November 26, 2020

Volume X, Number 331


November 25, 2020

Subscribe to Latest Legal News and Analysis

November 24, 2020

Subscribe to Latest Legal News and Analysis

November 23, 2020

Subscribe to Latest Legal News and Analysis

7 Key Elements of Effective Terms of Use: Privacy Policies

Before our recent two-month hiatus, we were discussing that most effective Terms of Use (or Terms of Service (TOS)) include seven key concepts:  (1) permitted use – that is, the specific uses to which the website may be put and any restrictions on use imposed by the website operator; (2) the treatment of user-created content; (3) a disclaimer of warranties; (4) the limitation, in whole or in part, of the website operator’s liability; (5) a privacy policy; (6) governing law and choice of forum; and (7) how the Terms of Use may be modified.

Before our break, we touched on the first four elements, which leads us to:

5.    Privacy Policies.  A privacy policy is a statement that discloses the ways in which a website operator gathers, uses, discloses, and maintains a user’s data.  Such statements are legally required where the website is directed to children under the age of thirteen, knowingly collects personal information from children under the age of thirteen,[i] or interacts with users living in one of the states that has passed a law requiring website operators to publish privacy policies.

The privacy policy should be a separate document, drafted and published so as to comply with the requirements of the most restrictive privacy laws which might apply to the relationship.  Often, the most restrivice domestic privacy law is the California Online Privacy Protection Act of 2003 (OPPA).  Under OPPA, “privacy policies must contain certain information, including the following:  personally identifying information collected, the categories of parties with whom this personally identifying information may be shared, and the process for notifying users of material changes to the applicable privacy policy.”[ii]

Website operators with users in countries other than the United States must also ensure that their privacy policies comply with the law of those foreign countries from which their users visit the website. Often, at a minimum, such compliance requires the website to comply with the EU Data Proection Directive, adopted by the European Union on October 24, 1995, or the "Safe Harbor" framework negotiated by the United States Government.

[i] See Jonathan D. Frieden, Charity M. Price & Leigh M. Murray, Putting the Genie Back in the Bottle:  Levering Private Enforcement to Improve Internet Privacy, 37 Wm. Mitchell L. Rev. 1671, 1683-84 (2011) [hereinafter “Internet Privacy”] (available at

[ii] Internet Privacy, at 1690-91.

© 2020 Odin, Feldman & Pittleman, P.C.National Law Review, Volume IV, Number 267



About this Author

Jonathan D. Frieden, Odin Feldman Law Firm, E-commerce Attorney

A degree in systems engineering and a background in computer coding have helped inform Jon Frieden’s approach to successfully handling a broad range of matters for his technology clients. As a self-described “early adopter,” Jon was one of the first attorneys in Northern Virginia to focus on Internet law and e-commerce.

With a practice centered on complex Internet- and technology-related commercial disputes and transactions, Jon brings a two-pronged approach to helping clients achieve success. Jon’s litigation experience helps structure deals for his clients that avoid potential...