you select as counsel have a fundamental understanding of the intersection of legal, business and technology issues that are presented. 

Intellectual Property Licenses

An owner of intellectual property ("IP") is entitled to exploit its IP rights for profit or other consideration. The owner ("licensor") may contract with third parties ("licensees") allowing these parties to use the IP as constrained by the terms and conditions of the agreement. Both the licensor and the licensees get something of value that they would not have gotten but for the license. Having the proper license also means that you have the legal permission to use the owner's IP.

For example, you cannot simply "borrow" photographs available on the Internet for use on your website. Photographs are copyrightable subject matter and the wrongful use of a photograph is infringement of the owner's copyright. However, if you need stock photos for your website there are a number of sites, including iStockphoto, where you can license the rights to use photos for far less than it would cost you to produce them yourself or for you to hire someone else to produce.

You obviously must either own or license all the IP that is used or your website or risk being sued for infringement. Furthermore, for certain types of websites wherein user generated content ("UGC") is allowed and encouraged (e.g. Facebook), your terms of use must grant you the necessary license to use UGC on your site in manner that inures to your benefit and/or, at a minimum, prevents you from being sued for infringement. A license is nothing more than a specialized kind of contract. Online startups will generally enter into many license agreements as part of their launch initiatives.

Non-Disclosure Agreement (NDA)

A non-disclosure agreement ("NDA") is a contract between two parties wherein one or both parties want to share information (on the one hand) but otherwise want to maintain said information in a manner that restricts it from being made available to the public. An NDA outlines the material, knowledge, or information that the parties want to share with one another confidentially. An NDA creates a contractual relationship between the parties to protect the information defined in the agreement and/or trade secrets. 

Online entrepreneurs are well advised to make liberal use of NDAs, especially when working on early stages of the venture. Ideas, standing alone, cannot be protected under intellectual property doctrine and, therefore, one of the best ways to protect a great idea (i.e. one that you need to share) is with an NDA. An NDA is a standard business device used to protect ideas and other confidential information. You should not hesitate to leverage one.

Employment Agreement

There are a number of key terms and conditions that are almost always present in most employment agreements, including the following:

1) Job Duties & Responsibilities

2) Duration & Termination

3) Compensation & Benefits

4) Confidentiality & Non-Compete

5) Ownership of Intellectual Property

6) Dispute Settlement

Online startups will definitely want to have employment contracts with key employees. As discussed throughout this tutorial, there are any number of niche markets in the long tail that could prove to be quite profitable. Succeeding in the long tail will require a combination of technical and domain knowledge applied in ways intended to disrupt the status quo.

Given that online startups are generally monetized through intellectual property in some way, shape or form, it is important to have employment contracts with almost all early employees in a startup. Why? Because nearly all of them are likely to be key employees in the sense that they are likely to contribute significantly to how the niche is monetized, as the business model develops. In short, they are the ones that going to have knowledge of the secret sauce.

It is important that employment agreements be signed at or near the time that employment commences or is renewed, otherwise the agreement may not contain the necessary quiid-pro-quo (the necessary "consideration" in legal terms) to be enforceable.

This tutorial has covered a signficant amount of territory; probably sufficient enough to overwhelm most online entrepreneurs. We understand that your legal challenges are often not first and foremost on your mind. That's as it should be. First you need to think about a product or service that you can monetize, the budget you have to work with, and time-to-market considerations.

With respect to the legal substance presented in this tutorial, the basic take away is the question of literacy. Once you commit, and have worked through the business issues, there are some legal basics that you need to understand before launching your online initiative. Hopefully the material presented here is in a format that lends itself to return visits. It will be easier to eat the legal literacy elephant "bytes" at a time.

The areas to focus on, at the appropriate time, are as follows: 1) business entity formation; 2) understanding of basic intellectual property doctrine related to copyright and trademark law; and 3) understanding the kinds of contracts that your online startup will require. It may be counterintuitive but the third topic to focus on (online contracts) may be the least understood and the most daunting, given the importance (and number) of the online contracts Internet businesses enter into.

Other questions that you may be wondering about are at what point in time should you seek advice of counsel and what sort of legal counsel do you need? Let's take the question of timing first. As a rule of thumb you should seek advice of counsel prior to spending a significant amount of money on your venture. Here are some possible trigger points: 1) you are about to enter into a professional services contract with a website developer; 2) you are seeking outside investors and are already contemplating a complex organizational structure with several partners; 3) you are contemplating a site with a social networking component and therefore one that has significant exposure to third party liability; and 4) you are in particularly high risk online verticle such as adult entertainment or healthcare.

What kind of counsel do you need? The answer to this question is that you clearly need an Internal Lawyer that is familiar with the cyberlaw issues discussed in this tutorial, but the answer is also more subtle than that. You need an attorney that understands online business models and the legal context that governs these models. The online context makes all the difference in the world. We have covered various online business model legal implications throughout this tutorial, from entity formation through marketing and record keeping. We encourage you to explore all of our tutorials so as to get grounded regarding the legal issues implicated in doing business online.


Internet Copyright Lawyers. We know the law & we know the web.

Contact us today

CLICK HERE!