top of page

Legal Guide For Website Designers And Developers

As a website designer, there are both legal obligations you will have to meet for yourself and your client and you will also need to know how to legally protect your business and avoid disputes.

This legal guide for website designers and developers will give you an overview of key guidelines and compliance you should follow to protect your business and your clients. For more comprehensive and bespoke advice or contract drafting services, please get in touch or browse my legal packages for cost-effective legal documentation and guidance services.

How Web Designers Can Ensure Client Websites Are Legal Compliant

Although it is ultimately the client’s responsibility to ensure the right policies/agreements are displayed on their website, it is reasonable to expect the web designer/developer to have some knowledge of what the client needs to do to be legally compliant on their website.  I have prepared a handy checklist which web designers/developers can share with their clients which lists out the legal documents/checks needed on a website before the publish button gets clicked.

In the UK, every website legally needs to have the following:

Privacy Policy

A privacy policy refers to how a website collects and handles personal data. Most websites collect personal data in some way. For example, if a user subscribes to a newsletter or contacts the business through a web form then personal data is collected. For websites where transitions take place, users may submit far more information including their address, contact details and even bank details. Therefore, every website needs a privacy policy. This enables users to understand how their data may be collected and processed by the business.

How detailed and comprehensive a privacy policy is depends upon how much data is collected and how it may be used. Basic websites may use more basic privacy policies but for e-commerce sites and websites that host subscriptions, memberships or deal with payment transitions, a more bespoke privacy policy may be needed.

Again, it is not the responsibility of the web designer or developer to supply this. However, it may be considered a matter of professionalism to inform the client that this is needed. You may also need to assist them in making this available on the website as no website should be made public without a privacy policy that can be easily accessed.

Some web designers may provide a basic privacy policy as part of the service but you are not obligated to and you should ensure that your terms and conditions emphasise that you hold no responsibility for legal documents on the website. Especially since the way data is collected via the website is not your responsibility after the project is completed.

Website designers and developers may be best to refer clients to a professional commercial lawyer to assist with drafting an accurate and appropriate privacy policy. This may also include cookie consent (read on for more about this).

Aubergine Legal have a legal package which includes a privacy policy and cookie consent bespoke to the client’s business. 

Cookie Consent

This requirement may, or may not, be dropped or altered when/if the pending UK Data Protection bill comes into effect, but currently (up to December 2023) the UK is under GDPR and PECR guidelines and therefore businesses need consent to collect cookies online. 

All websites collect cookies in some form and so will need a cookie consent banner or pop-up. This must be presented as an opt-in rather than an opt-out consent form but you needn’t display the entire policy, you only need to provide a working link to this.

The policy may be separate or part of the client’s privacy policy. It must be clear about what cookies are collected and for what purposes. In all likelihood, you’ll be using third-party software to track cookies, such as the website's platform and/or Google Analytics. Therefore, you will need to understand how they collect cookies and notify, in your cookie policy/privacy policy, that this is the software being used. You should also check they are GDPR compliant - most commonly used analytics plug-ins will be. 

Even if the UK does change their policy regarding cookie consent, businesses operating in or likely to receive online visitors from EU states may still need to comply with EU laws.

Although the policy will not be your responsibility, the consent pop-up or banner will be. You should make it part of best practice to include this on client websites and then request the client supply you with a link so you can direct customers to either a privacy policy that includes information on cookies, or a separate cookie policy.

Licenses And Copyright

When you hand a website over to the client you will likely license your copyright, meaning your design and any coding you have done belongs to them. Yet, what about images you have purchased or used under a license that belongs to you? Such as images from Canva or iStock? What about content that you have installed that has been licensed for your use?

It’s a difficult area and every platform that licenses content has different guidelines but it's important you and the client know these. Technically, if you purchase an image for use on a client website it may still belong to you and you may not have the right to sign that over to them. Therefore, you must be aware of the licensing agreements you hold and know whether it is you or the client who will own this. It may be better for web designers to ask clients to purchase or license content used on the website if they are attached to, or licensed by a third party. This would mean you can use it in your work for them but they would have legal permission to use the content going forward.

If you use Canva or similar design software/platforms in your work, then you may find my blog Copyright And Canva: Who Owns Your Canva Designs?, useful.

Legal Protection For Web Designers And Website Developers

Your most valuable document is your terms and conditions agreement, sometimes referred to as a services agreement. This is an agreement between you and the client that determines your terms of working. This will typically include:

  • What you agree to supply (including who gets to own the outputs of your work!)

  • What the fee is for your work

  • How fees should be paid

  • What you require from the client in order to deliver

  • Your cancellation policy

Every element of this document is important because it outlines your responsibilities and dedication to the project, your client’s obligations and it protects you should there be a dispute.

Seasoned web designers and developers know that briefs change. That projects get delayed and that the scope of the project can increase or decrease. As the nature of creative work is subject to change, it is important to have provisions in place to ensure you are properly rewarded for your work and that any additional work you have to do is safeguarded financially. This includes delays to projects that may impact your ability to take on other client projects and if the project becomes larger than originally quoted.

It is essential to set deadlines for each stage of the project, for you but also the client. If you find yourself waiting for weeks for content you need to proceed with your parts of the project then this compromises your time too and delays can cost both you and the client money. Not to mention leading to tensions. Therefore, you should define what you need from the client and by when. You may also decide to put in place additional fees in case the client fails to provide information or feedback within a reasonable amount of time.

A cancellation policy is also essential to ensure that, should the project be cancelled through no fault of your own, you will be reimbursed for your time to date. Securing a deposit is also wise as this demonstrates the client’s commitment to the project and protects you somewhat should the project get delayed or cancelled.

Your terms of business should also set out the work you will provide and what your responsibilities are. For instance, will the project include:

  • Providing images

  • Copywriting the website content

  • Implementing search engine optimisation (SEO)

  • Testing of the website

  • Training the client in how to use and edit their website

  • Launching the website and securing domains, etc

For more on what to include in your terms and conditions, please refer to my blog Terms Of Business For Creative Freelancers.

Intellectual Property And Licences

Whether you provide an original design or use a template, you will still need to decide who will own the copyright to the website. Most businesses will need to own the copyright to their website so it is standard practice for web designers and developers to state in their terms and conditions that copyright will be licensed indefinitely to the client following the website handover. It’s wise not to sign over copyright before completion, and final payment has been made, because if there is a dispute it may be more difficult to negotiate if the client already owns the right to use your work.

If you have designed an original template or written code you wish to use for other projects, then you need to ensure your agreement includes the right for you to do so.

You also need to ensure you have all the licenses you need to use any software, images and written content. For instance, if you are working with a copywriter or SEO professional you must ensure that licences are transferred to the client or first to you and then to the client upon project completion.

Insurance For Website Designers

As a business owner or sole trader, you will need professional indemnity insurance. This should protect you should you become involved in a dispute and need legal advice or should you be found liable for loss of business or damage to the client’s business.

Although insurance is not a legal requirement, you may find it difficult to secure business with clients if you don’t hold the right insurance. You may also find that your business is put at considerable risk should a problem arise that you are not financially covered for.

Website Accessibility Requirements

The Equality Act 2010 dictates that those with disabilities should have the same access to services and information as anyone else and this applies to websites too. 

In the public sector, websites should adhere to the internationally recognised Web Content Accessibility Guidelines (WCAG) level 2. In the private sector, there is no formal standard that websites need to adhere to but this does not mean that a legal case may not be brought against the client if the website is accused of failing to meet the Equality Act. Therefore, it is advisable, but also morally responsible, to build inclusive websites. 

If you’re using a platform like WIX, WordPress, Shopify, etc then you will find some templates more compliant with WCAG guidelines than others. Accessible websites should typically be:

  • Compatible with screen readers

  • Able to be navigated using a keyboard

  • Include proper alt text that accurately describes images

  • Includes transcripts, audio descriptions, captions and other multimedia alternatives

  • Easy to read with clear images (high res, good colour contrast so text is readable against the background)

If part of the website brief is to ensure the website is accessible then you should only agree to this if you can deliver. Otherwise, you may find yourself failing to complete the project as was agreed to and this could mean the client has the right to refuse payment of your full fee. Above all though, making a website that is accessible is ethical and, if you can market yourself as a designer capable of delivering highly accessible websites then you may even find yourself more in demand.

Legal Advice For Website Designers and Developers

If you would like to provide GDPR compliance and privacy policies as part of your service or be able to refer clients to a commercial lawyer experienced in providing essential policies and guidance for their website, then check out my checklist for launching websites and my GDPR/Privacy Policy package.


bottom of page