Legal side of starting a website

Alexandra Belski Alexandra Belski
Reading time:  11  min.

Now, starting a website doesn’t take much. There are great intuitive tools that help create an absolutely stunning blog from scratch. But before you do that, it’s very important to understand that blogging involves legal implications regarding data collection, content attribution, and the like. Below, we’ve compiled a checklist for website owners, giving some kind of a legal background for different activities on the website. Please note that this post is for informational purposes only, so it’s recommended to consult your lawyer for legal advice in each individual case.

Legal side of starting a website

Website legal requirements

Websites legal requirements might seem complicated to comply with at first, but in fact they’re pretty straightforward. Below, you’ll find the most important rules that will get you out of legal trouble and help protect your website.

Intellectual rights to the website

By default, intellectual rights to the site belong to its creator. That is, the web designer owns the design of your site, while the site content belongs to the copywriter who wrote it if not specified otherwise, and so on. This, however, often comes as a surprise for the customer. So take website copyright laws seriously when thinking how to create a blog and draft an agreement obliging the webmaster to transfer you the rights.

Here are some tips on how to draft such an agreement. Specify that the domain name must be registered to you as a customer.

  • Describe in detail what exactly needs to be developed, to what extent, what characteristics to take into account, on what conditions to make changes and additions.
  • Set clear terms for the development of the site, possibly with a detailed deadline for each segment of work: providing the necessary information from the customer, creating a beta version and the final version, testing the site, etc.
  • Determine the terms and conditions of payment. This can be a payment upon acceptance of the site, a 50% prepayment with payment of the remainder upon completion of the work, or any other option.
  • Determine who will provide hosting services. If the site developer does not do this, you need to find a supplier and enter into a separate agreement with them.
  • Additionally, you can indicate the need for SEO-optimization of the site, the connection of analytics tools.

Content licensing and copyright

Copyright protects all kinds of content: texts, photographs, videos, graphics, designs, maps, and programs. There are two sides: you need to protect your content from illegal use and restrain from using third-party content improperly. 

Protect your content

Copyright laws are applied automatically upon creation of the content if the author doesn’t wave their right. Some bloggers still add a copyright notice to show that the content is protected. Most often, it is a copyright sign, company name and the current year or year range, placed in the blog footer together with links to the terms of use. Here is an example from the The Blonde Abroad blog.

Or you can add copyright notice to your Terms and Conditions page, just like on the Lili’s Travel Plans blog.

If content is created by employees of your company, then the business owns the copyright. Other than that, make sure to discuss this point with subcontractors. 

It will be different if you want to share your posts and photos with other people. Then, consider adding a license that will limit the use of your content as necessary. Describe the terms of use on a dedicated page on your website or refer to the license official page. 

Use content lawfully

If you are going to use content from third-party resources, remember about attribution and licensing. 

Attribution is the notice about the source of the material. Usually, this is an indication of the author’s name with a copyright symbol and a link to the source.

Licensing is the granting of a license to use any material. There are many different licenses that allow for different use of content. For example, Creative Commons (CC) is among the most popular ones. It allows for free distribution of content when the author enables others to share, use or build upon their work. Another common license is GNU (GNU Free Documentation License) that allows users to reproduce, redistribute, and modify the content but only if all derivative works are granted a similar license. Note that these licenses come in a variety of types concerning redistribution and other factors.

Make sure to check policies of the website not to violate copyright holder’s rights and always ask permission from the content owner. To be on the safe side, always assume that all the content from third parties requires attribution and licensing. But there are cases in which you can use the copyrighted content freely, so called fair use. It includes:

  • Educational or scientific content
  • Factual or publicly available content
  • You use only a small part of third-party content
  • You could not purchase it or obtain a license

If your site hosts user-generated content, be sure to include a contribution policy and obtain the permission from users to display their content. A contribution policy aims to help users understand what kind of content is acceptable on your site. For example, you can forbid using defamatory language, and so on. Here is an example of a contribution policy for a travel blog

It is equally important to get informed consent from users to display their content on your site. In case of a hashtag campaign or a photo contest, it’s usually implied that the brand is permitted to display the photos that users upload online with the brand hashtag. In other cases, it’s better to ask users for explicit permission, reaching out and explaining how and when you’ll use their content and who you might share it with. To facilitate the outreach, use dedicated tools such as: 

Terms & Conditions

Make sure to state terms and conditions under which your business operates. Such documents are required for every resource, regardless of whether it conducts business or not. Here is an example of the terms from the Lili’s Travel Plans blog.

The user agreement must be consistent with the nature of your business and the focus of the site. Therefore, it is better to consult with a lawyer which clauses to include in the agreement in order to avoid any legal issues with websites.


It’s very important to make your site accessible to disabled people. You might not be aware, but today there are over one billion people with some form of a disability, which equals roughly 15% of the world population. And there is a huge chance that someone from your audience belongs to this group, so why not take care of them?

In some countries, for example, the United States, the law obliges organizations that provide services to a large audience to make their websites accessible for the disabled. One of the most well-known laws to follow in that respect is the ADA Website Compliance, imposing restrictions on online resources.

When offering services or goods on the site, make sure that people with any disability will find it convenient to use to avoid being seen discriminatory. For instance, make a separate website version for users with low vision, add home delivery for people limited in movement and so on.

eCommerce considerations

Be particularly careful if you run an online store. Here are a few considerations regarding ecommerce businesses:

  • Pay attention to the transaction security and encrypt personal information over HTTPS. This protocol improves the users’ security on the internet, protects web resources from hacker attacks and leaks of confidential information. Accordingly, it increases the level of trust with the site users. 
  • Upload information about your business, that is, the legal address, etc.
  • Make sure that your contact information is available to users and up-to-date. Consider including different means of communication: email, telephone number, social media pages, messengers for the convenience of the users.
  • Upload refund and cancellation policies that should be clearly visible at the point of the purchase.
  • Don’t forget to indicate whether tax is included in the price of your goods and services. 

Domain name

It’s important to know that by purchasing a domain name, you don’t get ownership rights, but only the exclusive license to use it, just like a phone number. More than that, often such licenses need to be renewed every year if not specified otherwise. It also makes sense to purchase a few domains with different TDLs, especially if you aim at different markets. For example, .com, .org, .app, .us, .au, .uk, etc.

Thus, you’ll make sure other businesses won’t be able to steal your traffic by purchasing similar domain names, even unintentionally. Why be conscious about that? When another company with the same name appears on the internet, traffic loss and sales decline are only part of the problem. Bad performance and poor service of the competitor might affect your business as well, so make sure to protect your business name, which in many cases is similar to the website name.

 There are organizational and legal measures to protect your domain name.

  1. Organizational measures include the timely renewal of the domain registration for a new term, payment of tariffs for the registrar’s services, keeping the account and password information secret for accessing the user’s personal account on the registrar’s website, etc. In addition, you can use the same domain name on popular social networks like Twitter, Facebook and Instagram. This way you claim the domain name and get users to associate that name with your business.
  2. Legally, you can protect a domain name by registering a trademark and then use the ® symbol next to the company name. Be sure that there aren’t any registered trademarks, even for similar domain names, in order to avoid litigation in the future. It is not obligatory to register a trademark for a domain but it can be very useful.

Relevant disclaimers

Disclaimer is a notice limiting the liability of the site owner for the result of the information posted on the site. It greatly helps protect the interests of the site owner. Here is an example of a disclosure policy from The Blonde Abroad blog.

In general, there are a number of points that will work for most disclaimers.

  1. Affiliate links. This is an absolute must for websites with affiliate links and tools to third-party resources. Disclaiming the paid nature of your relationship with such platforms also helps build trust with the audience. Find affiliate links disclosure examples and tips in our special blog post.
  2. Information accuracy. Often, informative videos that have a historical or other orientation contain a disclaimer that the author does not guarantee the accuracy of the information posted.
  3. Content attribution. Such a disclaimer must contain the period of the site/blog, the name (title) of the author, the copyright mark and the phrase about the protection of rights (“all rights reserved”). The placement of such a disclaimer prohibits any commercial use of the site’s materials by third parties without the permission of the author (copyright holder). Here is an example of such a disclaimer: “All content on this website is copyrighted. Its full or partial distribution, modification or copying without the consent of the author is prohibited.”
  4. Author’s subjective opinion. Such a disclaimer is quite common and contains phrases that the topic, thoughts and even the presentation of facts on the author’s page are nothing more than a personal opinion. A variation of this disclaimer is an indication in the signature on the email that the opinion of the employee does not reflect the opinion of the company as a whole, or in the article: the opinion of the author may not coincide with the opinion of the company.

However, remember that the mere presence of a disclaimer does not always protect from prosecution, you should take into account a set of website legalities.

Privacy policy

If your site collects any personal data, for example, through contact forms, personal accounts or in any other way even if it isn’t visible to the user, you need to obtain the user’s consent to personal data processing and upload a privacy policy. Make sure to specify what kind of information is collected as well as objectives behind the collection and whether you’ll transfer user data to any third parties (and if yes, whom and for what reason). These are the requirements of the GDPR regulation protecting personal data of EU citizens. In the United States, security policy requirements are spelled out in several federal internet-related laws, such as the CSA and the CIPA. In addition, different states may have their own requirements, for example, in California, it is the CPPA.  

You never know where your next visitor will come from, so to avoid any legal trouble, make sure to comply with all major international laws, as if you targeted worldwide. Here is an example of an extensive privacy policy from the Expert Vagabond website.


Cookies help web resources identify visitors. These are small text files with service information for the browser. In other words, the server exchanges data about the sites visited by the user with a web browser on a PC or mobile gadget. Cookies can collect different data:

  • Personal data for authorization (for example, login, name, email, password),
  • Custom site settings (language and geo),
  • Device type of the user
  • Products in the cart and in favorites

As a website owner, you need to upload a cookie consent banner and a cookie policy to your website.

Cookie consent banner

The easiest way to inform users that you are collecting their personal data is through a cookie banner. This is a notice that pops up when the user visits the website for the first time. The banner informs the user that cookies are set on the website and gives a choice of consent before collecting data.

There are different laws regulating cookie banners use. For example, in Europe these are ePrivacy Directive and the GDPR. ePrivacy Directive obliges site owners to notify users about the processing of cookies but only if they are related to analytics and marketing campaigns. The GDPR, in particular paragraph 30, states that the site is obliged to notify the user about the cookies, even if it identifies the user in combination with other data collected through the site and creates user portraits online. You don’t have to receive user consent if cookies are only needed to save session data, play video and audio content or work with third-party plugins that allow you to share content on social media.

In the United States, the Federal Trade Commission (FTC) regulates cookie law. However, the provision on cookies is included in the general privacy policy and does not require a separate posting, unlike in the EU countries.

Cookie policy

Make sure to upload a separate policy if you use cookies to collect user information. It usually includes the following items:

  • Information that cookies are used on this website
  • Definition of what cookies are
  • Which cookies are used by you and/or third parties
  • How and why you and/or third parties use cookies
  • An indication of how the users can refuse the placement of cookies on their devices.

Here is an example of the cookie policy from the Dan Flying Solo blog:

Email marketing

When exploring what are the basic requirements for a website, keep in mind that incorrect email marketing can lead to fines. To avoid this, you must follow the corresponding law in your country as well as countries of residence of your subscribers. To comply with the FTC and The CAN-SPAM Act in the United States and the GDPR in the EU, you must request subscriber’s consent to the storage and use of data and proof of consent to the emails that will be sent. 

Consent to the storage and use of data

The subscriber has the right to know:

  • Why do you ask for their personal information
  • How you are going to use it
  • To whom you will transfer it
  • How they can withdraw the consent

Email consent

The policy requires that subscribers give explicit consent to your emailing, and you can confirm this. The most convenient way is to use double-opt-in. The user needs to follow the link to confirm the subscription, thereby they perform the active action you need so much.

Your emails should also have the “Unsubscribe” button allowing users to easily quit your mailing list at any time.

Laws to comply with

Here are some of the most important regulations to rely on when developing sites. 

General Data Protection Regulation (GDPR) is a part of EU law on data protection and privacy within the European Union, but it also regulates data protection outside the EU area. 

Also, make sure to check the EU Database Directive, Data Protection Directive, as well as Copyright Directive.

Digital Millennium Copyright Act (DMCA), or the US copyright law, brings in liability for:

  • Direct copyright violation by copying protected materials
  • Creation and distribution of technical means allowing to bypass the protection
  • Copyright infringement on the internet

Communications Decency Act (CDA), namely article 230, protects internet sites from obscene or threatening publications of their users and visitors. 

Federal Information Security Management Act (FISMA) regulates information security implementations. 

Children’s Internet Protection Act (CIPA) protects children from obscene or harmful content over the internet.

California Consumer Privacy Act (CPPA) protects consumers’ rights when it comes to personal data collection. The law gives users the right to:

  • Personal information request
  • Obtaining a copy of the data collected within the last 12 months
  • Deletion of the collected data

The CAN-SPAM Act aims to establish standards for sending commercial emails. 

Americans with Disabilities Act (ADA) protects the rights of people with disabilities. 

Naturally, this isn’t an exhaustive list of regulations that website owners must abide by. Please note that this post is for informational purposes only, so it’s recommended to consult your lawyer for legal advice.

Website legalities that marketers should know

It is very important for site owners to follow the law regarding all the activities they undertake such as collecting personal data, sending newsletter, etc. Thus, you will protect yourself from fines and other liability and build trust with customers, relieving them of the thought of how to check whether a website is legal or not. Each country, state and even the region of a separate state may have its own subtleties for site owners and online entrepreneurs, so make sure to take time and explore regulations for every activity you do on the site.

Use the Google docs leak to benefit your blog. Check out the tl;dr with SEO tips