Don’t include a DMCA or privacy policy in your contract

IT providers often add their copyright (DMCA) and privacy policies to their contracts. They incorporate those policies by reference or just promise to comply. That’s a mistake. If you’re the provider, you gain nothing by incorporating your policies. In fact, you pay a price.

Privacy Policies

A privacy policy explains how you use private information. Applicable privacy and security laws probably require that you post one. And you may face legal trouble if you violate your own policy. But few laws require that your contract promise compliance. So unless you’re subject to an unusual law (worth checking), why make that promise?

abstract image of privacy policies

DMCA Policies

Digital Millennium Copyright Act policies tell the public how you respond to copyright infringement claims. The DMCA doesn’t require that you post a policy. And you don’t have to post one to benefit from DMCA’s “safe harbor.” (That protects “online service providers” against copyright liability related to their users’ infringement.) The safe harbor doesn’t require that you publish anything other than contact information for the employee or agent you’ve assigned to receive copyright notices. (The safe harbor does have other requirements, including re registering that employee or agent with the Copyright Office.)

copyright guySo what is a DMCA policy? It describes the steps you take when you receive notice of copyright infringement. It’s not required for the safe harbor. And you certainly don’t have to put those procedures in your contract.

In fact, it would make little sense to put a DMCA policy in your contract. The policy serves as an announcement to the public, not to your customers. It’s directed to third parties who might claim your customer or user infringed their copyright. So you should post it somewhere the public will see it. That’s probably not your contract.

The Consequences

By putting your DMCA or privacy policy in your contract, you add breach of contract liability to the consequences for violating those policies. (Keep in mind, you might violate them by accident.)

If you violate your privacy policy, you could face liability to consumers or the government. If you violate your DMCA policy, you could lose safe harbor protections. Putting those policies in your contract, or not, won’t change those consequences. So why volunteer for additional liability?

Plus, adding those policies to your contract limits your freedom to amend them.

Referenced, Not Incorporated

Here’s typical IT contract language on separate policies: “Provider’s Privacy Policy and DMCA Policy are incorporated into this Agreement by this reference.” Don’t do that.

You could instead get customer consent to the policies, without binding yourself. “Customer is on notice of Provider’s DMCA Policy and Privacy Policy, and Customer recognizes that such policies are not part of this Agreement and that this Agreement does not restrict Provider’s right to revise them.” That should head off any customer claims related to those policies. (“We never agreed to that!”) And it binds you to nothing (beyond what the law already requires).

Separately …

Consider additional terms in your contract related to the DMCA. For instance, you might benefit from disclaimers related to customer copyright infringement — and related the steps you take to address it.

You can learn more about online polices in The Tech Contracts Handbook (3rd ed.), Appendix 4.

© 2021 by Tech Contracts Academy, LLC. All rights reserved.

Thank you to for great, free stock images!

Share the Post:

Related Posts