Composr Tutorial: Legal and social responsibilities
Written by Chris Graham (ocProducts)
We will summarise some laws (or broad patterns of laws) in this tutorial, although the particular laws that apply will vary based on where you are located, or have business interests – and it is impossible for us to consider everything. Ultimately businesses may have to seek legal counsel, or use the stated policies of an established business in your jurisdiction as a base for your own.
Table of contents
- Composr Tutorial: Legal and social responsibilities
It is inevitable that some members will break the rules, maliciously or accidentally, but they are still a powerful tool. A good rules page will list offences of a balanced specificity, along with approximate associated punishments. It may also have a legal element, referencing law, and placing legal responsibility on the user.
Composr provides a number of default rules pages that can be chosen using the Setup Wizard, or when creating a new Comcode page from a page template. The rules page is linked into your menus, and is displayed for enforced agreement when a member joins the site. This page can be edited like any Composr Comcode page.
PrivacyIf you are a commercial entity, or if you hold sensitive personal data, you are more likely to be affected by privacy laws than others.
Composr holds the following data:
- member profiles, including custom profile fields. Profiles are likely visible to any visitor to the site (depending on your zone access configuration), and you can define whether custom profile fields are visible
- the 'online status' of all members. This is publicly visible
- access statistics that allow you to see where-ever users have been on your site. This is not publicly visible
- logs of user interactivity with the site. This is mostly not publicly visible, except for submitted and edited content
- point transactions. The point 'giver' may define whether they are anonymous from the public, but they will not be from the staff
- security logs for suspected hack-attempts. This is not publicly visible
- Private Topics. These are only visible between sender and receiver, and staff (when intentionally viewed)
- personal posts. These are only visible between sender and receiver, and staff (may be viewed unintentionally)
It is not necessary to state that submitted-for-publication content will be visible as the user will know this is not personal data at the point of submitting it.
Depending on your jurisdiction and situation, you may need to register with a 'data commissioner' for holding personal data.
You may also wish to include your policy with respect to deletion of publicly submitted content upon request by the submitter or another party.
- What you do with a "Do Not Track" HTTP header (Composr does nothing out of the box, mainly because we do not do cross-site tracking, and also because the standard is not well-adopted)
- A dated list of amendments
AccessibilityPotentially (under anti-discrimination laws) your website must satisfy the web-accessibility-initiative (WAI ), web content accessibility guidelines (WCAG ). Fortunately Composr complies to the highest level of accessibility under these guidelines (for all interfaces: user and administrator), which is rare, as the vast majority of web applications are not close to complying with the lowest level of accessibility.
As a site-maintainer however, there are accessibility guidelines that apply to content that the developers can not arrange-for on your behalf. Also, if you modify the default Composr templates, it is very easy to degrade the inbuilt accessibility.
For more information, see the accessibility tutorial.
SalesIf you use your website to drive 'electronic' sales, then it is likely there is legislature regulating your activities. In the UK, these are known as the 'distance selling regulations' and are essentially involved in making sure that adequate provisions are put in place to make up for the lack of personal communication that is inherent in a brick&mortar store.
Your website would, of course, also be party to legislation on all forms of business, including issues such as tax. International VAT/sales-tax is a particularly complex and situational-dependant topic, so I will not make any attempt to explain it here.
LiabilityUnless you disclaim liability, you may be liable for problems caused directly or indirectly by you or your website. For example, if you allow users to get downloads into your database without having them screened for viruses, it is possible someone could try and hold you legally accountable if they were infected by a virus from software from your download database, unless you made it explicit that you disclaim responsibility for this.
Please note that it is not usually possible to disclaim liability for everything that might affect you.
Intellectual propertyYou could be at risk of liability for harm caused to third-parties, particular in the areas of intellectual property.
- Copyright infringement (unauthorised distribution of copyright-protected works)
- Trademark infringement
- Trade secrets
- State-banned material, such as secret documents, or terrorist manuals
- You need to make sure you don't make any direct infringements yourself
- You need to make reasonable efforts to take down illegal content posted by users as you become aware of it. You are protected under "safe harbour" laws, but only if you do take reasonable measures to comply when you know of issues.
- You must be reasonable. You can't set up a site for 'warez' or 'file sharing', knowing that it is primarily being used for illegal content then hide behind the safe harbour laws. You can't claim fair use (e.g. parody) for large amounts of material that is clearly being distributed for direct usage.
Perhaps the best way to tackle content policing is a three-pronged approach:
- Perform cursory checks to make sure submitted data is not illegal
- Add member rules that prohibit uploading of illegal content
- Disclaim liability for such content (while this would likely not work if your website became littered with illegal content, it is perhaps more defensible for exceptions)
You may wish to add to your legal page that you disclaim liability for mis-use of registered trademarks, and that they remain the property of their respective owners.
Discussion of illegal activitiesThe advice for illegal content generally applies to the discussion of illegal activities also. There is, however, a fine line between discussing the merits of illegal activity and the incitement of it: this is very likely to be an issue on any active community, and you will need to consider how you will deal with it.
LibelThe advice for illegal content generally applies to the discussion of libel (defamation) also.
Computer mis-useIt is likely that you will experience attempts to hack into your website by malicious users and 'bots' which automatically probe websites for vulnerabilities. Fortunately Composr is extremely sophisticated when it comes to 'hack attack' detection, and will block, and log, these attempts. Composr provides a two-layer security approach: it is engineered to use secure practices, and proactively detects when its interfaces are being abused.
However, even with all this, there are 3/4 million (at the time of writing) lines of code that could potentially contain vulnerabilities. You therefore should keep backups, and if you run a high profile website, know how to attempt to track down miscreants and subject them to legal action.
If a vulnerability is found, the developers would like to know about it, and will deal with it promptly and responsibly, for the sake of all our users.
It is also possible that miscreants will attempt to use your website as a vehicle for mischief directed at others. There are not many ways to do this, and we know of no ways to cause serious abuses, but you should keep it in mind that it may be possible, and consider adding a disclaimer into your legal page for it.
SocialThe sub-sections of this section briefly cover the main social issues you are likely to need to consider. By running a website with community features, such as a forum, or chatrooms, you are in essence making yourself or your team, community leaders, and therefore you hold the responsibilities that come with this.
Child protectionThere is a US law, COPPA (Children's Online Privacy Protection Act), that you need to comply with if your (US) website targets children under 13 for membership, or if you know that members of your website are under 13. More information on this law is available here from the COPPA website (see 'see also').
Australia has a similar law that you can use the same system for, COPA. If you are targeting COPA, adjust the COPPA_MAIL language string to reflect this.
Similarly the EU has an equivalent law, in GDPR (General Data Protection Regulation).
If COPPA support is configured in Conversr , then when visitors try to join they will be added as non-validated if they are too young, with a notice to send in a COPPA form to you via mail or fax.
In order to enable COPPA you need to turn on "COPPA enabled", and configure your fax number and postal address.
Young members (or even older members) are often naive, as they have less experience of the world and often have lived relatively sheltered lives. Therefore you should actively protect these members from:
- inappropriate exposure of materials by other members (such as pornography or other sexual content)
Offensive content and moderationIt is unfortunate but inevitable that in most social climates, people will have strongly opposing views about what is appropriate behaviour. I have personal experience moderating forums, and know people may be explosively passionate about their views, and highly accusative of those who do not carry them.
Most opposing views are political in some sense, and usually related to the divide between traditionalism/conservatism and liberalism.
You need to make three main decisions:
- Are you going to reach a balance between extremes (if so, make some decisions on where the balance lies), or moderate against your-own or someone-else's personal/corporate views?
- Are you going to define a level of what is 'appropriate' for your community, not based on personal view, but merely what you think your community should be allowed to discuss?
- Are you going to limit discussion of topics related purely on relevance to a central topic?
When it comes to moderation, the words 'freedom' and 'offensive' very often get carried around:
- if you moderate someone, it is likely they will accuse you of 'removing their freedom' (even though your website is not public property)
- if you allow someone to be offensive to others, they will likely accuse you of building a website that is a vehicle to propaganda or an agenda they disagree with
Staying on-topicUnless you are a government entity, true "free speech" is unlikely to be an issue – but users may still appreciate some level of unmoderated discussion. You will need to strike a balance between "freedom of discussion" and "staying on topic" that is appropriate to your particular website.
You should make a decision upon this:
- is it necessary to stick to discussing certain topics in certain places?
- or, should members be free to discuss whatever they wish anywhere?
- Or, will there be a compromise depending on circumstance and location
DiscriminationYou may wish to consider anti-discrimination clauses in your rules, possibly citing what you areas consider to be discriminatory (such as gender, race, appearance, and sexuality).
AbuseYou may wish to make rules and policies regarding abuse between members.
Personality typesAs a community-leader, you should be aware that members of your community may have differing psychologies. It is actually likely that in many large online communities you could have users at extreme ends of the spectrum, and therefore you may wish to have policies in place to monitor such users in order to maintain a healthy balance, and protect the more vulnerable users.
With a basic awareness of psychology you may identify issues and be able to help people who may otherwise be isolated (someone very active online may be socially-isolated offline).
Handling feedbackYou should develop a policy about how you handle feedback. This is of particular importance to commercial entities:
- will you leave negative feedback visible and possibly have negative views on your very own website?
- will you moderate negative feedback and be accused of suppressing the truth?
- will you consciously make sure there is no publicly visible outlet for negative feedback on the site, and remove any that is found for being 'off-topic'?
- Advice for choosing and managing staff
- Children's Online Privacy Protection Act (wikipedia)
- Dos and Do-nots of a (Composr) website
Please rate this tutorial:
Have a suggestion? Report an issue on the tracker.