How to Implement Electronic Signatures
Online agreements require an electronic form of your signature, whether you click “I agree” or use a digital version of your offline signature. Electronic signature laws in the U.S. and Canada do not address the correct signature format. Instead, these laws focus on the correct process for creating an enforceable signature.
Three key considerations guide the electronic signature process:
1. Identification
How do you identify the signatory? In the case of a prospective user agreeing to a Terms of Service, identification may come in the form of an email address, first and last name and IP address. Given the impersonal nature of online agreements, the identification challenge is establishing that signatory is, in fact, the signatory.
2. Intention
How do you establish intention to sign? Intention could be established through a digital version of your offline signature applied to a document or a user clicking “I agree.” Ultimately, the user must understand what they are agreeing to and that they are, in fact, agreeing. For example, placing the “I agree” button after the agreement provides the user an opportunity to understand the agreement before being asked to agree to it.
3. Integrity
How are electronic signature records retained to ensure originality and ease of production? Integrity may be established through a fixed user acceptance process whereby any user, in order to access a website, was required to accept certain terms. Alternatively, in the case of a more traditional signed agreement, the agreement copy was retained in a locked file format, with date and time of signature logged. In both cases, establish an electronic audit trail.
While there is no correct type of online signature, there is a correct process for online signatures that should be considered whenever an online agreement is required.
End User License Agreement vs Terms of Service – When does each apply?
This post aims to clear confusion surrounding two technology law terms: Terms of Service (ToS) and End User License Agreement (EULA). Often, clients use these terms interchangeably even though the terms refer to different business models. Determining which term applies to your business will assist you when searching for legal counsel and to understand your own business model.
End User License Agreement
An End User License Agreement addresses the license of copyrighted software to your users. This agreement is used when users are installing or accessing computer code, such as on their phone/mobile device or computer. Since users are installing/accessing code, the End User License Agreement provides users a copyright license to the code and, therein, aims to protect your rights to that code.
Example: a mobile application, downloaded from an app store and installed on a user’s device.
Terms of Service
A Terms of Service agreement addresses the provision of services to your users. This agreement is used when users are provided a service, typically accessed through a website, but users do not install or access code – Software as a Service. While some label the provision of services as a “license” this is not always ideal as “license” is a term evoking copyright and installing/accessing computer code. Rather, the user is provided with “access” or a “subscription” to the services (or similar language).
Example: a SAAS service accessed from a website through a user account.
But…
There may be instances where you combine these two documents, licensing code and providing a service. For example, an application (installed code) that connects to your cloud service to retrieve data (the service). Additionally, you may have a mobile application and web service that accomplish the same thing but exist separately and, in this case, both agreement types are required.
In Sum:
Understanding the differences between End User License Agreements and Terms of Service should assist you with understanding your business model (am I selling software, a service, or both?) and your legal needs.
Balancing Growth with Legal Compliance
Frequently, large technology companies face lawsuits in foreign courts over their failure to comply with foreign laws, primarily those concerning privacy, sales and consumer rights. In Germany, WhatsApp’s Terms of Service violated consumer protection laws; in Canada, Facebook is challenging the application of Canadian privacy law; and in Australia, Valve’s no return policy allegedly violates consumer protection laws. As your startup grows, users may come from major markets across the world and create a challenge – how to balance growth with legal compliance?
Governing law clauses (X law applies and X courts have jurisdiction) are frequently unable to prevent the application of foreign laws to your company – just ask WhatsApp, Facebook or Valve. Therein, to comply with the laws of only one market naturally leaves your startup exposed to legal liability for non-compliance in other markets. While I suggest considering compliance with the law of each market in which you gain traction, I also recognize that cost concerns and a startup’s focus on growth strategies means that compliance is always on the back burner.
When balancing growth with legal compliance, consider:
1. Size of your company in each market: the larger your company is in a market, the more likely the laws of that market will be asserted against you.
2. General size of your company: the larger (and wealthier) your company is, the more likely the laws of foreign markets will be asserted against you.
3. Potential liability: How large is your company’s exposure to liability for non-compliance in each market? How comfortable is the company with this exposure?
4. PR: Does non-compliance create a substantial chance for bad PR in that market?
Small startups (and large technology companies) frequently focus on growth over legal compliance. Indeed, at the start of your company, potential liability is low as the company is flying under the radar – here, focusing on growth makes sense. Once you company grows, legal compliance should be weighed and constantly reevaluated as laws, and your company, change.
When to Update your ToS and Privacy Policy?
When your Terms of Service, End User License Agreement and Privacy Policy are first drafted they reflect how your software operates at a particular point in time. However, as software and your business changes over time, these documents are often left behind and stop reflecting how the software operates. The effectiveness of these documents is hindered when your software steps beyond their scope.
Not every change to your software requires an amendment to the ToS, EULA or PP. Where the change is encompassed by the language of the documents, no amendment is required. Conversely, if the change adds a new, or changes a current, feature, collects additional information or uses information differently and that is not reflected in these legal documents, then an amendment is likely required.
Ideally, your documents should constantly evolve, lockstep with your software’s evolution, and allow you to avoid the effort and cost involved in drafting new, or substantially amended, documents every few years. Where you believe that a software change is not reflected in your ToS, EULA or PP, I recommend consulting with your legal counsel to determine whether an amendment to these documents is needed.