Clickwrap vs Browsewrap in South Africa
Which form of online consent is actually enforceable under ECTA and the CPA
Clickwrap vs Browsewrap in South Africa — what's the difference?
A clickwrap requires the user to take an affirmative act — clicking "I agree" — to accept terms. A browsewrap purports to bind a user merely by their continued use of the site. Under ECTA section 22 and CPA section 49, clickwraps are reliably enforceable; browsewraps are often not.
Drafted and reviewed by
Attorney & Founder, My-Contracts.co.za · Legal Practice Council of South Africa (LPC F17333)
The two options at a glance
Clickwrap Agreement
ECTA Section 22
A clickwrap agreement requires the user to perform an affirmative act — typically ticking an unchecked box or clicking an "I agree" button — before being granted access to the service or completing a transaction. The user is presented with the terms (or a conspicuous hyperlink to them) and cannot proceed without positive manifestation of assent. Clickwrap is the gold standard for online consent because it produces a clear evidentiary record (timestamp, IP address, account identifier) that the user had the opportunity to read the terms and expressly agreed. Under ECTA section 22, the resulting contract has full legal effect; under ECTA section 13(1), an electronic signature (including a tick-box acceptance) satisfies the signature requirement unless a specific statute requires a different form.
When to use
Use clickwrap for every online agreement where the platform wishes to bind the user — SaaS terms of service, e-commerce checkouts, marketplace seller terms, app EULAs, online registration flows, and any consumer-facing terms that limit liability or impose risk under CPA section 49.
Browsewrap Agreement
ECTA Section 22 (weak)
A browsewrap agreement purports to bind the user merely by their continued use of the website — typically through a footer link labelled "Terms of Use" or a banner stating "by using this site you agree…". The user is not required to click anything, to open the terms, or to perform any affirmative act. Browsewraps are pervasive on South African websites but are substantially weaker at law because no clear manifestation of assent can be demonstrated. The Specht v Netscape 306 F.3d 17 (2d Cir 2002) line of US authority, which is persuasive in South Africa, refused to enforce a browsewrap on the basis that reasonable users were not on notice of the terms. South African courts applying ordinary contractual principles under ECTA section 22 would reach a similar result where the notice was inconspicuous.
When to use
Browsewraps should be avoided for any substantive term. They may serve limited defensive purposes — publishing a public notice of acceptable use, asserting copyright over content, or warning that the site is not a financial adviser — but they should never be relied on to bind users to fee obligations, liability limitations, or dispute-resolution clauses.
Summary
South African e-commerce law recognises electronic contracts, but the form of consent matters. Section 22 of the Electronic Communications and Transactions Act 25 of 2002 confirms that an agreement concluded by data message is not invalid merely because it is electronic, and section 11 gives data messages legal recognition. However, for terms to be binding, the user must genuinely have agreed — something clickwrap (affirmative tick-box or click) demonstrates but browsewrap (passive notice) does not. CPA section 49 imposes a specific statutory duty that terms which limit liability, assume risk, impose waivers, or acknowledge risk must be drawn to the consumer\'s attention in plain language before the transaction. Leading US jurisprudence (Specht v Netscape 306 F.3d 17) and emerging South African thinking confirm that a user cannot be taken to have agreed to terms they were never required to read. In practice, every B2C platform in South Africa should use clickwrap; browsewrap is unenforceable for any substantive term.
Clickwrap vs Browsewrap — Key Differences
Enforceability and form comparison under South African e-commerce law.
| Feature | Clickwrap | Browsewrap |
|---|---|---|
| User action required | Affirmative click / tick-box | None — passive use |
| Manifestation of assent | Clear and recorded | Implied from continued use |
| ECTA s.22 validity | Reliably enforceable | Often unenforceable |
| CPA s.49 compliance | Achievable — terms drawn to attention | Unlikely — terms rarely read |
| POPIA s.18 notification | Easily combined with consent capture | Insufficient for consent |
| Evidentiary record | Timestamp, IP, account ID | At best, server logs of visit |
| Leading case law | Meeter v Kemp 2013 — electronic assent | Specht v Netscape 2002 (persuasive) |
| Notice required | Must be conspicuous and pre-acceptance | Often buried in footer |
| Suitable for fee obligations | Yes | No |
| Suitable for dispute-resolution clauses | Yes | No |
| Suitable for liability limitations | Yes, with CPA s.49 notice | Substantially weaker |
| Best practice in SA | Default choice | Avoid for substantive terms |
What you need to know
The statutory framework
The Electronic Communications and Transactions Act 25 of 2002 is the foundation. Section 11 provides that information is not without legal force solely because it is in electronic form. Section 22(1) confirms that agreements concluded by data message are valid. Section 22(2) provides that, for the purposes of South African contract law, an agreement is concluded at the time and place where the offeror receives acceptance of the offer. Section 13 addresses electronic signatures: subsection 13(1) validates an electronic signature in most contexts, with a carve-out for transactions requiring an "advanced electronic signature" (for example, under the Alienation of Land Act for immovable property).
The Consumer Protection Act 68 of 2008 overlays a crucial set of disclosure requirements for B2C transactions. Section 49 requires that any provision of a consumer agreement which purports to limit liability, constitute an assumption of risk, impose an obligation to indemnify, or acknowledge a fact, must be drawn to the consumer\'s attention in plain and conspicuous language before the transaction. The consumer must have had an opportunity to receive and comprehend the provision. A clickwrap implementation that presents a mandatory scrollable terms panel and requires affirmative acceptance satisfies section 49; a browsewrap footer link does not.
POPIA section 18 overlays a further notification duty where personal information is collected: the data subject must be informed of the purpose, recipients, and their rights. Clickwrap is the natural place to layer a POPIA consent mechanism where consent is the lawful basis for processing.
Why browsewrap fails and clickwrap succeeds
Contract formation under South African law requires offer, acceptance, and genuine consensus (consensus ad idem). Browsewrap fails at the acceptance step: the user has not manifested any positive act of assent and frequently has no actual knowledge of the terms. The persuasive American authority in Specht v Netscape Communications 306 F.3d 17 (2d Cir 2002) refused to enforce a browsewrap arbitration clause on this exact basis, and subsequent cases (Nguyen v Barnes & Noble 763 F.3d 1171; Berkson v Gogo 97 F. Supp. 3d 359) have consistently applied the same approach. While South African courts have not yet produced a definitive appellate authority on the issue, the contractual reasoning translates directly — a user cannot be bound by terms they had no opportunity and no reason to read.
Clickwrap, by contrast, produces an unambiguous record of acceptance. The user is presented with the terms (or a hyperlink to them) and cannot proceed without an affirmative click on an unchecked box or an "I agree" button. This satisfies both the common-law acceptance requirement and the CPA section 49 disclosure requirement, provided the implementation gives the user a genuine opportunity to read the terms and not a pre-checked tick-box or an inconspicuously placed link. Industry best practice is to display the terms in a scrollable panel on the same page, require the user to scroll to the end before the button activates, and capture timestamp, IP address, and account identifier as audit evidence.
Critical drafting and implementation pitfalls
The most common implementation failure is the pre-checked tick-box. Both EU (CJEU Planet49 C-673/17) and South African best practice treat a pre-checked box as invalid consent — the user must take a positive act. Pre-checking the "I agree" box defeats the very purpose of clickwrap. Information Regulator guidance on POPIA consent supports the same conclusion.
The second failure is the "sign-in-wrap" — a hybrid where the user is told on a registration page that "by creating an account you agree to our terms" without any tick-box. Where the notice is truly conspicuous and adjacent to the "Create Account" button, US courts have sometimes upheld sign-in-wraps (Meyer v Uber 868 F.3d 66), but the prudent South African implementation is full clickwrap with an unchecked box.
The third failure is unilateral amendment. Many SaaS terms reserve the right to amend the terms by posting a new version online. CPA section 14 and section 48 regulate this tightly for consumer contracts — amendments that materially prejudice the consumer may be unenforceable unless express affirmative re-acceptance is captured. For material amendments, the prudent approach is to require a fresh clickwrap on the user\'s next login.
The fourth failure is the CPA section 49 plain-language test. A clickwrap presenting 80 pages of dense legalese does not discharge section 49. The most material risk-bearing terms (indemnities, liability caps, waivers, auto-renewal, governing law) should be surfaced in a plain-language summary with a separate tick-box, or at minimum highlighted in bold within the main terms.
How South African courts and the Information Regulator treat each
South African case law on online contract formation remains thin but is developing. The Supreme Court of Appeal in Spring Forest Trading v Wilberry 2015 (2) SA 118 (SCA) confirmed that a WhatsApp exchange can constitute a binding variation under ECTA — the principle being that electronic manifestations of assent are effective if the statutory requirements are met. By extension, a clickwrap acceptance satisfies the acceptance requirement for contract formation.
The Information Regulator, in its guidance notes on consent under POPIA, has emphasised that consent must be voluntary, specific, and informed. Passive browsewrap fails this test — a user cannot give specific informed consent through continued use of a site. The Regulator\'s 2021 guidance on direct marketing (POPIA section 69) likewise requires opt-in consent captured by an affirmative act.
Consumer complaints to the National Consumer Commission under the CPA have repeatedly targeted browsewrap arrangements where consumers were billed for services they did not knowingly accept — particularly in the auto-renewal and mobile-content subscription context. The Commission has consistently treated browsewrap as insufficient evidence of consumer consent.
For practitioners, the safe default is unambiguous: clickwrap for any substantive term, with browsewrap relegated to non-binding public notices (copyright claims, acceptable-use warnings, disclaimer of advice).
Browsewrap assumes consent from silence; clickwrap records it from a click. Only the click survives section 22 of ECTA.
The statutes involved
Electronic Communications and Transactions Act 25 of 2002
Governs electronic transactions, digital signatures, and e-commerce in South Africa.
Consumer Protection Act 68 of 2008
Protects consumer rights in transactions for goods and services within South Africa.
Protection of Personal Information Act 4 of 2013
Regulates the processing of personal information by public and private bodies in South Africa.
Cybercrimes Act 19 of 2020
Criminalises cybercrime offences and imposes breach-reporting duties on electronic communications service providers.
Frequently asked questions
Are clickwrap agreements legally binding in South Africa?
Yes. Section 22 of the Electronic Communications and Transactions Act 25 of 2002 confirms that agreements concluded by data message are valid and enforceable, and section 13(1) validates electronic signatures (including tick-box or button-click acceptance) for most transactions. Provided the user had a genuine opportunity to read the terms, was required to take an affirmative act (clicking an unchecked box or "I agree" button), and the terms comply with the CPA section 49 plain-language disclosure requirements for B2C transactions, the resulting contract is fully enforceable. Carve-outs apply for transactions requiring an advanced electronic signature (for example, alienation of land under the Alienation of Land Act), and for certain consumer rights that cannot be waived under the CPA irrespective of consent.
Is browsewrap enforceable in South Africa?
Generally no for substantive terms. Browsewrap relies on the user being bound merely by continued use of the site, without any affirmative act of acceptance. South African contract law requires genuine consensus (consensus ad idem) and acceptance that is actually communicated — browsewrap fails at both hurdles because the user may never have known the terms existed. The persuasive US authority in Specht v Netscape 306 F.3d 17 (2d Cir 2002) refused to enforce a browsewrap arbitration clause on this basis, and CPA section 49 independently requires that risk-bearing terms be drawn to the consumer's attention before the transaction — a buried footer link does not satisfy this. Browsewrap may still serve narrow non-binding purposes such as asserting copyright over site content or publishing an acceptable-use warning, but should never be relied on for fee obligations, liability limitations, or dispute-resolution clauses.
Does a pre-checked "I agree" box count as clickwrap?
No. The regulatory and judicial consensus is that consent manifested through a pre-checked box is not genuine consent. The CJEU in Planet49 C-673/17 held that a pre-checked box does not constitute valid consent under the ePrivacy Directive, and the South African Information Regulator's POPIA guidance adopts the same position for personal-information consent. For non-POPIA contract formation, a pre-checked box weakens the evidentiary case that the user actually read and agreed to the terms, because the default setting does the "agreeing" rather than the user. Best practice — and what our clickwrap templates enforce — is an unchecked box that the user must affirmatively tick, with timestamp, IP address, and account identifier captured as audit evidence.
Can I amend my SaaS terms without re-getting user consent?
Partially, but with real constraints. Most SaaS terms include a right-to-amend clause allowing the provider to update the terms by posting a new version. For non-material changes (typo corrections, clarifying definitions, updates to contact details), continued use of the service after notification may be treated as acceptance — analogous to a browsewrap for the amendment. For material changes (fee increases, new obligations on the user, changes to liability or dispute-resolution clauses), the prudent and safer approach is to capture a fresh affirmative acceptance via clickwrap on the user's next login, because the original clickwrap cannot reasonably be said to have pre-authorised materially different terms. CPA section 48 (unfair terms) and section 14 (fixed-term renewals) impose additional limits in the consumer context.
Does a clickwrap satisfy POPIA consent requirements?
It can, if correctly designed. POPIA section 1 defines consent as any voluntary, specific, and informed expression of will. Section 11(1)(a) identifies consent as one of six lawful bases for processing personal information. A clickwrap that (a) is separate from or distinct within the main terms of service tick-box, (b) specifically identifies the processing purposes, recipients, and categories of data, and (c) allows the user to consent to some purposes while declining others, meets the POPIA standard. A bundled "I agree to everything" tick-box does not, because it lacks specificity. For direct marketing, POPIA section 69 requires additional opt-in consent that cannot be bundled with general terms of service. Where consent is not the chosen lawful basis (for example, where the processing is necessary to perform a contract), the clickwrap should capture a notification under section 18 rather than a consent.
What evidence should I keep of a user's clickwrap acceptance?
At minimum: the exact version of the terms the user saw (stored as an immutable record, ideally with a content hash), the timestamp of acceptance, the user's IP address, the account or email identifier, and the user-agent string. Best practice goes further: a database record linking the user ID to the specific terms version number, a scroll-tracking event confirming the user scrolled through the terms, and a periodic re-affirmation for material amendments. In a dispute, the enforceability of the clickwrap will hinge on your ability to prove what terms were presented, when, and that the user affirmatively accepted them. Generic server logs showing the user visited the page are not sufficient — you need a transaction record specific to the acceptance event. Our platform captures all of this automatically for every accepted contract.
This clickwrap vs browsewrap in south africa page answers
- Are clickwrap agreements enforceable in South Africa?
- Is browsewrap legal under ECTA?
- Does a terms-of-service footer link bind the user?
- What makes an electronic signature valid under ECTA?
- How do I comply with CPA section 49 online?
- Does POPIA require opt-in consent?
- Can I change my SaaS terms without re-getting consent?
- What is a sign-in-wrap agreement?
- Is a pre-checked tick-box valid consent in South Africa?
- How do I prove a user accepted my online terms?