Trending Website Issues Mehmet Munur (614) 859-6962 Mehmet.Munur@Tsibouris.com
Overview GLBA Model Notice Website Privacy Policies Electronic Payments and NACHA ESIGN Terms of Use Marketplaces and Service Providers Mobile Issues Americans with Disabilities Act Issues Recordkeeping
GLBA Model Notice GLBA requires initial, annual, revised privacy notices. In 2014, GLBA annual notice requirements were provided with alternative delivery mechanisms where sharing was limited. In 2015, FAST Act eliminated some delivery of annual notices. CFPB proposed regulations to implement the 2015 amendment.
GLBA Model Notice Annual notices eliminated where: No nonpublic personal information shared about customers except as described in certain statutory exceptions; and No changes to policies and practices with regard to disclosing nonpublic personal information from those that the institution disclosed in the most recent privacy notice it sent. Also includes timing requirements of notices if financial institution no longer qualifies for exception.
Website Privacy Policies Website privacy policy required, must include: Categories of PII collected Categories of third parties with whom PII is shared Process for reviewing, requesting changes to PII Effective data Do Not Track provision Using GLBA Model Privacy Notice for website privacy notice is unlikely to suffice.
Electronic Payments EFTs governed by Regulation E ACH payments also governed by NACHA Rules Generally, authorization must be: In writing and signed or similarly authenticated Readily identifiable Clear and readily identifiable terms Info about revocation Has recordkeeping and data security requirements Interacts with ESIGN
Checking/Savings Account Holder Authorization I authorize you to initiate preauthorized electronic funds transfers and debit the authorized debit amount indicated above from the designated checking or savings account listed above. I understand this debit will be made each month on the account’s payment date due. If the payment date due falls on a weekend or holiday, the account will be debited on the next business day. This authorization will remain in effect until the my account or specific loan sequences as indicated above are paid in full, or until I notify you to terminate this agreement. I understand you must receive a request to terminate at least three business days before the scheduled payment date due. Termination requests are to be made by contacting you at the number below or writing to the address below. I understand that if the minimum monthly installment amount changes, the authorized debit amount will also change to the new required monthly installment amount plus any optional additional amount I authorized above. The new monthly installment amount will be provided on a billing statement. Checking/Savings Account Holder’s Signature: Please send the completed form to: [Company] P.O. Box [XXXX] [Address] For more information, call us at (888) XXX-XXXX or visit www.company.com
ESIGN Allows the use of electronic records where a statute, regulation, or rule requires writing Intersection of loan documentation and electronic payments Requires: Affirmative consent Clear and conspicuous statement Reasonable demonstration of access to information
Terms of Use Serves many purposes, including: Limitation of liability; Venue and governing law; Possibility of arbitration; Ability to update documents from time to time; and Brings all other web legal documents together in a contractual framework.
Terms of Use Mandatory Non-leaky Clickthrough Check boxes with hyperlinked terms Adequately supported chain of evidence
Nguyen v. Barnes & Noble . . . in keeping with courts' traditional reluctance to enforce browsewrap agreements against individual consumers, we therefore hold that where a website makes its terms of use available via a conspicuous hyperlink on every page of the website but otherwise provides no notice to users nor prompts them to take any affirmative action to demonstrate assent, even close proximity of the hyperlink to relevant buttons users must click on— without more—is insufficient to give rise to constructive notice
Sgouros v. Transunion You understand that by clicking on the “I accept & Continue to Step 3” button below you are providing “written instructions” to TransUnion Interactive Inc. authorizing TransUnion Interactive, Inc. to obtain information from your personal credit profile from Experian, Equifax, and/or TransUnion. You authorize TransUnion Interactive, Inc. to obtain such information solely to confirm your identity and display your credit data to you.
Marketplaces and Service Providers More than one entity with legal terms where the roles of each may not be readily apparent to the consumer. Pay particular attention to FDIC/OCC marketplace and third-party guidance. Whose legal terms (GLBA, Privacy Policy, Terms of Use, ESIGN) are presented and agreed to? Are information sharing activities properly disclosed in these documents? Are there any activities that will draw the attention of regulators?
Mobile Interface
Meyer v. Kalanick The wording of Uber's hyperlink adds to the relative obscurity of Uber's User Agreement. The Court cannot simply assume that the reasonable (non-lawyer) smartphone user is aware of the likely contents of "Terms of Service," especially when that phrase is placed directly alongside "Privacy Policy."
Meyer v. Kalanick In other words, "the importance of the details of the contract" was "obscured or minimized by the physical manifestation of assent expected of a consumer seeking to purchase or subscribe to a service or product."
Meyer v. Kalanick There is a real risk here that Uber's registration screen "made joining [Uber] fast and simple and made it appear — falsely — that being a [user] imposed virtually no burdens on the consumer besides payment."
Americans with Disabilities Act Department of Justice enforces the ADA World Wide Web Consortium’s Web Content Accessibility Guidelines endorsed by the DoJ Amendments are expected in 2018 United States Access Board Section 508 applies to IT procurement by the government Complaints and lawsuits are on the rise
Americans with Disabilities Act Plaintiffs’ counsels’ demands include: Section 508 and WCAG 2.0 compliance; Web accessibility policies; Training and contracting based on Section 508 and WCAG 2.0; and Independent testing.
Americans with Disabilities Act Perceivable Provide text alternatives for any non-text content so that it can be changed into other forms people need, such as large print, braille, speech, symbols or simpler language. Create content that can be presented in different ways (for example simpler layout) without losing information or structure.
Americans with Disabilities Act Operable Make all functionality available from a keyboard. Provide users enough time to read and use content. Provide ways to help users navigate, find content, and determine where they are.
Americans with Disabilities Act Understandable Make text content readable and understandable. Make Web pages appear and operate in predictable ways. Help users avoid and correct mistakes. Robust Maximize compatibility with current and future user agents, including assistive technologies.
Recordkeeping Courts may question evidence and testimony relating to the: The workings of the website at the time of the facts in question The nature of the contracts at the time of the facts in question Whether the individual took the actions in question Computer programming
Mehmet Munur (614) 859-6962 Mehmet.Munur@Tsibouris.com Questions & Answers Mehmet Munur (614) 859-6962 Mehmet.Munur@Tsibouris.com