Is Your Website Breaking the Law… Accidentially? (And How to Fix It)

 by Tracy Work

You finally launched your website. It’s clean, professional, and makes you proud every time you hit “refresh.” But there’s a problem—maybe several—and you may not even know it.

Your website could be breaking the law.

Not because you meant to, but because no one told you that having a website—even a simple one—means stepping into a tangle of laws, policies, and regulations most small business owners never learn about.

Let’s fix that.

How Does a Website Break the Law?

It usually starts with something simple:

  • Tracking visitors without disclosure

  • Failing to meet accessibility guidelines

  • Collecting email addresses without proper consent

  • Selling products without clear terms

  • Or using stock images… that weren’t actually stock

None of these are exotic. In fact, they’re so common I’d wager most new websites are making at least one of these mistakes.

And while you probably won’t get hit with a lawsuit for an unlinked privacy policy, these small missteps can cost you—money, trust, and in rare cases, your business.

The 5 Legal Mistakes Most Websites Make (and How to Fix Them)

1. No Privacy Policy or One That’s Useless

The Problem: If your website collects any kind of personal data (names, emails, cookies, payment info), many state laws—including California’s CCPA—say you need to disclose what you collect, how you use it, and how users can opt out.

The Fix: Add a clear, accessible Privacy Policy linked in your footer. If you serve customers in California, Colorado, or Virginia—or market to the EU—make sure your policy reflects those laws, too. And don’t copy one off another site. You don’t know what they’re doing wrong.

Bonus tip: Make your policy human-readable. Legalese doesn’t build trust—clarity does.

2. Missing (or Bad) Terms of Use

The Problem: Selling products? Offering downloads? Letting users post comments? If so, you need Terms of Use that explain what people can and can’t do, how you handle disputes, and how your content is protected.

The Fix: Draft basic Terms of Use that include:

  • A disclaimer for liability

  • Limits on user behavior (no stealing content, for example)

  • Copyright/trademark notices

  • Refund and return policy, if applicable

These don’t have to be terrifying walls of text. Just clear, structured ground rules.

3. Cookie Use Without Consent or Disclosure

The Problem: If your site uses tracking cookies (like Google Analytics or Facebook Pixel), you are collecting data, and in many jurisdictions, you need to tell people and possibly get consent.

The Fix:

  • Add a cookie banner (not just a one-time popup)

  • Make sure users can opt out (if required in their location)

  • Link it to your privacy policy

Tools like Cookiebot or Termly can help automate this.

Reality check: Yes, cookie law varies. No, it’s not safe to ignore just because you’re “a small business.”

4. Accessibility? What Accessibility?

The Problem: U.S. courts increasingly say business websites need to be accessible to people with disabilities under the ADA (Americans with Disabilities Act). This includes:

  • Screen reader compatibility

  • Alt text for images

  • Sufficient color contrast

  • Keyboard-only navigation

The Fix:

  • Run a free scan using tools like WAVE or axe

  • Fix what you can (alt text and contrast are easy wins)

  • If you hire someone to design your site, tell them ADA compliance is non-negotiable

Tip: You don’t need to be perfect. You do need to show that you’re trying.

5. Collecting Emails the Wrong Way

The Problem: You have a newsletter sign-up form, but no mention of what people are signing up for, how you’ll use their data, or how they can unsubscribe. That’s a problem under CAN-SPAM and GDPR.

The Fix:

  • Say exactly what users are opting into ("Monthly tips, no spam")

  • Include a double opt-in (especially if you email people in the EU)

  • Make it easy to unsubscribe

  • Don’t pre-check boxes or bury consent in your Terms

Yes, even if you only email once a quarter.

Wait—What If I Use a Website Builder?

Wix, Squarespace, Shopify—they make it easy to build beautiful websites. But that doesn’t mean your legal bases are covered. You still need to:

  • Update default policies

  • Configure tracking features correctly

  • Make sure eCommerce settings match your real return/refund policy

The platform may offer tools, but you’re still on the hook for what your site does and says.

How to Get Website-Ready

Here’s what you should have—no matter what kind of site you run:

·       A privacy policy

·       Terms of use or terms of sale

·       Cookie notice & settings (if tracking is used)

·       ADA-accessible design (or improvements underway)

·       Newsletter/email sign-up with clear consent

·       Registered IP for your brand (optional but helpful)

·       A way to contact you (even a contact form counts)

Final Thoughts: You Don’t Need a Perfect Website—You Need a Compliant One

You don’t have to panic. You don’t need a lawyer to draft every paragraph. But if your business relies on your website—and let’s be honest, whose doesn’t?—then this is worth getting right.

Start small. Stay clear. Build trust.
It’s the best way to avoid nasty surprises later.

And if you’re not sure whether something on your site is putting you at risk?

Ask someone who knows the law and doesn’t mind explaining it without a white wig and gavel.