As the digital landscape continues to evolve, so do regulations that advocate for consumer interests in the digital space.
Making sure you keep up with ADA, GDPR, and other regulations specific to marketing can be challenging.
That’s why we’ve gathered answers to the most common questions you might have about ADA compliance and how to protect your business.
Disclaimer: Ignite Visibility does not offer legal services and this article is intended for general marketing law knowledge purposes. Always consult with an attorney.
What We’ll Cover:
- What is ADA compliance?
- Is ADA compliance mandatory?
- What are some best practices for websites?
- Who regulates compliance?
- Does ADA compliance affect SEO?
- What is the GDPR?
- Is GDPR compliance mandatory in the US?
- How do I implement privacy protections?
- What other regulations should I be aware of?
- What happens if my business isn’t compliant?
- How do I keep my business compliant?
What is ADA Compliance?
The Americans with Disabilities Act (ADA) is a federal civil rights regulation designed to protect those with disabilities from discrimination.
First enacted in 1990, ADA regulations initially applied to more physical properties – think designated parking spots, wheelchair ramps, etc.
An update in 2009 (the Americans with Disabilities Act Amendments Act – ADAAA) outlined more specific definitions of disabilities, as well as the areas which are required to make accommodations: employment practices, government programs, and ‘places of public accommodation’ (businesses that are open to the public).
The regulation is very straightforward: businesses are required to provide disabled individuals with equal access to their goods, services, and physical locations.
The ADA outlines specific rules for constructing facilities that are accessible to users with mobility-focused disabilities, as well as stating that businesses should make every reasonable accommodation to communicate with individuals who are blind, deaf, or have speech disabilities.
The reasoning behind these accommodations makes perfect sense. What’s a little murkier is what all this has to do with websites.
Because ADA compliance came into play well before the internet really took hold, the regulations were originally thought to apply almost exclusively to these types of physical accommodations.
But as more and more businesses moved online, questions about ADA compliance and websites began to arise.
Here’s the thing: when it comes to websites, the ADA does not have a set of specific requirements or guidelines for making an accessible site. This gets many companies into legal trouble, as their site may be noncompliant without them have no way of knowing.
Is ADA Compliance Mandatory?
ADA compliance is mandatory by all government programs, employers, and “places of public accommodation.”
The ADA defines places of public accommodation as privately-owned or leased-operated facilities serving the public. This includes restaurants, hotels, retail merchants, private practice medical offices, private schools, daycare centers, gyms, movie theaters, and so on.
Essentially, any business with a physical location that serves consumers is required to comply with ADA regulations.
As a rule, err on the side of ADA compliance. Even if your business is entirely e-commerce focused and doesn’t have a physical location for customers to visit, a noncompliance argument can be made if an online customer isn’t able to shop your site like any other customer.
Don’t put your business at risk of legal ramifications for the sake of saving a few dollars on web development.
What are Best Practices for Website ADA Compliance?
The ADA covers a variety of disabilities and impairments, including visual, auditory, motor, and cognitive issues.
In general, best practices for ADA compliance can be broken into three areas: focus, semantics, and styling.
Focus accommodations are ones that help users navigate your site with a keyboard rather than a mouse, which is critical for motor and cognitive impairments.
Semantics accommodations are ones that ensure your site is compatible with assistive technologies for visual and auditory disabilities.
Styling accommodations are visual design choices that make your interface as flexible and usable as possible and primarily help visually-impaired individuals and those with cognitive disabilities.
A few core elements to consider as you audit your site for ADA issues:
- Is your site easily navigable with a keyboard? Individuals with motor impairments often choose to navigate with a keyboard rather than a mouse.
- Can your site be read by a screen reader? Individuals with visual impairments use technology to read the text on their screen and understand the user journey. This is one of the most common ADA complaints filed against websites. Make sure your site is readable by including semantic markups and effective alt-text for all images.
- Is all interactivity obvious? Providing users with indications to scroll, click, or hover can help with ADA compliance. These indicators are called affordances, and they ensure that a user knows which elements are interactive as opposed to static.
- Are you using headings effectively? Screen reader users navigate by using headings. Making sure that your heading hierarchy is clear, tagged correctly, and implemented consistently across your site will help screen reader users move quickly and easily through your site.
- Are text and images high-contrast? If your text doesn’t stand out well from the background or images on your site, it can be difficult to read for visually impaired users. Visual impairments can include partial blindness, color blindness, or poor vision, and your site needs to be legible by every individual.
- Are you providing transcripts or captions? Hearing-impaired users still deserve to enjoy your video and audio content. Make sure that all videos and audio content (such as webinars or podcasts) include closed captioning and/or transcripts for the deaf and hard-of-hearing.
- Does your site include sufficient white space? In addition to making your site easier for the visually impaired, users with cognitive disabilities benefit from clear navigation, simple page flow, and abundant white space to improve focus.
Who Regulates ADA Compliance?
The ADA is a federal regulation enforced by the US Department of Justice.
A variety of advocacy groups and agencies look for compliance violations and advocate for disabled individuals when they find these violations. Individuals are able to sue companies that they feel have discriminated against them for a disability.
Unfortunately for businesses, many lawyers and legal groups are aware of how frequently businesses miss the mark on ADA compliance on their websites and specifically target companies that they can file an individual or class-action ADA lawsuit against.
Because of the haziness of the regulations, businesses don’t have much recourse to defend themselves against predatory lawsuits.
Does ADA Compliance Impact SEO?
While there’s no established SEO benefit to making a site ADA compliant, accessibility is important for users.
Like most other user experience best practices, ADA compliance helps ensure your users have a seamless experience while on your site. Google rewards sites for offering a great user experience by raising their authority and including them higher in search results.
Simply put, while ADA compliance isn’t a direct factor in SEO, it will help you improve your site performance.
Google does provide guidelines for webmasters to ensure accessibility, including specific callouts for available HTML features that can help accessibility.
While these guidelines aren’t strict legal regulations, following them will help you ensure that your site is at a lower risk.
What is the GDPR?
Let’s switch gears for a minute.
While ADA Compliance has been in place for some time, it’s not the only law marketers need to be aware of going into 2020.
One of the more recent regulations is the GDPR.
The General Data Protection Act (GDPR) is a law in the European Union that came into effect on May 25, 2018, designed to reshape how individual data is handled, protect data privacy, and penalize companies that do not protect consumer data effectively.
The regulation involved critical updates to how consent to collect and use data must be given, new standards for data breach notification, and an added “right to be forgotten” clause which allows users to completely remove their data from any given database.
While the GDPR primarily focuses on updating and standardizing existing privacy regulations, it does create a clear, rigid set of standards that companies are required to adhere to. The penalty for noncompliance could be potentially devastating, with fine limits of €20 million (about $22 million or 4% of annual global turnover.
Is GDPR Compliance Mandatory in the US?
GDPR compliance is a tricky subject for US-based companies.
If your website collects, controls, or processes data of individuals located in the EU, compliance is mandatory. Because of the globalization of the digital space, these can be murky waters if you are using tactics that aren’t GDPR-compliant and someone from the EU begins using your site.
However, even if your business strictly operates in the US, privacy standards similar to the GDPR are popping up on the state-level.
Case in point: the California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020 and has similar requirements to the GDPR.
While the CCPA is designed specifically for California citizens, other states are using the CCPA as a template to write their own regulations.
As a preventative measure, you may consider using the GDPR and CCPA as the standard to which you hold your digital marketing, even if you aren’t officially required to comply.
How Do I Implement Privacy Protections?
In order to be GDPR and CCPA compliant, there are a few things your website is required to offer users so they can effectively take advantage of their rights:
- Ensure that you have consent. According to the GDPR, consent to collect and process data must be given by each individual user. This consent must outline the reason for collecting and processing a user’s data, ways the data may be implemented, and make it as simple to withdraw consent as it is to give it. Consent agreements should be in plain, simple language, not legal jargon that might be confusing or inaccessible.
- Respect the right to be forgotten. The GDPR states that at any point, a user can withdraw consent and request their data be deleted. If a user requests to be forgotten, you must delete any and all user data from repositories, including downstream repositories where the data may have been shared.
- In the event of a data breach, you are required to notify all impacted users within 72 hours of finding the breach. Your notification should be specific in the potential impact to a user’s privacy and information security.
- Always have privacy at the forefront of a project. Privacy by design isn’t a new concept, but it’s specifically called out in the GDPR. It states that data privacy and security need to be part of a system’s development from conception, rather than added on later.
- If your business is focused on controlling and processing data, you are required to appoint a Data Protection Officer (DPO). This is an individual tasked solely with protecting and securing sensitive user data, and is a cybersecurity expert.
What Other Regulatory Issues Should I Be Focused On?
Every industry has specific regulations they need to be concerned with, and many of them are specific to marketing and advertising.
Finance, healthcare, pharmaceuticals, and some popular consumer products (such as alcohol and CBD) fall under strict scrutiny from various regulatory bodies. The FDA, FTC, and FCC all have specific regulations for consumer products, services, and communication via advertising and marketing.
Make sure you’re aware of any regulations that impact your specific products and services, and how they might influence your marketing strategy.
In addition to legal compliance, various channels have their own strict policies that may impact your marketing strategy.
For example, Google Ads prohibits the use of personalization and remarketing for prescription drugs, alcohol, or products that refer to financial hardship (i.e. immediate loans).
Violating a policy set forth by Google and Facebook, or another marketing channel won’t get your business in legal hot water but can be equally devastating if your account gets suspended or banned from these outlets.
What Happens if My Business Isn’t Compliant?
The threat of legal retribution is very real for businesses that fail to maintain GDPR and ADA compliance.
There are law firms that actively seek out sites that are not ADA compliant for class-action lawsuits or individuals. In 2018 alone, there were 2,285 website ADA compliance lawsuits filed in the US.
Many of the defendants in these lawsuits are small businesses that aren’t able to invest dedicated resources into web development and legal research. Penalties, fines, and settlements are extremely expensive in these cases, and can wipe out small businesses completely.
Small businesses aren’t the only ones getting targeted for noncompliance lawsuits. Home Depot, Beyoncé, Nike, Harvard University, and Blue Apron have all lost very expensive website ADA compliance lawsuits.
Most recently, Domino’s Pizza was sued in federal court by a blind man for their app and website not being compatible with screen-reader technology. The suit has received major media attention due to the fact that Domino’s is taking a strong stand.
The ADA is a 30-year-old regulation that doesn’t specifically call out digital rules, rather simply states that businesses must provide equal access to customers with disabilities.
The pizza chain argues that because there are no actual guidelines, regulations, or watchdogs specific to websites and digital media, there is no true standard for accessibility and the lawsuit is unfounded. Domino’s appealed to the Supreme Court, who refused to hear the case and handed it down to the 9th Circuit.
Wrapping Up ADA Compliance: How Do I Keep My Business Compliant?
Working with an experienced legal team is the best way to ensure your business is compliant not only to ADA, GDPR, CCPA, and marketing-focused regulations but also to any other regulations your company might face.
We do not offer legal services but hope this article is helpful to you.