Latest

Tech Law Blog

A Checklist of Website Legal Requirements, Part 3

10 July 2014

Mason Hayes & Curran Technology Law Blog

A Checklist of Website Legal Requirements, Part 3

In this three-part series of posts, we bring you a checklist of questions to help you tackle the challenge of website legal compliance. Part 1 and Part 2 of this series are also available.

Do you have a privacy statement?

In order to comply with the Data Protection Acts, your website must contain a privacy statement if you:

  • collect personal data (for instance, where visitors fill in web forms, feedback forms, submit orders etc.);
  • use cookies or web beacons; or
  • otherwise collect personal data (for example, IP addresses, e-mail addresses).

A privacy statement should be placed in an obvious position and may not be just accessible from within another document on a website, such as terms and conditions of use or a disclaimer notice. 

The privacy statement should set out how your business applies the data protection principles to data processed on your website and should be specific to your website.  Statements to the effect that personal data will be processed in compliance with the Data Protection Acts are not sufficient on their own.  They need to be accompanied by an explanation of how, in practical terms, the website complies with its obligations.

Does your website use cookies?

The 2011 ePrivacy Regulations set down specific rules in relation to the use of cookies. In particular, they provide that a user must give his/her consent before the use of cookies. This is a major change from the opt-out system that operated before the implementation of these rules. The Regulations also require certain information in relation to any cookies used to be prominently displayed and easily accessible.