• United States



It Doesn’t Pay to Bury Your Web Site Terms and Conditions

Oct 07, 20101 min
Data and Information Security

While courts have generally found that Web-based terms and conditions are enforceable, businesses cannot hide those terms or make them difficult to identify.  This is exactly what happened in a recent case in the Eastern District of Virginia (Cvent Inc. v. Eventbrite Inc., E.D. Va., No. 10-481, 9/15/10).  The court held the Web site terms of use were unenforceable because they were made a available through a link buried in the fine print at the bottom of a page with many other links. 

Businesses beware:  if you want enforceable Web site terms and conditions, you must make them clearly identifiable and obvious to your visitors.  Of course, terms that require a user to actually click-through (e.g., via an “I Accept” button) are far less problematic because the user’s attention is focused on the terms as part of the acceptance process.  This focus is missing for general Web site terms and conditions, which is why courts require those terms to be clearly identified to visitors.


Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author