Choose Site
TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

With the world in various states of lockdown, your organization’s online presence is more important than ever…even more so with official enforcement of CCPA beginning last month. It may be a good time to spend an afternoon reviewing and updating the legal boilerplate on your organization’s website. Here is what we recommend for a basic three-part review to get you started:

  • Privacy Policy. Many clients updated their policy earlier this year to reflect changes required by CCPA. If you fall into this category, then ensuring that the proper version of your privacy policy is reflected on your website, typically in the footer, is a good idea. You would be surprised to know how many clients update their policy, but then fail to actually post the correct version publicly. If you did not recently review your privacy policy, it may be a good time to do so. In addition to seeking advice on changes recommended in light of CCPA, it is also good hygiene to pull the policy and give it a fresh read. Has your organization’s collection practices changed? Has your organization began using or disclosing data differently than it has in the past? A privacy policy only protects your organization to the extent that it is accurate and complete, so periodically spending an hour or so to ensure its accuracy is typically time well spent.

In this month’s Contract Corner, we are highlighting considerations for drafting an up-to-date privacy policy. In Part 1 of this series, we provided background on the general legal landscape for privacy policies in the United States and general issues that need to be addressed for an up-to-date policy. In this Part 2, we will provide some specific pointers on drafting, updating, and disclosing such policies.

Additional Information to Include

In addition to the list of items that should generally be covered in every privacy policy we provided in Part 1, the following are additional items you may need to set out in your specific privacy policy:

  • Directions for customers to access and update data (e.g., password resets, contact information updates, and mechanisms for unsubscribing)
  • Contact details or other means of reaching persons in your organization that can address user queries or concerns
  • Information regarding notifications when the privacy policy is updated (see below for considerations when reviewing and updating your policy)
  • Mechanisms for users to agree to and accept the terms of the privacy policy, as well as means for users to opt out

Drafting and posting a clear, concise, and accurate privacy policy is one of the most important tasks when creating a company’s website, particularly given today’s legal and regulatory environment. Privacy policy legal requirements are becoming more stringent and shortcomings less tolerated, and consumer sensitivity to privacy concerns are at an all-time high.

Despite these concerns, many companies’ policies are seemingly insufficient. A recent opinion piece published as part of the New York Times’ Privacy Project assessed 150 privacy policies from various companies and found that the vast majority of them were incomprehensible for the average person. At best, these seem to have been “created by lawyers, for lawyers” rather than as a tool for consumers to understand a company’s practices.

In this month’s Contract Corner, we will highlight considerations for drafting an up-to-date privacy policy. Part 1 of this month’s Contract Corner will provide background on the current legal landscape for privacy policies in the United States and general issues that need to be addressed.

Does your website or application collect user data? Does your company sell that user data to other third parties, such as advertisers? Does your company disclose this practice to your users in a privacy policy or terms or use? If you answered yes to these questions, you are most certainly not alone. But is your disclosure sufficient? That is the question a new challenge is poised to answer.

As 2018 comes to a close, we have once again compiled all the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips. If you don’t see a topic you are interested in below, please let us know, and we may feature it in a future Contract Corner.

Join Morgan Lewis at our Boston office on Wednesday, December 6 for an interactive event on top issues impacting commercial and transactional lawyers and sourcing professionals. The event will kick off with a collaborative discussion on negotiations and strategies in commercial and technology transactions, followed by a presentation on ethical issues for transactional lawyers.

Morgan Lewis partner Don Shelkey, of counsel Emily Lowe, and senior attorney Ada Finkel will speak at the event.

Morgan Lewis is hosting an interactive event regarding top issues impacting commercial and transactional lawyers and sourcing professionals on December 6 in Boston. The event will kick off with a collaborative discussion on negotiations and strategies in commercial and technology transactions, followed by a presentation on ethical issues for transactional lawyers. Morgan Lewis partner Don Shelkey, of counsel Emily Lowe, and senior attorney Ada Finkel will be speakers at the event.

Discussion topics will include the following:

  • Current trends in commercial and technology contracts
  • Commercial due diligence and transition service agreements
  • Online presence management questions
  • Ethics for lawyers on social media

The discussion will be followed by lunch and a networking reception. We hope to see you at the event!

Register for the interactive “Review and Negotiation of Strategic Commercial Agreements” event in Boston.

A recent decision issued by United States District Court Judge Robert Scola found that the website of an owner and operator of a chain of regional grocery stores is subject to Title III of the Americans with Disabilities Act (ADA) as a service of a public accommodation, and must be accessible to persons who are visually impaired. Gil v. Winn-Dixie Stores, Inc. appears to be the first trial on the issue of whether a website is covered by Title III of the ADA.

Geotargeting—delivering content to users based on their geographic location—has become a popular and effective marketing tool. Yet proper implementation may be more nuanced than originally contemplated because certain locations, like medical facilities, attract intense privacy fears.

Massachusetts Attorney General Maura Healey recently announced a settlement of the commonwealth’s investigation of a digital advertising agency’s practice of establishing virtual fences (a/k/a geofencing) around reproductive health clinics and methadone clinics and then sending related third-party advertisements to mobile devices that had entered the virtual zone.

A seismic shift is afoot in the intelligence, complexity, and interconnectedness of everyday products, and the flimsy foundation of customer assent to standard terms will continue to crack, if not collapse. We recently noted some relatively straightforward adjustments that manufacturers can make to their standard terms to address issues related to e-commerce portals. The Internet of Things (IoT), however, could render the old contracting process (not just old products) obsolete. We highlight some challenging IoT contractual considerations below. A more comprehensive and academic treatment of the topic can be found here.