Legal Requirements for Websites

cover poster with blog title

It’s certainly more fun to think about how your website can look, function and most importantly, further your sales and marketing goals. However, there is an often overlooked part of maintaining a website that should be addressed by anyone publishing content online and especially by those selling through their websites: website legalities.

Which brings me to the obvious disclaimer: I am not a lawyer and the information I provide is solely intended for general information purposes. The following guidelines are meant to get you thinking about your individual situations and laws that apply in your state, region, country, or industry. None of the following should be taken as legal advice for any individual, business or other situation.

Whew. Now that that’s out of the way. Let’s talk about a few legal requirements for websites.

Website Legal Must-Haves

Privacy Policy

This is a big one and deserves top-billing on the list! If you are collecting any data or info on users of your site, you are required to have a privacy policy explaining what you are collecting and how you are handling the info. Don’t think you’re collecting user info? Not so fast… Typical methods of “collecting” user info include:

  • Use of Google Analytics or another analytics tracking code installed
  • Contact forms
  • Newsletter or other opt-in offers (i.e., “lead magnets”)
  • Any form of online sale

Privacy policies are also critical for websites that any California resident may visit. Business owners have to comply with CalOPPA regulations, which dictate the type of info collected, third-parties that may receive users’ info, how users can review and request changes to their info, how changes to the privacy policy are implemented and the date the policy took effect.

European Union residents are also afforded privacy protection under the General Data Protection Regulation (more commonly known as the GDPR), so keep that in mind when crafting a privacy policy if your website has an audience within the EU. Privacy laws are constantly in flux, so it may be worth your time and effort to reach out to a law professional to make sure you’re covered.

Cookie Consent

We’ve all see the ‘accept cookies’ banners that pop up on various websites we browse. If you’ve noticed an uptick in these, it’s not a coincidence. The GDPR went into effect in May of 2018, but despite the law being enacted by the EU, it affects any website that gets traffic from an EU-member country.

For this reason, your website needs a cookie consent notice. Mine is in the footer of the website, but it can be on top (in the header), or even as a pop-up/modal window. Wherever you put it, you need to include a few key details:

  • Disclose that you are using cookies on your site
  • A brief overview of why the cookies are being used (i.e., “we use cookies to enhance the user experience on our website.”)
  • A link to your privacy policy which delves into how the info that is collected by the cookie will be used and stored
  • Allow users to accept or decline (opt-in/opt-out) cookies… and do NOT pre-check any opt-in box for them, as it violates the GDPR.


I’ve written about the importance of website accessibility and while I feel that it’s good business to extend your website to everyone (the more people that use your site, the better), it’s also the right thing to do! Moral compass aside, however, there are also compliance laws of which to be aware. A few areas to analyze when considering website accessibility include:

  • Are fonts large enough for vision-impaired users?
  • Is your site compatible with screen reading technology?
  • Are your images optimized to include alt tags (the text that describes an image)?
  • Is there enough contrast between fonts and backgrounds?
  • Does your video content offer closed captioning or transcripts for those users who are hearing-impaired?

Additional Website Must-Haves

Many of the following items are likely already part of your website, but they are worth including, so you can do a quick double-check.

SSL certificate: not only do search engines penalize you for not using one (check your urls and make sure they all say https:// and not just http://) but if you are selling anything through your website (or collecting any type of customer info, honestly) you should have an SSL certificate to encrypt the data that is being processed. Many domain registrars or hosting companies offer free SSL certificates with their purchases, so you may not have even thought to check, but do confirm you have one in use on your site and that it is securing ALL pages. Ideally, if you type in the non-secure url into your browser, your site should route to the secured (https://) version. If it’s not, WordPress has many SSL plugins that will help automate this for you!

Copyrighted Material: this is a two-way street. Make sure you are not using anyone else’s content without explicit permission. You wouldn’t want anyone taking your content and slapping their name on it! On that note, I also recommend a copyright notice in the footer of a website and including your policies in your Terms and Conditions page, speaking of which…

Terms & Conditions

A terms & conditions page can be a cornerstone of your website, though it’s not legally required. I still recommend including one, for the simple reason that it essentially acts as an agreement between the users of your website and you. It outlines what users can and cannot do with your website material and can protect you from copyright infringement. This is especially important for those selling digital products! It’s also just good business to be as transparent as possible with your customers and users.

What to Include in T&Cs

Typically, this is the place where users will find delivery terms, return policies, industry-required clauses and other guidelines that might be needed, based on the type of interaction. Frequently, this is also where you might include how to handle disputes, should a customer/user bring forward some sort of claim. The T&Cs page is a perfect place to outline protocols for customers who may find that they received a damaged item or perhaps the item was lost/stolen during shipping. Having a clear policy on how those instances should be handled will help mitigate any negative interactions with clients.

Additional Legalities By Industry

Remember that certain industries have strict laws and requirements; for example, healthcare or medical websites must meet HIPAA requirements. If you have a highly specialized industry, it’s worth reaching out to a lawyer.

Bonus: Email Marketing Compliance

If you send any sort of marketing email to your customers, make sure you’re in compliance. This includes getting explicit permission to email customers, providing an easy unsubscribe option and more. I recommend using an email marketing platform like MailChimp, FloDesk or another similar service to manage your email list, as they make compliance that much easier. Frankly, these practices of targeting only those who opt-in will also increase your conversions, as you are left with a clean list who has already expressed interest in your business, as opposed to cold leads, who may or may not have interest.

Your Website Homework

Get that privacy policy and cookie banner setup! By default, WordPress comes with a privacy policy that you can use as blue print, if you choose to activate the page. However, I recommend having someone with some legal knowledge take a look to make sure your situation is appropriately covered. Additionally, you can find many free cookie plugins in the WordPress plugin repository that will get your started with your cookie consent.

If you’re looking for some help with accessibility, take a look at accessiBe as an automated option. I recently partnered with them and they give my clients a small discount on their licensing and they make it easy for me to drop in a small bit of code on your website and get things like your accessibility statement setup.

No matter the industry, you will want to make sure your site is meeting the legal requirements for websites.