Browsewrap Versus Clickwrap
If so, you probably also use a form of consent to make your terms enforceable.
The two most common types of digital consent for websites are browsewrap and clickwrap. But only one of these is likely to make your contracts enforceable and keep you compliant with privacy laws like the GDPR.
Clickwrap is quickly becoming the new standard in contract agreements. If you're not yet using it, then you should be. Keep reading to learn about the differences between browsewrap and clickwrap and see examples of how real companies use each format on their sites.
- 1. Browsewrap vs. Clickwrap: The Differences and Why They're Changing
- 1.1. Clickwrap is the New Standard for Consent
- 2. Why Browsewrap No Longer Suffices and What's Next
- 2.1. Why You Need Clickwrap to Comply with the GDPR
- 2.2. Why You Should Use Clickwrap to Comply with CalOPPA
- 2.3. It's Not Just Privacy Laws - Case Law Loves Clickwrap, Too
- 3. Summary
Browsewrap vs. Clickwrap: The Differences and Why They're Changing
Browsewrap and clickwrap are two ways of agreeing to a contract hosted online.
Browsewrap was the previous standard for agreement to legal contracts because it was simple and designed to cover everyone all the time. It best embodied the shrink wrap agreement often found elsewhere in the software industry.
In other words, you are already on the site, so you agree. If you don't like it, don't use the site.
By putting a link to your legal documents on the site, you gather consent or agreement to those documents from everyone who uses the site - even if they never click on the link to your document.
What does browsewrap look like?
If you sign-up for the viral morning newsletter from TheSkimm, you encounter browsewrap. When you enter your email (and allow The Skimm to contact you), you do so without clicking a consent form:
Finally, Airbnb's U.S. site uses browsewrap.
Its Terms of Service says that "By accessing or using the Airbnb Platform, you agree to comply with and be bound by these terms."
Clickwrap is the New Standard for Consent
Clickwrap agreements require more from both you (the website owner) and your customers. They have two components that make a real difference in consent:
First, they provide notice by providing a link or even a short summary of the legal contract.
Second, they offer a chance for informed and actionable consent (usually with an "I agree" checkbox or a button).
When a site uses clickwrap, it requires the user to provide expressed consent to the entire agreement before proceeding by forcing them to click "Ok," "I agree" or "I accept," or check a box either on a dialog box or within a pop-up window.
It also gives the customer the chance to decline or not give consent. The user can close the window or click a "Cancel" button. Alternatively, they can choose not to sign-up at all.
WeTransfer is the first example that uses clickwrap with an "I agree to" checkbox. Its checkbox is found on its account upgrade page, which requires you to enter billing details:
These checkboxes are better suited to GDPR compliance because they require new users to complete two actions: first you agree to Terms of Service then you complete your order.
The best approach really is to use a checkbox, even if you aren't specifically required to comply with the GDPR. As more privacy laws arise and get stricter, this is surely the way of the future of consent.
Why Browsewrap No Longer Suffices and What's Next
For a long time, browsewrap was the default mode of consent. And many sites still rely on it - sometimes erroneously and always at their own risk. At present, there are no lawful requirements that require you to make your Terms and Conditions or Terms of Service more visible or use an "I agree" checkbox to gather consent.
Let's start with the law with the widest scope and the largest fines: the GDPR. Then, we'll talk about an emerging need with CalOPPA.
Why You Need Clickwrap to Comply with the GDPR
The GDPR requires you to seek consent from all data subjects before you process certain types of personal data.
Although some say the browsewrap model still applies, it flies in the face of the GDPR in two ways (though, the GDPR doesn't expressly name either format of consent). First, the GDPR sets new standards for consent.
The conditions for consent are explicitly laid out in Article 7.
To show you have obtained freely-given consent, you must:
- Have proof of consent from every data subject
- Offer a consent mechanism written "in an intelligible and easily accessible form, using clear and plain language"
Article 7 also states that you need to provide a way for data subjects to withdraw their consent and the withdrawal should be as easy as it was to provide consent.
Finally, because consent must be freely given, you can't punish someone who doesn't give consent or withdraws their consent for processing that doesn't have anything to do with the service you provide.
The last issue - allowing someone to withdraw consent without limiting your service - is also one of the data subject rights under the GDPR.
Because browsewrap doesn't allow for granular consent or proof of consent and instead relies on wholesale implied consent, it's difficult for individual data subjects to maintain their rights under the option.
Why You Should Use Clickwrap to Comply with CalOPPA
CalOPPA is the new California-based privacy law. And although it largely targets residents of California, your business falls under its purview if you have site visitors or app users from the state.
It's Not Just Privacy Laws - Case Law Loves Clickwrap, Too
Although the GDPR and CalOPPA made the biggest assaults on browsewrap, it's worth understanding that the courts are leaving browsewrap behind as well.
For example, in a case settled in Florida's Ninth Circuit in 2017, the court argued that the browsewrap agreement used by the defendant for its Terms and Conditions had two problems. The first was that the hyperlink, while available, appeared only at the bottom of the page and required effort on behalf of the plaintiff to find it.
The court also argued that the defendant's link was obvious enough because it said "Terms and Conditions" - not "Terms and Conditions of Sale."
Florida's Ninth Circuit also referred back to a previous case (Nguyen v. Barnes & Noble Inc. 2014) and noted that there was a precedent for declining the applicability of browsewrap:
"[u]niformly, courts have declined to enforce browsewrap agreements when the hyperlink to the terms and condition is buried at the bottom of the page, and the website never directs the user to review them."
However, in Hubbert v. Dell Corp. (2005), the court did allow browsewrap to stand.
But these are different times, and much more now hinges on our use of the internet than it did previously. And when you combine the trajectory of U.S. case law with the fines that accompany CalOPPA and the GDPR, it becomes clear that it's safer and easier to go with clickwrap the first time around.