12 eCommerce Legal Issues to Consider in Operating an Online Business

The following article provides a high-level summary of some key eCommerce law issues online business operators face in running a website or other eCommerce business. Conducting business online or maintaining a website may subject companies and individuals to unforeseen legal liabilities. The following is a brief survey of 12 key eCommerce law issues to consider:

1. Internet Business & eCommerce

A good starting point is analyzing a company’s online presence and auditing their procedures to determine how to grow their brand and online influence. As part of this, the company’s agreements and websites should comply with the myriad of laws and regulations affecting websites and online businesses, such as COPPA.

2. Domain Name Acquisition

Domains are often the key to an online business, but can present a number of problems. Domain name issues include securing a domain name initially, as well as protecting domain names from adverse parties that attempt to trade off the goodwill associated with the company’s brand. Sometimes, the company needs defense, retrieval, and protection of domain names on the Internet.

3. Digital Millennium Copyright Act (“DMCA”) Compliance

Companies operating websites, particularly where third-party content may be uploaded directly, should consider adopting agreements and procedures to shield themselves against claims of liability and copyright infringement. This procedure is sometimes referred to as a “copyright policy” or “DMCA takedown” procedure. Compliance with the DMCA can provide the online operator with a safe harbor from liability.

4. Online Privacy

Online privacy continues to become a bigger issue. With the spread of mobile devices, tablets, and apps, privacy issues are becoming more complex. Companies should consider composing or updating their privacy policies as well as adopting internal security protocols aimed at protecting the online privacy of customers and website users.

5. Social Media Law

While a powerful vehicle to build brand strength and interact with customers, social media can create a number of legal issues for online businesses. A social media policy provided to employees as well as guidelines can be effective steps to reduce risk. A few key areas to consider are employment related use of social media, confidentiality, sponsorship, and branding guidelines.

6. Privacy Policies

Privacy policies should not be copied from online templates or rival companies. They should be drafted comprehensively to address unique issues of a specific online business and to accommodate future growth. Whether a company looks to collect analytics or more personalized information, the company should focus on its specific business needs and risk factors. Privacy policies should be updated as a business evolves.

7. Terms of Use Agreements

Terms of Use (TOU) agreements can limit liability for companies that maintain an Internet presence. These agreements should be optimized to address a company’s specific business and should not be simply cut and pasted from the Internet. What works for one company may not work for another company.

8. eCommerce Agreements

eCommerce agreements come in many forms such as licensing, advertising agreements, and payment processor agreements. eCommerce agreements should be drafted to address the primary legal risks involved in a particular eCommerce contract or business transaction.

9. Online Sweepstakes & Games

Online sweepstakes, contests, and games create a number of legal pitfalls. Depending on the sweepstake, contest, or game, compliance with the laws of all 50 states as well as the federal government may be required. Registration in specific states may also be required. Online businesses may benefit from guidance as to whether a particular new initiative is considered a sweepstake, contest, or game.

10. Domain Theft

Recovering hijacked domains can often be difficult and time-consuming. Typically, avoiding domain theft in the first place is much easier than attempting to recover a stolen domain. While difficult, it is possible to recover a hijacked domain.

11. Website Agreements

Website agreements can be customized to limit legal liability and reduce risks of disputes by analyzing an online business’s intellectual property portfolio, business processes, and brand objectives. Website agreements can be used for mobile applications in addition to websites.

12. Impersonation and Username Squatting

Impersonation and username squatting can occur when a third party registers a social media account using someone else’s identity. This can result in harmful posts and information being published in social media. Username squatting can also prevent a trademark or brand owner from controlling their trademark. Typically, registering usernames in advance is the best strategy to avoid impersonation or username squatting.

While the above identifies a number of eCommerce and internet law issues affecting website and online business operators, an in-depth analysis may be required. For more information, you may want to contact an eCommerce attorney.

Disclaimer – As with any discussion of legal topics, this article is intended to be educational only, and is not a substitute for legal advice, nor does it provide legal advice or form an attorney-client relationship with the reader. Please seek legal counsel before making any decisions. Also, please note that this article will likely not be updated, so the law and circumstances may have changed by the time you have read this article.

Is It Legal To Mask The Domain Name Owner’s Identity In The WHOIS Information?

Domain Name Ownership Privacy has been a hot topic recently. Many domain name owners user third party "Privacy Protection" or "Proxy Registration" services to mask their true identity. Domain Name Privacy is like having an unlisted phone number, which is not available in any telephone directory or online database. This means that by doing a WHOIS Search, your domain name registrant information shows up with masked or pseudo information belonging to a mail or email forwarding service. This article deals with the legality of masking your domain name ownership identity.

Does The Privacy Service Become The Owner?

The owner of a domain name can be identified by the WHOIS records of the domain. The Registrant information is to clearly indicate the Name, Address, Email Address and Contact Number of the owner of the domain name. But when a privacy service is turned on, you don’t get to see these. Hence, an important question that arises is whether the person named as the Registrant is the defacto owner.

In a famous cyber-squatting case of SolidHost v. NameCheap, the latter was a Privacy Protection provider, who had their contact details mentioned as the owner of the domain name. Solid Host insisted that they reveal the true identity of the domain owner, which they refused. Solid Host sued NameCheap in California. In an interim motion, the court held that NameCheap, by listing itself as the owner of a domain name in dispute was contributing to cyber-squatting although the real owner maybe a different person, for whom NameCheap was only holding the domain name in trust. This judgement was received with a bit of criticism and a lot of two pence from most people.

In another case, where the Registrar of the Domain Name went Bankrupt and was still listed as the domain Registrant, the court ordered the litigating partners of the business to reveal the domain ownership information and handover the details to ICANN, which would then facilitate the transfer and move the domains over to a new Registrar.

What Are Legitimate Uses For Domain Name Privacy Protection?

Domain Name Privacy is important in many cases, especially for legitimate business purposes where company’s want to obscurely purchase domain names to secure them for future product launches or for internal business purposes. Non Government agencies, like news broadcasters, investigative journalists, whistle blowers and even researchers may want to stay anonymous while booking domain names and may want to mask their identity for their own safety.

So Is It Legal?

The ICANN website states that: "Privacy and proxy services are outside the scope of the 2001 RAA and 2009 RAA. To determine who is involved in a domain name behind a proxy or privacy service, please refer to the service provider’s terms of service. If you have a complaint involving a law or regulation, you may want to refer the matter to the appropriate law enforcement agency within your jurisdiction or seek legal counsel."

It goes on to state that: " The 2013 RAA requires that privacy and proxy service providers: Disclose service terms (including pricing), on its website and/or registrar’s website and abide by such terms; Publish an abuse/infringement point of contact; Disclose the business contact information on its website and/or registrar’s website; and Publish and abide by terms of service and description of procedures on its website and/or registrar’s website, such as handling of abuse or trademark infringement reports, communication handling, conditions of ending service, Whois data publication conditions, and access to support services."

The clincher is when ICANN mentions that "Please note that displaying privacy or proxy protected Whois data is not itself inaccurate. Please only submit a complaint if you are unable to contact the domain name holder because of inaccurate privacy or proxy service Whois data." This means that only if you are not able to trace the true identity of the owner after due diligence checking, only then can you complain to ICANN and they will attempt to trace the true owner.