Is your website Legal?

Summary: There are a number of requirements for public websites. It’s a good idea to make sure your site isn’t going to be a problem for your company.
Recently we have seen ADA related lawsuits for websites in Visalia.

Having a website is a requirement for most businesses. Like taxes, employees and many parts of running a business, there are a number of agencies and organizations that want a say in how you advertise and what you do online. If you sell anything online, there are even more requirements.

Obviously, this is not a legal recommendation – it should be a starting point for helping your company think through their website plans.

Do you own the content? Make sure any images or quotes are either public domain, licensed, or something you created yourself.

Put the copyright symbol ©, the name of your business (say your LLC) and the year your site started until the current year means that you lay claim to all the content on your site.

Include contact information
Full company name and where you are.
How to contact you, particularly about the website itself.

Have a privacy policy
Make sure you have a page describing what information you collect, and how you use it.
Basically, a privacy policy is a public notice that accurately discloses:

  • What personal information a company collects from customers and other members of the public;
  • How it collects such personal information;
  • How it stores and protects the information;
  • How it uses the information;
  • How it may distribute such information; and
  • How its customers may access the information collected about them and what choices they have to review, edit/correct, and perhaps delete such information.

Even if all you collect is information on who clicks on your site, it’s best to have a “privacy policy” clearly mentioned on the main page – often at the bottom.

In addition, some 3rd party services require that you have a privacy policy in order to use their service with your website. This includes Google Analytics.

The COPPA law or Children’s Online Privacy Protection Act states that any organizations or people operating online services (including social media services) are not allowed to collect the personal information of anyone under the age of 13 without parental permission.

Selling online

If your site allows purchases directly though the website (even if redirected) you have a lot more to pay attention to. In addition to all the issues that go along with selling anything, you need to address the following:

Terms and Conditions
This is important if you make any sales over the website – clearly describe what the visitor/consumer will get, and what your policies are. There is no specific law requiring this, but it’s good business. Consumer protection laws apply as well.

Every jurisdiction has different taxes and rules about what you must collect. Make sure you do your homework. This topic is too big to address fully here.

Shipping restrictions
Some products are restricted- again do your homework.

PCI Compliance
If you take credit cards, you must meet the PCI Credit Card security requirements.

Here is an example from Amazon where a Privacy Notice and conditions of user are clearly linked in the website footer:

User provided content
If you allow users to post or provide content of any kind on your site, make sure you have a clear policy about what can be posted, who can access it, and what you can do with it. Determine who owns posted / shared content.

If you email or send messages from your website, there are additional regulations on what must be included.  You must meet the requirements of the CAN-SPAM act.

The general consensus right now is that any business considered a “public  accommodation” should have an ADA compliant web presence. Generally, this would refer to B2C, retail, or any business the general public should be able to use, understand and access easily.

There will now be a definitive list of guidelines that websites must abide by after January 18, 2018. The safe harbor clause of this ruling allows your existing content to remain as is unless altered after January 18th  2018, The guidelines will apply to any page on your website that is updated after that date.

What Do I Need To Do To Be Compliant?
Web Content Accessibility Guidelines (WCAG) 2.1 spell out the requirements and is considered a good standard in recent case law.  There are multiple standards, courts refer to either AA or AAA level.

Text must meet a minimum contrast ratio against the background, which can significantly impact your design.
Your site must be fully navigable via keyboard only. This usually includes things like skip navigation buttons and can involve manually setting a tabindex everywhere.
Your site should be navigable with screen reader software. This can be difficult to test and can involve some arduous fixes similar to what is necessary for keyboard navigation.
Your site must handle text scaling up to 200% without causing horizontal scrolling or content-breaking layout issues. Once again, this may be more difficult to fix in some complex designs.
The site should work on all platforms.

A variety of software can be used to test for ADA compliance.

  • WAVE is a good start, but can produce a lot of false positives, particularly for contrast ratio issues.
  • Lighthouse can help generate a report on potential issues.
  • Manual testing for contrast ratio using this calculator.
  • Manual testing with screen reader software
  • Manual testing with keyboard only navigation

The automated tools will catch a lot of the simple issues, but manual testing is often still going to be required for nearly all websites if you want to ensure you are meeting requirements.

Userway ( has created a free widget which can be added to most websites to meet a good part of the compliance requirements. They also have a plug-in for WordPress sites.

Communications Decency Act ( US 1996)
From <>

Unlike other countries, there is no single governing privacy law in the US. However, several laws affect your Privacy Policy and must be taken into consideration.

These include:

The Americans With Disabilities Act
The Cable Communications Policy Act of 1984
The Children’s Internet Protection Act of 2001 (updated in 2013)
The Computer Fraud and Abuse Act of 1986
The Computer Security Act of 1997
The Consumer Credit Reporting Control Act
The Children’s Online Privacy Protection Act (COPPA)
The California Online Privacy Protection Act (CalOPPA)

ADA compliance

Unruh Civil Rights Act

States that individuals with disabilities are “entitled to the full and equal accommodations, advantages, facilities, privileges, or services in all business establishments of every kind whatsoever.” (Cal. Civ. Code § 51(b)) In 1992, the California Legislature amended the Unruh Civil Rights Act to state that a violation of the ADA is a violation of the Unruh Act (Cal Civ. Code  § 51(f))

Thus, a plaintiff who alleges a violation of the ADA does not need to allege anything further to state a claim under the Unruh Act.

Disabled Persons Act (“DPA”)

“Individuals with disabilities shall be entitled to full and equal access to accommodations, advantages, facilities,…, and privileges of all…places of public accommodation, amusement, or resort, and other places to which the general public is invited.” (Cal. Civ. Code  § 54.1(a)(1))
Similar to the Unruh Act, pursuant to Cal. Civ. Code  § 54.1(d) a violation of the ADA is a violation of the DPA

The ADA is silent on websites;

  • Circuits are split on whether the ADA applies to websites; and
  • Courts finding ADA applies to websites provide no guidance on specific accessibility requirements.
  • Are websites places of “Public Accommodation”
    • Yes: 1st, 2nd, and 7th Circuits
    • Maybe: 3rd, 5th, 6th, 9th, 11th Circuit with a suitable nexus between the physical location and the website.

(California is in the 9th Circuit)

Because there have been findings of ADA applicability in several circuit courts throughout the US, this means that any potential consumer in any of these districts is also a potential Plaintiff.

  • Website access from those districts constitutes doing business in that jurisdiction.
  • Title II and III of the ADA allow for “reasonable” attorney’s fees to be awarded—to Plaintiff’s attorneys.
  • Per-violation statutory minimum fees collected in these cases—or, class action.


The Complete Handbook to Sales Tax, Business Tax and Amazon FBA Tax
From <>

State Laws Related to Internet Privacy

From <>

Email marketing