Jonathan Klinger is a lawyer specialized in internet and technology-related law. In our podcast, he talks about the legal hurdles web designers should watch out for and what precautions they can take to protect themselves. He also explains the reasoning behind the new Internet laws that recently came into effect.
Jonathan Klinger is a well-known Israeli Advocate, dedicating his career to Internet and technology-oriented legal matters.
He has a Bachelor of Law, Government, Diplomacy, and Strategy and is a Ph.D. student at Bar-Ilan University. He teaches Computer Game Development Law and consults various non-profits in regards to information-centric legislation, privacy, copyright, information security, free speech, licensing, and other matters.
Among the services that his law office offers are drafting agreements between shareholders and employees, negotiating agreements with customers, reviewing open-source licensing and use by application developers, consultation in regards to the use of copyrighted material, writing of privacy policies, drafting end-user license agreements and terms of service.
You’re a an advocate that focuses on internet and information-oriented businesses and persons. How did you reach this field? What drew you in?
“I didn’t want to do real estate or debt collection. Well, I finished my law school in 2004, went to intern in the court system and I was then accepted to the bar by 2005. And then I went to work in an international consulting firm. I worked for two years and decided I want to become self-employed because I didn’t want to work for others and I wanted to deal with tech and tech regulation because this is an emerging field. There’s a lot of work. There’s almost no knowledge and I studied it.
I did part of my master’s on internet law on my master’s degree. A few courses also in my bachelor degree in internet law. And I started doing, let’s say, easy stuff, writing software licenses, litigating small copyright cases, working on privacy policies for startups and growing my clientele. And in parallel, I started going to the Israeli parliament and providing my opinion on new upcoming bills relating to copyright, privacy, etc. And business happened.”
When did this business develop? When did it originate?
“Internet business was here, let’s say, from the early 2000s. But you have to understand that most tech lawyers don’t do tech. They do the outer areas, they do corporate finance, they’ll do labor law, they’ll maybe do some commercial agreements. But most lawyers don’t understand how technology works. So in order to give good advice, you need to understand how technology works.
If you develop a flashlight app for Android, let’s say, then you need to understand the Google regulation and how your flashlight interacts with that regulation. Can you save some data, or can’t you? What data do you need to save? Now, my approach to tech development is that if you do things by the book and if you them right, you can reduce litigation and reduce risks by working by the book instead of trying to write paperwork later on and long agreements. I try to write human-readable material instead of legalese.
You’ll see that there’s a nice algorithm called Flesch-Kincaid, which is a readability score. It tests how many years of education do you have to have before you can read this document. Now, when I write documents, I try to make them with, let’s say, 11 years, ten years.
So people in the 10th grade. Yeah, high-schoolers can read them. Most lawyers go up to 20, 25, meaning that you’ll have to have a Ph.D. in order to read something. Why is this so important? Because if you have human-readable documents, then you go to court less because people will understand what happens. This is very important when you deal with the law.”
Am I Accountable for the Content on My Clients Site?
As web designers or developers who build websites for clients, are we accountable for copyright infringement on the sites that we create? Do we need to check if the material we get from our clients — content, images, videos, etc. — are approved for use on the website?
“Well, yeah, you’ll be liable. But you’ll be liable only after the client is, and usually people don’t go after the web developers, but they go after the website owners. What I suggest in such case, is that the agreement between you and your client will state that first they examined all aspects and all assets and they have the rights. And two, that they’ll indemnify you, meaning they’ll pay if you get sued.
If you are sued by someone stating that they gave you unlicensed images or pirated content or software, but also what you have to do is make sure that these people know about copyright law. Because there’s a lot of people who say, ‘well, I’ll hire a website designer and I want this image’, and they just send the web designer some image they like from the web or they find images of themselves from, let’s say TV shows or video snippets, and say to the web designer ‘put this on’.
I dealt with a case where a developer was sued because the video he uploaded of the client on TV was not the client’s and the person who did hold the copyright sued both though. The client and the web developer were then added to the lawsuit as a party. We settled this out of court, but it does happen. It’s not common, but usually you have to take caution because, let’s say the worst case is not getting sued, there’s something stronger, which is one of the copyright holders contacts your web-hosting company and tells them, ‘well, this guy is infringing on my copyright, can you please take the website down?’ And in some cases they will. So you’ll lose all your assets hosted on your server just because one of your clients infringe copyright. So this happens, not often, but it does happen.”
What about images that are okay to be redistributed, but they request attribution?
“So usually you need to provide attribution, in this case, like adding the name. I’d go to the furthest extent possible, meaning adding both the name, a link to the original image because a lot of times, these images are not really licensed. You’ll find images that people, well let’s say, released to the public without permission. They just found some image and decided they want to upload it and in wishful thinking, say it’s Creative Commons.
And it’s your responsibility to make sure that the places you take the images from licensed these images properly, meaning they have permission from the original author and they’re not just pirating it. Let’s say you go to YouTube and you find some channel uploading a lot of video clips of artists, and you’ll just go and embed this. And if you didn’t do the right work, if you didn’t see whether this infringes or not, if this is an official channel or not, you might be later on liable for copyright infringement as well.
That’s scary. Also, you need approval if the photography has images of people on it. You also need the approval of those people being photographed, right?
“Under Israeli law, and again, the law differs from state to state. But in terms of information law, they’re kind of a similar. You’ll need permission if you use images of people for commercial purposes, meaning if you use them for illustration purposes, then you do not need these types of permissions. If you found some image of someone in a public space not in his home, and it’s not used for advertising or to endorse some service, you will not need his permission. If you use this image to create banners or to state that that person endorses a product, then you’ll need his permission.
Again, there are exemptions. Let’s say that you develop energy drinks. Okay. And you photograph Kim Kardashian sipping your drink. So in order to publish it on your website saying, okay, Kim Kardashian likes my energy drink, here is a photo. You won’t need her permission. But if you’ll go and buy banners and signs all over saying, okay, this is my ad, then you’ll need her permission because you can’t make her endorse your product without her permission.”
What Should You Include in Your Contracts to Make Yourself Protected?
What are the most important rules of thumb that we need to make sure to include in our client contract to make ourselves more protected?
“So the way I see it is that certainty supersedes everything else in contracts. And if you want to develop some technological features for a client, and it could be a website, software, or just a widget, you need to have a few steps. The first is to have a manifest. You’ll send the client a list of all the features on the website or in the widget that they’ll be with a draft, schematics everything. And have two or three iterations with the client on this. And only after this is agreed, you go onto the next stage, which will be design and get the design again, two or three iterations, get the client consent. Then do the alpha development, which is the MVP code, get two or three iterations, then do the beta.
Now, when I do contracts for web developers, that’s what I do. I run down the steps, and each step says how many iterations there will be, and I use exact dates. A lot of people don’t like to have exact dates. They’ll write, ‘I’ll do the manifest within up to 45 business days’. And I say ‘no, what should be in the contract is I’ll send you the manifest until October 10. Then by October 15, you’ll send me back comments. I’ll implement them by October 20, and you’ll get the comments. By October 25, you’ll send me back your comments, and on October 30, we’ll sit down, and we’ll finalize the manifest, and only then we’ll start the next stage.’
What this does is it gives you realistic dates because you have to sit down and see that you can actually do these things. It also gives the client an incentive to adhere to these dates. A lot of times, clients come back two weeks after you finalize something and say, well, I want to change something, and then you can tell them, but the agreement said you have to get back to me by this date.
And it gives you certainty. It gives you certainty on the times if you develop multiple projects. You can have a table showing exactly when you develop what for which of your clients.
Now, after you did this, you add something that is both penal and bonus wise. You’ll go to your client, and you’ll tell them, ‘this is the list of dates. If I do everything by the book, this is the price. If I get things done quicker, let’s say a week or two quicker, then you’ll add X and Y to my payment. And if I’m late after 14 15 days, I’ll reduce this and this from my payment.’ This gives everyone an incentive to be on time, which is kind of important when you’re doing web development. A lot of times, people have to set up shop by a specific date. They have a book release they want to abide to, and you need to have certainty.
The next thing you need to manage is post-termination support. You finalize the website. Now, what goes on with support? What happens if they find a bug? What happens if there is an update on the Elementor or WordPress version? Who deals on updating, and how much will it cost? Now, if let’s say, I built a website on Elementor, and Elementor updated a feature, and now I need to update my pages. Who pays for these updates? Will it be the developer or the client? Will this support go ten days, 20 days, 30 days after build or two years after build?
And support times? How long will I have to wait until I receive input on my tickets? I sent you a ticket today. Let’s say when will you respond, when will you update? All of this has to be implemented in your contract because if it’s not, then the client’s expectations and yours don’t meet, and then you’ll meet in court, and the judge won’t necessarily see eye-to-eye with you on how websites should be built.”
Where Can I Learn About Internet Laws?
Well, there are some issues that everyone in our business needs to know. If we’re talking about ecommerce stores, for example, with disclaimers to contact forms where you need to show the terms, how can people learn and follow the regulations without having a law degree?
“So the easy thing to say is that if you operate an online business, you should consult a lawyer. And it doesn’t matter what you do. If you sell clothes online or if you do affiliate marketing, you should have a lawyer that’s proficient in rules. But there’s a lot of good databases explaining what you should do and having good content both from lawyers in the field that you can read their blogs. You can also read my blog if you want, but it’s more anecdotal.
But also, you can start by just reading the rules. GDPR, the EU law is only 84 pages long. It’s not that much if you consider that the U.S. budget could be a 20 or 30,000 pages long. You can also read a bit about the California Privacy Act. You should start with Wikipedia. Read what Wikipedia says about something. It’s a good starting point.
Then if you have any questions you can go and pop up a question to lawyers on relevant forums. You can ask other businesses and there’s a lot of good places that have the knowhow and see what other people do. It’s a good starting point but always, always, always consult with a lawyer. There is a good place in Reddit that’s called a /r/legaladvice and you might pop up a question there if you need some help. There’s a good chance that a good lawyer will reply.
You can find questions on copyright on Reddit, on /r/copyright also, and for privacy on /r/privacy. I’m saying this not only because I subscribed to these threads and sometimes answer but also because you’ll find other good people there that can help you even if they’re not lawyers. Also, I recommend joining /r/smallbusiness. If you’re a small business owner, there’s a lot of good information there about running a small business, including online businesses.”
Simplifying the Way Your Private Data Is Used
In recent years there’s been so many changes. GDPR, you mentioned, and we’ve seen all the cookie consent buttons spread out now. What’s the change that is happening and how does it affect our world?
“As I see it, the change, the GDPR, which is the EU directive on privacy and the cookie directive and the California Privacy Protection Act, they all go and say, well, does these big tech giants that come and try to change our culture and in the EU it’s more let’s say obvious. We don’t want big American tech companies coming in and changing the way we, as a nation, have our own national identity. We want to reduce this and when doing so we’ll see how they deal and we want to make sure that people have their own individual rights.
Now, these individual rights include right to control your own data. As I understand it and as I see it, your data, your personal data, includes your right to make money off your personal data. Whether you can or can’t allow someone to sell your data is your right. These laws came into effect to ensure consent. Consent is not the only thing here, but consent is a good starting point. It says that if you want to use my data, ask my permission first and if I’ll agree, there are still terms I can retract my consent later on. I can limit it. I can ask you to stop at any time, but consent is the basis. Now, consent is kind of hard to get because it implies that you agree to all these terms, you have all these terms in mind, you understood them.
And reading legal papers is not that easy. Let’s say you go into a parking lot, and they have license plate cameras. Do you consent to process your license plate number and go to the municipality and see if you’re entitled to a discount or not? Should this be written down on a big sign before your car crosses the post or not? All of these questions are good questions that the GDPR doesn’t address. In a think tank I sat in that dealt with changing the Israeli Privacy Protection Law, we offered a few alternatives that consent is only one of, because we acknowledged that it’s not always easy to get consent. It’s not always easy to make sure that the person knows what is being done with his data.
A research that was done a few years ago said that if we have to sit down and read all the privacy policies, we consent to yearly, we’ll spend around a quarter of our time, let’s say 70 or 80 days, just to read these if we read on a human pace and understand it. So there’s too much paperwork, and we acknowledge this, and we try to make it as easy as possible. I tried to work and start a working group that deals with machine-readable privacy policies, meaning that you’ll say in an XML format, this website collects A, B, C, and D, it uses E, F, and G. Your browser will read this for you and put up little icons telling you what is being done. And you’ll be able to change your consent.
Now there was a working group with W3C that dealt with this as well, but we couldn’t get to standardize it because we didn’t have the resources. We, well, we had a good idea, we had nice meetings, but in order to execute the CEO need big forces like Google and Facebook behind you and not just four guys with a nice idea.”