[Editor’s Note: In response to the success of our earlier post on terms and conditions for mobile apps, two of our London-based colleagues have prepared a “remixed” version, which looks at the subject of mobile app terms and conditions from a European perspective. Enjoy!]
The mobile app has become the new face of business. It’s no longer sufficient to have a company website. More and more companies want a mobile app that users can download to their smartphones and easily access. It’s not difficult to see why. People are voting with their thumbs.
In 2015, overall mobile app usage grew by 58%, with lifestyle and shopping apps growing 81%, following previous 174% growth in 2014, according to FlurryMobile. Indeed, FlurryMobile figures show that mobile commerce now accounts for 40% of online commerce worldwide. Accordingly, the advantages of an app to business, from a customer marketing, engagement, service and awareness perspective, are clear.
Even traditionally conservative sectors such as financial services are being revolutionised by the mobile app. In 2015, the British Bankers Association identified that banking by smartphone and tablet has become the main way for UK customers to manage their finances, with mobile banking overtaking branches and the internet as the most popular way to bank.
If your company will be among the many businesses that launch a mobile app in Europe in 2016, one of the key legal protections your company will need in connection with such launch is an end user licence agreement (EULA). So, where do you start? Here at MoFo, we regularly review mobile app EULAs and we’ve noticed a number of issues that app developers don’t always get right. Here is our list of the key issues you will need to consider.
- One size does not fit all
Your EULA will be an important part of your strategy to help mitigate risks and protect your intellectual property in connection with your app. It’s unlikely that you would release desktop software without an EULA, and mobile apps (which are, after all, software products) warrant the same protection. While a number of mobile app providers such as Google provide a “default” EULA to govern mobile apps downloaded from their respective app stores, they also permit developers to adopt their own customized EULAs instead—subject to a few caveats, as mentioned below. Because the default EULAs can be quite limited and can’t possibly address all of the issues that your particular app is likely to raise, it’s generally best to adopt your own EULA in order to protect your interests.
- How to ensure a binding EULA?
Whether an EULA is enforceable in any particular case will depend on how the EULA is presented to users and how users indicate their agreement to the EULA. There are several ways that you can present your EULAs to users. For example, in most app stores, a dedicated link called “Licence Agreement allows companies to include a link to their EULAs from their product page. In addition, it’s advisable for companies to include language in their apps’ “Description” field making clear to users that, by downloading and using the app, they are accepting the EULA. Despite this functionality being available, many apps currently do not provide users with an opportunity to view the EULA before downloading the app. However, if you want to help ensure your EULA is capable of being enforced against consumers in Europe, the safest approach is to include a link to the EULA and require an affirmative “click-accept” of the EULA when the app is first opened by a user on his or her device to demonstrate that the EULA was accepted.
- Who is bound by your EULA?
If an app is targeted toward businesses, or toward individuals who will use the app in their business capacities, then the EULA should ideally bind both the individual who uses the app and the individual’s employer. If minors will be permitted to use the app, then the EULA should require that a parent or guardian consents on the minor’s behalf. If the app is specifically targeted at minors, careful consideration should be given to any specific legal or regulatory requirements. For example, in Europe, particular concerns have been raised about the use of app games by minors, particularly games that are free to download, but which provide for in-app purchases; regulators have issued specific guidance of which developers of app games will need to be aware.
- Where to put your EULA?
As a technical matter, a EULA can reside in one of two places: It can be “hard-coded” into the app itself, so that the EULA is downloaded together with the app, or it can reside on a separate web server maintained by the developer. The first approach ensures that the EULA is always accessible to the user, even if the user’s device is offline. Some users may decide not to download the latest updates, however, and, as a result, those users may not be bound by the updated terms. In contrast, with the second approach, companies can update their EULAs at any time by simply updating the document on their own web servers, although the EULAs won’t be available to the user offline. Companies should think about which approach works best for their specific apps and the associated risk issues. We note that, under applicable consumer law in Europe, any EULA term that has the object or effect of enabling the developer to alter the terms of the contract unilaterally without a valid reason is likely to be considered unfair.
- What about app store terms?
Some app stores understandably require that, if a company adopts a customized EULA for its app, that customized EULA must include terms protecting the applicable app store owner. (Other app stores may place such protective terms in their own user-facing agreements and require developers to acknowledge that such protective terms will apply.) Other third-party terms may also apply, depending on any third-party functionalities or opensource code incorporated into the app. For example, if a company integrates Google Maps into its app, Google requires the integrating company to pass certain terms on to its end users. The licensors of any open-source code used by an app may also require the company to include certain disclaimers, attributions, usage restrictions or other terms in the EULA.
- Consumer protection
There are various consumer protection requirements that will need to be considered if your app is going to be targeted at consumers in Europe. In particular, specific information will need to be provided to such consumers, including with respect to the identity of the app developer, app charges, functionality of the app, how the app operates with relevant hardware/software (interoperability), and whether any geographical restrictions apply, and so forth. Consumers also have a right to withdraw from the contract, i.e. “return” the app within 14 days of concluding the contract, except where the consumer expressly consents to the download and acknowledges that in completing the download the user will lose this cancellation right. Therefore, it’s important in Europe for your EULA to contain an acknowledgment that the consumer waives this cancellation right on download of the app.
In addition, within Europe, individual member states may have other requirements affecting apps that you will need to take into account. Although most EU member states don’t currently have national consumer protection legislation specifically concerning sales of digital content to consumers, since October 1, 2015, UK consumers have enjoyed new rights and remedies with respect to digital content. Any company targeting an app at consumers in the UK should now take into account implied quality standards in terms of satisfactory quality, fitness for purpose and compliance with description. Also, even where the app is provided free of charge, if the app causes damage to a consumer’s device or other digital content, then the app provider will be liable for such damage. As detailed in our post on This lack of harmonisation within Europe has led to the European Commission proposing new EU laws that would give consumers new rights of remedy and redress where digital content is faulty or inadequately described by the seller.
- Be clear and fair
It’s not just a question of what information to include in your EULA, it’s also important to carefully consider how your EULA is written. A common complaint is that EULAs are too long, filled with impenetrable jargon and hard to read, created more to protect companies in the court room than help the consumer make an informed choice.
In order to avoid the wrath of European consumer protection regulators, and to help ensure that your EULA is enforceable, you should aim to use plain language that is understandable to consumers. Where complex and technical issues need to be covered, particular care will be needed. You should avoid obscure legal jargon, including removing references to phrases which may be unfamiliar to consumers such as “indemnities”, “consequential loss”, “assignment”, etc. In addition, because space on a mobile device screen is limited, it’s advisable to keep the terms as concise as possible and easy to navigate.
Even if a EULA is written in plain language, extremely one-sided provisions—such as a disclaimer of direct damages (rather than a cap on such damages)—are at risk of being held to be unfair and unenforceable against the consumer. At the same time, the EULA is ultimately a legal document, and so you’ll want to make sure that any slimmed-down or simplified EULA still provides you with adequate protection.
Of course, it’s not just a question of compliance with consumer law. Where your app relates to a regulated sector, e.g. financial services, health and gambling, there are likely to be other regulatory requirements that you will need to comply with. And these regulatory requirements may go beyond the EULA itself and affect the way the app is designed and structured. Therefore, it’s very important to consider compliance issues from the development stage.
Lastly, if you collect personal information through your mobile app, remember that, in addition to your EULA, you will need to have a privacy policy in place and ensure that you comply with applicable data protection and privacy laws; such laws are often far more burdensome in Europe than in the United States—but that’s a topic for a separate article!