I design and own several websites for the purposes of lead generation. On most of them, I currently have a ToS checkbox at the end of the form that is checked on by default.
They can of course un-check it. But it won’t let them submit their contact info until they agree to it.
Does anyone have any advice on this? Is this legal to do? I can’t find any definitive answer on the web.
Having it unchecked and requiring that they check it for their submission to be accepted at least provides evidence that they did something with a checkbox that referenced the ToS.
Having it checked to start with doesn’t prove anything.
I don’t know of any laws against it. I agree that requiring them to check it themselves is more evidence they agree with the TOS. As with any TOS when is the only time it’s relevant? When they break it and you have to go, “See, you read it and agreed to it.” Probably best not to get their reply, “I didn’t check that box.” GL
I doubt there are any laws governing how TOS checkboxes should work. What you need to consider is the purpose of the checkbox, and your objective of the TOS legally.
Having a user check a box (and being able to prove that they did) indicates that the user ‘did something’ to acknowledge the TOS. If the box is already checked, they may not have even noticed it. In the event that you get into some legal, it could be very helpful to demonstrate that the user actually took action to accept the TOS.
Even better than checking a box is forcing the user to type ‘I accept’ or their initials, etc. The idea is to be able to prove that the user accepted the terms, otherwise the terms may not be useful legally.
Thanks for your reply. I don’t mean disrepect when I say this, but how does having it be unchecked at first prove anything either?
I suppose that for each entry in my database, I could add a field called “ToS Agree”. Then, if I ever had to prove that they agreed to the ToS, I’d have their date, IP, and that piece of data.
But in a way, how can they prove that I didn’t just insert that data into the databse myself? After all, it is my database. I could put any darn thing in there I wanted. I’m not saying it wouldn’t be sketchy or unethical, but I am asking if it would be legally considered proof that they agreed?
BTW - I thought that the moment someone used your website that they were inherently already agreeing to your privacy policy and terms of use? I just thought “I agree” boxes were for the purpose of maintaing good PR and going above and beyond the law. Is this not true?
Sage, thanks for your input.
I agree that would be better if your primary purpose/concern is to be able to prove acceptance of terms at a later date.
But to be honest, my goal is to maximize conversion rate while maintaining the bare minimum level of legal compliance - a “best of both worlds” approach.
I’m guessing my all of your Sitepoint Credentials that you’ve done some serious web design in your day. In your experience, does adding additonal/better “ToS compliance stuff” to your info forms affect conversion rate?
My guess would be that it decreases conversion rate. I base this assumption on my experience that the longer it takes someone to get through a form submission, the less likely it is to happen. So if I can get through the legal ToS part with mimimum action on the users part then I will.
You don’t need to worry about maintaining a minimum amount of ‘legal compliance’ unless you are really doing something unusual like a regulated activity that requires paperwork (like selling a house or acting as a car dealer, etc.). If you want, you can completely get rid of the TOS to remove barriers to conversion.
Then again, the TOS is supposed to protect you from liability and other legal problems so you need to think carefully about how much protection you want/need.
If you really want to remove barriers to conversion, you can make a decision to assume the risk of any legal problems that the TOS might help prevent. If you aren’t willing to risk those legal problems, the TOS may help mitigate them.
The amount of risk that you are wiling to accept in order to make money is up to you, and only you or your attorney can quantify that risk by understanding exactly what your business is. Perhaps your website carries very little risk and the TOS is really just a formality. Or, you may be risking some liability in some way and the TOS is a must.
Either way, it’s up to you to decide what protection you need and what protection you are willing to implement.
Thanks for the well thought out reponses.
It looks like the bottom line answer to my question is: “who the h*ll knows?”
That would explain why I’ve found so many conflicting answers on the web.
hehe well that’s not exactly my interpretation! You’ll always get a ton of different answers on the web (or at a cocktail party) but that doesn’t mean there isn’t a ‘right’ answer.
If you were to explain exactly what your website does (specifically, including what it does with emails, cookies, etc) a good attorney who is web-savvy could probably tell you exactly what the risks are and how to protect yourself.
If you were to post that info on this thread, there are a lot of smart people who could probably shed some light on what your risk is and how to protect yourself.
It’s not really guesswork, but it’s complex.
Because your code doesn’t allow the record to be saved unless they first check the box. Since they have actually checked the box it means that the part of the page with the text next to the box that indicates that they agree to the ToS by checking the box is actually visible on the screen and that they have taken an action to confirm that they agree to it.
If it is checked to start with then there is no evidence that the person even knew the checkbox and adjacent text exists on the page at all.
While they can claim you added the checkbox afterwards or changed the ToS afterwards when you require them to check the box themselves they don’t have to make that claim to try to get out of it if you don’t require an action since they can simply say that they didn’t see the checkbox.
Having the checkbox already checked is equivalent to not having it there at all. You may as well place the T0S text next to the submit button and say that by pressing Submit they agree to the T0S. Of course that still means they have only taken one action to agree rather than the two that having the checkbox there for them to check as well requires. Each action that your visitor needs to perform in regard to the ToS is one further piece of evidence to make it harder for them to claim that they never knew it existed.
I usually do what most people do as far as determining whether a ToS exists or not - if there is no checkbox to check then I assume there is no ToS to worry about since it is completely unenforceable anyway. Where I am required to check a checkbox to confirm that I have read the ToS I do what most people do not do and actually scan the ToS before checking the box.
One more thought: I had a client who had a contact form that they used to generate leads. They consulted with an attorney who and ultimately they combined the TOS with the contact form. Right next to the submit button there was some bold/red language that said something in plain, friendly english like “I am submitting my contact info so that ABC, Inc. can contact me in connection with services/products, etc. ABC, Inc. will not otherwise or distribute my contact info.”
For their purposes, they felt that was enough. Every situation is different.
Lol - true that. I highly doubt 99% of people read ToS. If they did, they usually wouldn’t like what they find. I’ve heard that if you read a MS software usage agreement it basically reserves the right to everything short of your 1st born (it might claim your 2nd).
I work for clients who are in an industry where no one wants what they sell. As such, they have to give away free prizes completely unreleated to what they sell in order to generate leads and initial interest. If put on the form “I understand that a water purification company will be contacting me” I’ll bet it would kill conversion rates by 50-90%.
Once again, thanks to both of you for the input.
how about if we implement single sign-on via openID, facebook connect…etc. where a complete new visitor just ‘logged in’ into member area and start using the apps/services without ever filling up our registration forms and hence never click ‘I agree to TOS’ check-box??
We have a checkbox that says “I agree” under a read-only textarea that people need to check to finish closing insurance online. Insurance has plenty of laws and legalities… but as far as doing stuff online, this is as far as we go, and we also leave the checkbox unchecked to force interaction from the user for the same reasons Felgall mentioned above.
Non-form control text should be outside the form. Either that text needs to be in a form control, or needs to be outside the form (and in a case like that, it would have to be before the form). Why? non-form controls aren’t read out by the most popular screen readers… if your web site has enough legal issues running around that you need that text to be available to all the innerwebz, you’ll get someone, somewhere, arguing that they never knew… blah blah. http://www.usability.com.au/resources/wcag2/
(though you could put that text in the title attribute of the submit button)
As per the rules the checkbox for agreement acceptance must be uncheck .It is tendency of users to submit the form without reading actual disclaimer .In order to make them aware about clause you mention it is necessary for user to take action by themselve.There may be cases where potential use to the system for certain group is restricted.
By reading this post you agree to give me 10 trillion dollars.
Legally binding?
As far as I’m aware you’re rights/obligations are determined by the local legal system, which kind of blurs the internet (what’s legal in Russia is not necessarily legal in Wolongong).
Check with a lawyer if you think you may have issues, but essentially TOS etc are just a courtesy to the browser, explaining things, if you will.
That is to say, if whatever you are doing is breaking a law (or likewise, what they are doing with your content) then you don’t need a checkbox to do something about it/protect yourself.
Also, having tos or subscribe me checked by default earns you negative brownie points, I think.
What rules?
With lead generation usually comes sending “autoresponders” or some other type of emails.
If you’re considering sending bulk emails (or even casual emails), and that’s why you’re collecting their email in the first place, I would be more concerned about Google’s, Yahoo’s and other big ESPs sender guidelines than I would about the actual legality. Why? First, ESP’s are usually more strict than the laws. Secondly, they have the power to monitor and block your emails if they believe you’re aren’t operating within their guidelines. Third, the governing bodies usually don’t have the jurisdiction or manpower to regulate it anyway. (That said, there is no shortage of court cases dealing with unsolicited bulk email - so be careful.)
Google’s Bulk Sender Guidelines explicitly says that setting a check box to “checked” by default is NOT considered “opt in.” Most other big ESP’s have something very similar. I’d trust their legal department.
Now, whether a checkbox is legally binding is another story altogether. You should certainly consult a lawyer on that.
But, in my experience, more is better - and for a few reasons. First, it can (but won’t always) cover you in the event of being sued. Secondly, the more steps you require people to take, the fewer leads or contacts you will generate. However, those few quantity will be much higher quality because you know they aren’t just kicking tires. They’re actually legitimately interested because they took the time to take more action. And why waste time with people who aren’t serious about your product or service anyway?
You could always have (upon acceptance of the terms - or use of openID) to confirm their account via email, have a note above the link stating that by clicking the link their agreeing to the terms set out on the website (you could also perhaps have them confirm the activation by entering their date of birth and then clicking an acceptance button). By “jumping through hoops” your ensuring they agree rather than hitting accept by default and making them consider the process rather than “glaze over”, it won’t take the user much additional time (or energy) and you’ll at least show beyond reasonable doubt you didn’t just let them sign up in ignorance 
PS: Sorry about the late response, hope the information is still useful (even if it’s just a consideration for a future implementation).
I think having the activation link also be the acceptance is a bad idea. In my opinion, accepting something like T&Cs or whatever should be a clear, separate and deliberate action by the user. You could claim that they might not see the text and just clicked to activate their account - having a checkbox that must be ticked represents a clear action on their part to agree to whatever it is you want them to, and would be in much less doubt about what that action means.