A lot of people are apprehensive about the legal aspects of blogging, but it’s pretty straightforward once you’re familiar with what you need to have and do. This blog post explains where to get the key legal templates for your blog (for free!) and the main things you need to know.
Blogging 101: Legal Essentials For Your Blog Click To Tweet
Please note that we are not lawyers and this isn’t intended to be taken as comprehensive legal advice; just a means to point you in the direction of helpful resources for your blog. Don’t worry, it’s easier than you probably think!
Quick Jump Links:
- Website features & pages you need
- Email marketing requirements
- Complying with GDPR & CalOPPA
- Accessibility
- Affiliate link & sponsored post disclosures
I know nothing about legal things, help!
Before we get started, the most important thing to remember is: try not to worry! It can be easy to overthink it and get in a panic, but it’s not the huge disaster of fines and criminal records you may imagine it to be in your head.
The worst case scenario is likely to be that a legitimate organization explains to you how to improve or what you need to change, and gives you adequate time and support to do that. Even then, across many years and thousands of bloggers, we’ve never even heard of this happening (outside of properly declaring affiliate links and sponsored posts).
While you should do your best to comply and protect yourself and your visitors, no one is expecting you to need a law degree to have a blog. It will be very obvious to anyone looking at your website that you’re a blogger/small business who has made an effort to comply, not a huge organization with a legal team that’s deliberately trying to fly under the radar in the hope they can get away with something!
The rest of this post looks at how to comply, so let’s get started!
Which country’s laws should I be following?
This is a tricky one as different countries have varying laws. In some cases, even different states or regions can have different regulations (for example California has its own set of privacy requirements).
As a minimum, you want to follow the laws for the country you’re in, and ideally for where the majority of your visitors are based. If your blog is aimed at an international audience, one approach is to go with the strictest, more comprehensive requirements as then you can be more confident you’re compliant everywhere. These would currently be (in our opinion) the ASA, FTC, calOPPA, and the EU guidelines. It’s worth mentioning that the US guidelines for privacy and marketing are typically easier to understand and apply to blogs and websites than those of other countries (where they’re often constructed vaguely or without specific knowledge of the blogging and influencer industries).
If you’re super cautious, it’s worth seeing if your local government’s websites have any information about complying, or you could try getting in touch with free business incubators, your local council, your bank, or similar to find out if there’s anything specific you need to do. However, it’s unlikely you’ll need to do anything extra if you’re just running a straightforward blog rather than a business.
It’s also worth noting that the location of your host may also be a relevant factor, as they have to obey the laws of the country or countries they’re registered and/or have servers in. This is only likely to be relevant for things involving selling restricted items, or where age of consent is a relevant factor, in which case you should check with your host anyway in case they themselves ban this type of content/business even if the law allows it. (Many hosts do, because they don’t want to fly too close to potential legal issues or have a site they host be targeted by protestors).
Website features & pages you need
A large part of being legally compliant is through the information you have on your website. If your blog content is presented in different languages, e.g. both English and Spanish, you should have these pages in the different languages too, not just English.
As a minimum, you’ll want to do the following:
1. Create a privacy policy
This outlines how you store and use data on your website.
This should be linked specifically as “Privacy” or “Privacy Policy” and appear on every page of your site as some regulations require it to be no more than one click away for your visitors. Most people link to it in their footer. It should also include the date it was last updated.
It should be GDPR compliant in case any of your visitors browse from the EU. This also includes people visiting the EU and browsing your site from there, not just EU citizens. As this isn’t something you have control over, especially if someone uses a VPN to hide their real location, you want to make sure you’re covered.
WordPress includes a basic privacy policy you can use for your website, which is set as a Draft under Pages in your Dashboard. You can edit it and publish it easily from there.
Another option is to generate a compliant privacy policy for free through Rocket Lawyer. You’ll need to cancel your trial before you’re charged if you don’t want to continue your service with them, but during the trial you can download all the legal documents you want for free.
Alternatively, a quick google will throw up many other free generators on the internet; just make sure they are from a reputable legal source and are GDPR compliant.
For more on GDPR compliancy, see GDPR For Bloggers.
2. Create a cookie policy and add cookie controls
Some privacy policies may include cookie information; however you still need a way for your visitors to control their cookie preferences. Cookies are small bits of data stored on your visitor’s computer or device by your website. They are used for things like tracking affiliate sales and analytics hits. Your cookie policy needs to explain what cookies you drop and why, and your visitors should be able to control their preferences and block all non-essential cookies if they wish.
WordPress has a whole bunch of cookie plugins to choose from, with varying degrees of complexity. Some simply notify the user that your website uses cookies; others guide you through listing and giving visitors the ability to block cookies before they’re dropped. You can browse the options in the WordPress Plugin Directory (follow our guidelines on What To Check Before Installing A WordPress Plugin).
Some plugins may also include a cookie policy for you to use; if not, there are plenty of free cookie policy generators you can find with a google search.
Finding and listing your cookies can be complicated, especially if you have a lot of features or use third party plugins or services. If you’re a Lyrical Host customer and need help setting up your cookie plugin, please raise a support ticket.
3. Create a terms and conditions page
This sets out things like fair use terms of use for browsing your website and how people may use the content. You can generate your website terms page with a free trial of RocketLawyer as above, or google for free templates from trusted sources. Remember to Ctrl + F to replace all the placeholder text with your own information!
4. Add copyright information to your footer
You don’t need to apply for or buy any kind of copyright protection for your work; everything you publish on your website is automatically protected by copyright law. This is the case regardless of your location, where your website is hosted, your nationality, and so on.
However, you’ll want to add a copyright notification in your footer. This should be in the following format, and you should keep the year current (or use code/a plugin to automatically change the year for you):
©[Website name] [year started] - [current year]. All Rights Reserved.
You can find out more about protecting your website and reporting stolen content with our blog post How To Stop Content Theft (And What To Do If It Happens).
5. Check if you need to register with your country/state’s government office
You can google this if you’re not sure if this applies where you live.
In the UK, it’s the ICO and you can do a quiz here to see if you need to register.
6. Make sure you have an SSL certificate
While this isn’t technically a legal requirement, under GDPR you’re required to take reasonable steps to protect visitors’ personal data when they’re browsing your website. We always recommend everyone installs an SSL certificate; free ones are great, and paid ones not necessarily better.
An SSL certificate ensures your website address begins with https:// and stops third parties intercepting your visitors’ personal data, for example their email address when they leave a comment or submit a contact form. Let’s Encrypt SSL certificates are free and can be used for ecommerce websites too. For more on SSL certificates, see How To Set Up A Free SSL Certificate For Your Website.
7. If your blog is a registered business or you sell from it, there are a few more things you need to do:
These apply if you have an ecommerce store, or sell services, or are a registered business (e.g. an LLC or Ltd company):
- Include your address in your footer.
- Include your registered business number or VAT number (if you have one) in your footer.
- Create a page listing your shipping and returns policies. You should also be aware of what returns policies you’re allowed to have based on your country/state and comply with those guidelines.
- If you take payments directly from your website, check your hosting uses PCI compliant data centers (Lyrical Host does).
Complying with GDPR and CalOPPA
These are two sets of regulations that have been implemented in recent years. GDPR is European based, while CalOPPA is California based. We recommend complying with both to be safe; many of their guidelines have cross-over so it’s not much more work to comply with both.
You can find more on GDPR compliancy in our blog post, GDPR For Bloggers, which guides you through the nine main things you need to look at. Many of these tasks are covered in the steps we’ve mentioned above, although we’ve included more GDPR-specific details.
You can also find out more about how we comply on our own GDPR and CalOPPA page, which you’re welcome to take inspiration from. While you’re not required to have specific GDPR and CalOPPA pages on your website, they can be a strong trust signal for your visitors.
Email marketing
Many bloggers create mailing lists where they send emails of new posts, newsletters, marketing emails or similar. It’s best to do this through a bespoke email marketing provider such as Mailerlite or Convertkit, as such services are specifically designed for sending high volumes of email and making organizing your lists and staying compliant easier.
Your email marketing provider will have a bunch of features and information to help you comply, and to stop you making mistakes, but here are the main things to be aware of:
You must have explicit permission to email each person on your list
Each person on your list must have explicitly consented to be on there, for example by subscribing to emails on your website, or checking a box on a form to receive emails. For example if you ran an event for parents and asked them for their email addresses, you couldn’t send them emails just because they’ve given you their email address. They would need to have explicitly checked a box or provided written agreement to be sent, say, a parents’ newsletter.
You must have also specified and they must have agreed to what types of emails they want to receive from you. For example, you would need explicit permission to send both emails of new blog posts and emails about sales
You need to include your address in your email when you’re emailing out to your mailing list.
If you’re not a business and you don’t want to provide your home address, you could do one of the following:
- Use an email marketing provider that lets you use their address, for example ConvertKit.
- Get a PO box. There are some that only charge you if mail is actually sent to you (in the UK, we’ve heard good things about UK Postbox).
- Use a virtual office or co-working space that provides a business address.
You must provide a working unsubscribe link in your emails
People must have the option of easily unsubscribing from your emails; you shouldn’t make them jump through hoops, for example needing to call or complete a form. You should use an easy to see unsubscribe link (e.g. black text on a white background, not white text on a white background).
Many email marketing providers will provide details on legality and have things in place to help you not break the law; for example Mailchimp won’t let you send an email without an address. Tweet or live chat with your provider if there’s anything you’re not sure about – they’re there to help!
Double opt-in is highly recommended
Double opt-in is where someone enters their email address on your website to subscribe to your mailing list, but isn’t actually added to your mailing list until they confirm again they wanted to subscribe. This is usually done by your email marketing provider sending an automatic email to them where they can click a link and confirm they wanted to sign up to your mailing list.
Although in most places double opt-in isn’t an explicit legal requirement, we highly recommend it for a few different reasons:
- The quality of your list will be better: you’re more likely to attract people who are genuinely interested in hearing from you (therefore your open and click through rates are likely to be higher, too).
- You’ll prevent fake bot sign ups: these take time to clear out, and if ignored you’ll end up paying to send emails to them.
- Double opt-in is better GDPR proof and assurance that someone chose to opt-in for your emails (as opposed to someone else entering the person’s email address to be annoying/as a joke).
These things will save you time, hassle, and money in the long run.
Accessibility
Accessibility laws for websites vary a lot by country, but aiming to have your website as accessible as possible has a whole lot of benefits. The UK government has a great, easy to follow resource on accessibility which is a great starting point.
If you’ve not heard of accessibility before, it basically means making your website usable and useful to people with disabilities and conditions. For example, a colorblind person may struggle to tell the difference between two color-coded lists in your blog post. A visually impaired person using a screen reader won’t know what text you have on your images or what they’re about unless you describe them using ALT text. Someone with arthritis may not be able to use a mouse, instead relying on keyboard taps to browse your site.
There are many different ways someone may need to browse your website, so being careful not to accidentally discriminate is vital.
Accessibility is a big area and goes far beyond the scope of this post, but here are some starting points of things to think about and try:
Colorblind accessibility – Learn more about improving accessibility for colorblind users and see what your website looks like to colorblind users.
Screen reader accessibility – A screen reader is software that reads text on a web page out loud to visually impaired visitors. It can’t read text you’ve create or added to images in graphics software, but it can read ALT text and labels. Most text-based content on your website should automatically be accessibility-friendly to screen reader users. You’ll also want to make sure your links are descriptive, for example “About Me” rather than “click here.”
If you are in the Lyrical Host Facebook group, you’re welcome to ask one of our screen reader users to take a look at your website to check they can browse everything easily and understand it.
Keyboard testing – Not everyone can use a mouse, so testing that your website works by using keyboard keys and shortcuts to scroll pages and navigate links.
Audio accessbility – If you have videos, audio, or podcast recordings, make sure there’s a visual transcript for deaf users (it’s also a bonus for search engine optimization as it gives you more quality written content on the page). It’s also important to note that visually impaired users rarely prefer audio content as audio players typically only go up to 3x speed, and they tend to listen and process at much, much faster speeds.
Mobile accessibility – This involves things like making sure buttons are large enough to click on mobile, that your menus are easy to browse, and so on. Google Search Console can flag these kinds of errors, though it’s best to check your website on mobile yourself to see what you think as it often raises false positives.
General user experience improvements – Websites like User Testing will get people to view your site and you can watch their experience and see what they fiind difficult.
While there’s a lot more to accessibility, if you’re a WordPress user your website should naturally be accessibility-friendly to a large degree; you need to be careful you aren’t accidentally making life harder for people by not describing images, using color schemes that aren’t colorblind friendly, having lots of very deeply layered sub-menus, and so on.
Affiliate links and sponsored posts
If you use affiliate links on your blog, you’ll need to disclose them as being commercial links where you receive compensation if a visitor purchases through them. You can find out more about how to comply with this post, although some affiliate programs (such as Amazon’s) require you to use their own specific wording: How To Disclose Affiliate Links.
Sponsored posts also need to be declared as such. You can find ASA information and FTC guidance on that. Posts where you’ve been gifted an item, rather than being paid, must also be declared as sponsored posts.
You should not agree to write a positive review because you’re being paid to do so; your write-up should always be honest and balanced.
Final notes
It may seem a lot to think about, but just go through things a step at a time. If you need any help or support as a Lyrical Host customer, just create a support ticket with your specific questions, and we’ll do our best!
Pin for later:
No Comments