Foster & Scott Logo

The legal lowdown for websites and apps


Every website and app must abide by online privacy laws, this sounds simple but it can easily feel like a minefield for new online businesses. We’ve condensed the legal requirements into a simple list that should hopefully get you on your way with your new site.

Here are the main legal requirements that every website or app must follow:

1 – Include Privacy and Cookie Policy Document
It is a legal requirement for any site or app that collects personal data to have an up-to-date Privacy Policy. Your Privacy Policy must be custom-made for your site or app (no copy and paste, unfortunately!), include third-party information, be easily accessible and include a Cookie Policy. If your site is available in multiple languages, you must also make sure that your Privacy and Cookie Policy are also available in the different languages too!

2 – Display a Cookie Banner
The Cookie Law is a legal requirement that means every site must display a cookie banner that prompts users to provide their informed consent before profiling cookies are installed. The banner must briefly explain the purpose, have a link to the Cookie Policy, allow for the user to express informed and explicit consent, remember the user’s preferences and implement prior blocking of codes that install profiling cookies (unless consent is provided).


3 – Collect and Stores User’s Content (GDPR)
In a nutshell, GDPR (General Data Protection Regulation) means that all online businesses must collect freely given, specific, explicit and informed consent from all EU users. This needs to be done through an explicit opt-in action upon entering your site (no pre-filled boxes allowed!) This data then needs to be recorded through the use of valid consent proof records, which show exactly how, when and under which conditions consent was obtained.

4 – Protect Californian User’s Rights (CCPA)
Regardless of the geographic location of your business, if you have users that live in California, you must abide by the CCP (California Consumer Privacy Act). This act requires websites to display a notice informing users that their data might be collected and sold to other parties whilst also giving the user an option to opt out via a DNSMPI (Do Not Sell My Personal Information) link. Similarly to the GDPR you must keep records of opt-out details and are not allowed to contact users for a minimum of 12 months after they’ve requested to opt-out.

5 – Include a Terms and Conditions Document
This is not mandated by privacy laws however a Terms and Conditions document sets legally binding rules about how your website, app, product, service or content may be used, so it is essential for all sites and apps. The document should contain: disclaimers, copyright clauses, and terms of sale list mandatory consumer protection clauses, and define the governing law for e-commerce sites the policies for returns, withdrawals and cancellations should be very clear. As with the Privacy and Cookie policy document, the T&Cs document must be fully customised and should be easily accessible to the user before they start using your service or completing a purchase.

We hope this list has helped you understand the basic legal requirements for websites and apps; however, if you’re still feeling slightly overwhelmed then don’t worry, that’s where we can help! Website creation is one of our expertise, meaning we can guide and support you through the legalities when we’re building your site.

If you need our help with website creation or are interested in one of our other services, simply get in touch via the contact form link at the bottom of this page!

Share this post: