We are not lawyers! None of this is legal advice, and if you’re running anything beyond a personal blog, you will probably want to get some. The following is just a quick list of some of the items that may be relevant to your website. These are by no means comprehensive but they are some of the questions you may want to ask yourself and/or a legal advisor.

Accessibility

• See chapter 16 for the details. Are any levels of accessibility a legal obligation in my country or jurisdiction? Am I in breach here?

Liability

• What happens in the case of a data breach (see chapter 7)? What if someone hacks into my website and steals user passwords, financial, personal or medical information? What if this was because my website didn’t take precautions? For example TalkTalk had racked up £30 million of damages due to a fairly basic hack which exploited a vulnerability that would have been closed with basic security measures.
• If members of the public can use my website to generate content, what happens if that content is spam, harassment, libelous? Can users send emails or messages?
• Note that like most of the points in this chapter this goes beyond legal obligation and into running an ethical website and/or creating an action plan. And you need an action plan. For example, even something simple like letting users choose their public user name has consequences. How long until someone chooses a racial slur for their username? In fact, a good question to ask is how might the multitude of hate groups that exist use my website to promote their message and what will I do now to stop this? The chances of this happening are much higher than you think.
• What happens if someone takes something they might construe as advice from my website and suffers damages?
• What if they just believe that they were harmed due to the service that my website is meant to provide?

Copyright

• Do I have the proper licensing to use all the text, images, audio and video that I use on my website? Plenty of people think a Google image search is the substitute for the legal sourcing of images for your website for example. There are plenty of stock photo libraries (eg. Unsplash) that you can use, some of which are even free.
• Have I implemented the proper attribution to all the works I should reference (eg. mentioning the creator or linking to them)? Some free licensing schemes like Creative Commons may still require it, and certain forms of paid licensing might require it as well.

Privacy

• What are my obligations to my visitors? Does this differ depending on which region the visitor is in? For example, a lot of people in Australia might not take the EU’s GDPR legislation into account, but it would apply to anyone browsing your website from the EU. Meaning that if you haven’t gotten the necessary GDPR policies in place, your business may in theory be liable.
• Do I need to seek explicit consent for certain activities (eg. subscribing someone to a newsletter) and implicit consent for others (eg. turning on Google Analytics for a user’s visit)?
• Where I need explicit consent, is this how I’ve actually implemented things? If we had $1 for every website which has a popup saying “we need your consent to use cookies” but also drops the cookies at the same time (instead of waiting for the consent)…
• Conversely are any consent asks a double-up of an existing consent ask? A common example is subscribing to a newsletter and making people tick a box saying they consent to you using the email address to subscribe to the newsletter. Why else would they be putting their email into the form?
• Do I need to use a Consent Management Platform (CMP) such as Cookiebot to actually notify people, store provable consent and make sure things are only done once you have the relevant consent?
• Does my privacy policy accurately describe what happens? Plenty of websites have very generic policies which may have nothing to do with what user data is actually gathered once you’ve plugged in the 5-10 third party vendors that you may be using
• Does my website (or any related service) store customer data in a country where I may not be allowed to store this data?
• Does my privacy policy make the types of disclosures that some of the tools I’m using (eg. Google Analytics, Google Ads, Facebook Ads, Hubspot etc) require me to disclose?

Consumer protection

• If I have any forms with a tickbox to opt into an additional thing (eg. an ecommerce payment form with a tickbox to subscribe to the newsletter), am I preticking it and if so is this legal in my country?
• If someone subscribes do I need to implement double-opt-in before adding them to my database? That is, do I need them to click on a confirmation email link to prove that they subscribed themselves to my list and not their ex?
• If I am selling products or services directly on my website, do I have clearly stated payment, refund and other T&C info on the website? Is it easy to find? Would anyone be surprised by a policy after having made a purchase? Additionally, depending on what types of marketing channels you employ, some like Google Ads and Facebook require certain policies be in place as part of their terms and conditions
• If my prices are dynamic is the way I’m calculating them considered anti-competitive (eg. showing higher prices to returning visitors)?

This is not a comprehensive list by any means but hopefully it will get you brainstorming.