#82 – Internet Law 101 with Richard Chapo

What you will learn

  • Why you can’t trust templated privacy policies and terms of service.
  • How to enforce your terms of service.
  • What types of insurance will protect your business from a legal standpoint.
  • What disclaimers you require if you are earning affiliate income.
  • How to avoid breaching email and SPAM regulations.
  • Why you should never steal photos.

In this week’s podcast, Mark is joined by internet lawyer, Richard Chapo from socalinternetlawyer.com.

Richard has been practising law since 1992 and is currently located back in San Diego after having traveled and lived in much of the world (including a spell in Siberia).

In this episode, Mark and Richard discuss legal issues that can face owners of established websites that make money in the USA.

Point to Note

Don’t panic when you listen to this podcast. There are some things in here that sound scary but really they are just items that you need to add to your to do list.

Some of these things will take time and cost a bit of money but they are not a reason to panic or not launch a site in the first place.

Each issue that arises in this podcast is manageable.


What is covered in today’s podcast mostly affects US based companies but it is important to be aware that, if you are making money in the US, the US courts will claim jurisdiction for those sales.

This effectively means that you have to be compliant with US laws and regulations if you are making money in the USA.

Privacy Policy, Terms of Service & Terms and Conditions

One thing that we notice whenever a new site goes up is that it almost always has both a privacy policy page and a terms of service page.

The thing is most people don’t know what these documents are of the purpose that they serve.

To solve this, they find a Wordpress plugin or a template of these documents online and fill in the blanks.

According to Richard, this isn’t the best idea.

Terms of Service

Also known as terms of use or terms & conditions, the terms of service are a contract with the people that are using your site.

This basically outlines, in the event of a legal dispute, how any actions will be handled on the site.

Lots of people criticize them or ask why they are necessary but there are a number of reasons that you need to have terms of service on your site.

For example, if you are sell a course, you need terms to handle what will happen if someone requests a refund. If you do not honor what is in your terms, you can find yourself in legal difficulty.

Another example is copyright. If you allow people (customers, other content creators) to upload something to your site, they still own the copyright. It’s therefore important to have a statement in your terms of service that state that “you (the user) are giving me (the site owner) permission to publish this material”.

Privacy Policy

The privacy policy is mandated by most companies.

It must contain certain language and certain disclosures that will make visitors aware of how their information is collected, how it is secured, how you use it and who you share it with.

AuthorityHacker Privacy Policy

Different countries have different approaches to privacy. For example, in the USA they are pretty lax. There is an opt-out policy. This essentially allows companies to gather information on people without prior consent as long as you give them the right to opt-out.

The most important part of the privacy policy is that it has to match what you are doing. If it doesn’t, the FTC can come after you. The penalty can be up to $40,000 per violation.

The FTC enjoys these claims because they think it is good PR for them and it generates income.

This is also why it is important not to use templates. The template may say something such as “This site does not allow browsers behavioural tracking” and then you look at the site and it has Google Analytics on it – which is behavioural tracking.

Many policies also have a clause that say: “We will not sell, share or rent your personal information”.

While this is great in theory, it can prove to be a huge obstacle when it comes to selling the business. When you sell a business, you also sell the personal information as an asset of the business. Without this information, many businesses are not worth a lot at all.

The go to example was the former dating site, true.com.

After financial troubles they tried to sell their database to a competitor for around $700k but the sale was blocked by the court because their privacy policy stated that they would not sell their information.

Using Templates to Create ToS & PP

Using templates to create you terms of service and privacy policy is not the best approach to take.

The web has evolved so much over the past 20 or 30 years, we are in a position where websites have unique functionality that needs to be outlined in these documents.

On the other side, laws are also beginning to catch up to reflect these advancements.

This means that a one size fits all terms of service leaves you open to legal liabilities. You have to remember, the terms of service is a contract with your users.

If you just pick up a random terms of service from a Wordpress plugin, you are probably not going to be doing what is stated in these terms of service and you can very easily find yourself in breach of contract.

You may also have clauses in your content that are templated that read along the lines of the following:

“We have the right to change these terms of service whenever we want. If you continue using this site, you agree to these updates”.

Courts have invalidated this and will also invalidate all of your terms of service for including this one statement.

This has happened with huge companies, with Zappos being a prime example. The court declared that the “user agreement” was not valid because it was buried in a tiny link way down the page and they did not force the user to take any action, such as ticking a checkbox, to agree.

If you have reached a point where your site is now established with revenue coming in, you really want to contact a lawyer who can put together custom terms based upon what you are actually doing.

There are clauses that you can put in there that are an advantage to you against a potential lawsuit. For example, you can put in a clause that stops users banding together to form a class action lawsuit, instead they would have to sue individually which substantially reduces damages.

Updating Terms and Conditions

In the same way that Apple force you to sign up to new terms & conditions again and again, you can do the same.

The reasons Apple does this is that they add new terms that strengthens their legal standing against the consumer more and more.

If you want to update your terms and conditions, you need to notify your customers or users.

You can do this by sending out an email. You want to be in a position where you can show a court evidence that you have sent out an update notice of what is going on.

If it is a site that requires users to log in, you can force users to check a box to accept the terms & condition if they wish to continue using the site.

There is a requirement to give the user a choice. However, this doesn’t have to be a pleasant choice. The choice can be, if you do not accept these terms, you can no longer use the site.

This can also help third parties rule in your favour when disputes arise. For example, with Stripe, if you can prove that the user has agreed to your terms of service, then you can fight any issues that arise and win.

Force the User to Check a Box

Forcing the user to check a box to agree to the terms of service acts like a signature on a contract.

If you’re user has not actively agreed to your terms of service, a judge is likely to rule that your terms of service are invalid as the user has not agreed to them.

However, if you have a simple blog there is no action that you can force the user to take. In this case you’re not really protected but there is also nothing that your users can go after you and sue you for.

Giving Bad Information or Advice

If you give bad financial or health advice it can be an issue.

However, you want to cover these with disclaimers rather than in your terms.

The reason for this is that the FTC (Federal Trade Commission) has issued advice stating that you cannot put disclaimers in your terms. This is pretty much because nobody reads the terms so the disclaimer needs to be, according to the FTC, right next to the product.

However, this isn’t really practical. Most people just make sure that the disclaimers are in a visible place even though this does not technically comply with FTC guidelines.

Criticism in Product Reviews

We write a lot of reviews and we also know that a lot of our members write reviews. That’s how a lot of sites generate a lot of their income.

It turns out, criticism is allowed in product reviews, usually under free speech laws.

SEMRush Review Tutorial

Criticism is a legitimate reason to use some copyrighted material so it is more than likely that you would win any litigation that ensued. The issue arises when you do not have the money to defend these lawsuits.

That is where RIchard recommends purchasing liability insurance.

Liability insurance, just like any other insurance, is where you pay a regular fee and the insurer will pay out in the event that your claim meets the terms of the agreement. In the case of liability insurance, the insurer will pay your legal fees and any settlement that arises up to a certain limit – usually around $1m.

You can purchase liability insurance from companies such as Hudson Insurance Group, Hiscox and a number of other insurance companies.

As with all insurance, the cost depends upon your circumstances but you can get your company covered for as little as a couple of hundred dollars per month.

This is a big investment for someone starting out but, as a lawyer, Richard recommends investing in this, even before you incorporate. The thing is that legal fees can easily kill a business so it’s important to have yourself covered, even if you do not think you’ll need it.

Earnings Disclaimers

In the last week or so we have been having discussions with Amazon about the declaration on one of our sites.

Amazon Associates Disclaimer

They have a specific statement that you are required to have clearly displayed on your site.

We were interested in what “clearly displayed” means as it’s a bit of a grey area.

Why Do We Need Disclaimers?

To understand what’s happening, we have to look back at the origins of affiliate marketing. It was framed as definitely not a partnership even though it looks like a partnership, walks like a partnership and talks like a partnership.

This was important for legal reasons as it allowed the large corporations to absolve themselves of all responsibility for the practises of the affiliates

.Over the past decade or so, the courts have started to hold the partner programs liable for the deeds of the affiliate.

This is why affiliate terms are becoming more and more complex. They are trying to position their terms in a way that reduces their liability.

Amazon requires you to use the exact language of their disclaimer and display it clearly on your site.

What Does “Display Clearly” Mean?

The problem is that no-one knows what “display it clearly” actually means.

The FTC suggest that the disclaimer must appear directly next to the link but Amazon does not require this.

A lot of people put this disclaimer in the footer, some create a page especially for it. Basically, Amazon just want to cover themselves in case an affiliate is popped by the FTC and the FTC decide to come after Amazon next. Amazon want to be able to say that it was in their terms and conditions, the company just didn’t comply with them.

Amazon are trying to appear to the FTC as though they are doing all that they can. In reality, given that they must have hundreds of thousands of affiliates, there is no way that Amazon can effectively police them all.

The FTC want full disclosure next to each link, even if there are 20 affiliate links in one page. This is totally unrealistic. Try and be as open and honest as possible and you should be ok but we are not providing any guarantee that you are not breaching FTC guidelines or .Com Disclosure Requirements.

What are the FTC Looking For?

The FTC is really looking for is deceptive marketing.

For example, if a review has 50 lawn mowers and they all have 5 stars with an affiliate link, this is clearly false. However, in most case the lines are more blurred. So to combat this, the FTC came up with the idea to place disclosures next to affiliate links. This is sensible in theory but just doesn’t work in practice.

What Would Happen in Court?

You’ve all seen Suits or The Good Wife or Boston Legal. What would happen is that the blog article would be blown up on a big bit or card and displayed to the jury.

Richard would then make his speech, tell the jury to use their common sense and show the disclaimer that says there are affiliate links on this page. He would then ask them if that was enough disclosure.

As an attorney, Richard would feel confident that the jury would side with him on this one.

What Should You Do In Practise?

In the real world, you want to have your privacy policy, terms of service and affiliate disclosures in good condition so that if someone from the FTC did happen to look at it they would say that you have your act together, especially when compared to the rest of the sites out there that don’t.

When placing the disclaimer, you want to be thinking what other people perceive you are doing. You want to appear to be being honest and doing as much as is reasonable to comply with regulations.

At the end of this document from the FTC, there are examples of what the FTC want you to do but, to be honest, they are unrealistic.

Images and Copyright

Back in the days of the web being like the wild west, people would just go on Google images, copy someone’s photo and place that into their site. This can land you in some serious issues. The problem is that it violates copyright law.

Copyright law is hundreds of years old. This means that it doesn’t necessarily translate well to the internet age.

The idea behind it is that if you create some work, you hold the rights to publish and distribute that work.

If you take someone’s photo without consent, you are committing copyright infringement unless you have some kind of fair use defence.

If someone makes a copyright claim, they are entitled to damages from $200 per image, up to $150,000. You may also have to pay the other party’s attorney fees if you are found to be in violation of the law

How to Avoid Copyright Issues

There are a few ways to avoid copyright issues:

  • Create your own images – You will hold the copyright and not face any issues
  • Contact the affiliate manager – If you are promoting a product and cannot get your own images, contact the manager running the program to ask for images.
  • Stock photos – Buy stock photos from a stock site. Be careful though, there are different licenses for different products or specific conditions.
  • Creative Commons – There are also different types of licenses. Some require attributions and some don’t. You also have to be careful here because if the original source image is still under copyright you will be held responsible.

The biggest myth on the web is that you can take copyrighted material, post it on your site and put a link back to the original.

This is categorically not true.

Getting Your Content Ripped Off

In the past, we have had it where people will Google our brand name and what shows up in the search is sites that have ripped the videos off of our course.

Since then, we have hired some DMCA specialists to clear things up a bit.

Google DMCA search notice

This is a common issue. In theory, you can get every single copy taken down if you have unlimited resources.

This is unlikely to happen, so, to minimize their exposure to this, people can hire an attorney to take down the most popular ones.

Firstly, you can get your attorney to send a cease and desist letter to scare the person. You can also put in a DMCA request to take down the pages.

This is a document that says a site is infringing on copyright. The best way to do this is to track down the host (because a lot of sites are based overseas) and identify different companies in the US that they use (host, payment processor, e-commerce platform). Then send these companies DMCA takedown notices, they will usually take it down.

DMCA is a US law.

It essentially says, any site will not be heard liable for the content uploaded by it’s users if they follow a set process. The individual that posted it can be deemed liable but not the platform.

An integral part of this process, is if a complaint is sent in, the company must take down that content if there is no valid defence.

Even if you go through this whole process. There are some situations where you just cannot get the site taken down and you just have to deal with it.

Point to Note

If you allow anyone to upload anything to your site, you should comply with the Digital Millennium and Copyright Act (DMCA). As part of this, you must register an agent with the copyright office.

If you have already registered with the copyright office, please be aware that they have launched a new system and are not transferring existing registrations from the old system to the new system.

This means that by December 31st 2017, you need to register again with the copyright office or you will lose the protection of the DMCA and your registered status.

If you are not registered, make sure to do so. It only costs $6 and gives you all the protections of the DMCA. This is the most common legal claim from operation online so make sure to protect yourself.

Collecting Emails

In the US, the key law is the CAN-SPAM act.

You can send out unsolicited commercial emails as long as you put in the subject line that it is an advertisement.

The FTC has actually put out a good guide to complying with the act.

Richard advises clients to always do a double opt-in if possible. He also advises them that if someone is signing up to a service, you absolutely have to make it clear to them that they are also signing up to an email list.

Email law is difficult to talk about because the US has such a lax system whereas other countries, such as Canada, have very tough email laws. It becomes difficult because people don’t split their list by countries.

There are also jurisdiction issues here, such as how would Canada enforce their laws if you were based in the UK or somewhere else across the world.

If you are based in a country, you really need to be concerned about the laws for that country or region.

If you are using a 3rd party system, such as Mailchimp, they will usually force you to be in compliance through their system.

The main points to note are:

  • You can’t have false or misleading header information
  • It has to be from your real address
  • You can’t use deceptive subject lines
  • If it’s an unsolicited ad, it must have an ad statement in the subject line
  • The must be a statement declaring your location
  • You must make it easy to opt-out and you have 10 days to take them off your list

There are certain situations where you do not need to be as compliant or regulations are relaxed. The best advice, however, is to just comply with the regulations at all time. It doesn’t cause any harm.

Whereas, in Canada, the regulations are extremely tight to send a sales email. You have to make sure that you know the laws in your region. The 3rd party system is the one that will enforce the regulations so that they are not at risk themselves.

Outreach Emails

With unsolicited outreach emails it is more likely to be viewed as a business to business transaction rather than a commercial email.

As long as the number of emails being sent does not get out of hand, it should be ok.


A trademark is a logo, symbol or a short phrase. It is something that identifies your brand or a product that your brand offers. They’re important because they stand as a symbol to consumers of something.

Take Apple as an example, if you said you had a digital watch or you said you had an Apple digital watch, the perceived value of the Apple watch would (generally) be higher because it is associated with the brand.

The trademark stops other people from piggybacking on your brand’s reputation.

The question for trademark is: is it causing confusion with consumers then they are infringing on the trademark.

To form a trademark, you need to register with The Patent And Trademark Office. You then submit your mark, pick a class (there are around 50 of them) related to your part of the economy.

If you think about Amazon, they have that trademark in the internet space but this does not mean that amazon cannot be used within a trademark in a different medium – such as Amazon River Tours.

It then takes around 6 months where they look for any conflict with an existing mark. When they are satisfied, the trademark will then be granted.

The trademark is valuable in protecting your brand but it is also a valuable asset. For example, you can license your brand out to people.

You can only get a trademark if you are using it in commerce. The only exception to this is to file an intent to use where you can use it if you plan to release something within the next three months.

There can be occasions where a big brand decides to use a phrase for a campaign. In some cases, this has led to small companies having to change their brand names because they had not previously registered a trademark.

The thing to note with trademarks is that legal fees can easily cost $500k-$1m.

So, unless you have the cash lying around, it is important to take out an insurance policy to cover these fees.

A good idea is to buy a basic policy with a $1m coverage limit and then purchase a commercial umbrella policy. This umbrella policy begins to take effect after your initial $1m has dried up. These umbrella policies are generally really cheap because they are very rarely used.

European Data Protection Policy

In the near future, the European data protection laws are going to be updated with increased penalties.

These penalties are $20m or 4% of your global net worth – whichever is greater.

When GDPR (General Data Protection Policy) comes into place, it is unlikely that the EU will come after small sites for $20m but it still makes sense to consult an attorney and be prepared for when the policy comes into place on 25 May 2018.

The Future of Internet Regulation

Governments are beginning to catch up with the internet age. The internet is no longer the wild west.

Governments are beginning to create laws and establish their jurisdiction in the online space.

There are different countries around the world introducing laws that often conflict with each other. This presents challenges on the internet because most of us have customers from all over the globe.

For example, China has just introduced a law making anonymity illegal on the internet.

Other countries, such as Russia, are telling companies that, if they want to collect their citizens information, they have to have their servers within the country. If you do not agree, the country can simply block your site in that country.

For people who are mainly targeting the USA and not making much money in the EU, there is a genuine question arising of whether they should block all traffic from the EU and stop it from coming to their site.

The reason for this is because compliance is becoming so difficult, the cost of compliance (and the risks of non-compliance) is greater than the money being generated in the region.

With all these different laws being introduced, it’s not unlikely that digital continents will form where business owner decide not to make their websites available in certain regions because of over regulation.

International Enforcement

The tricky thing for law enforcement is how they actually do enforce these laws.

It is easy to hold large companies such as Amazon to account because they have a presence in, for example, the EU.

But, if you are running a $5k a month affiliate site from Portland, Chiang Mai or Bali, the question is how they can actually penalise you.

Key Takeaways from this Episode

  • Get bespoke terms of service and privacy policy created by an internet lawyer.
  • Force your users to accept your terms of service using a checkbox and keep server logs.
  • When you update terms and conditions do the same again and force your users to accept them before they can continue using your site.
  • Use disclaimers on your pages when giving advice such as health or financial advice that can affect people’s lives.
  • Have an earnings disclosure clearly displayed on your site if you are making affiliate income.
  • For Amazon Associates, make sure that you use the exact phrase.
  • Linking to the original source of an image does not absolve you of copyright responsibility.
  • Don’t steal photos – take your own or use stock photos. Be wary of Creative Commons.
  • Re-register with the DMCA before the end of 2017.
  • Use a third party email platform as they force you to comply with SPAM laws.
  • Register your brand as a trademark or risk losing it to someone else.
  • Insurance – purchase liability, trademark and a further umbrella insurance policy.
  • Be wary of new European data protection legislation coming into effect next year.

If you want to get in touch with Richard Chapo or you are interested in his services, you can find him at socalinternetlawyer.com.

Resources from this Episode

Get in Touch with Richard