Just like any other enterprise, an online business has legal responsibilities and it is up to the owner to ensure that these are complied with. This is true whether you are a large organisation or someone who has set up a small website to sell a few things in their spare time. To make sure that you understand your legal obligations and to stop you falling foul of the law, this article will explain the legal responsibilities of online businesses that are based in or trade in the UK.
There are four main laws that online businesses have to comply with in the UK, these are:
- The Electronic Commerce (EC Directive) Regulations 2002
- The Data Protection Act 1998
- The Consumer Protection (Distance Selling) Regulations 2000
- Privacy and Electronic Communications (EC Directive) Regulations 2003
The Electronic Commerce (EC Directive) Regulations 2002
The Electronic Commerce Regulations govern the way online businesses communicate with their customers. To give some clarity here, it is best to understand customers as anyone who uses your website, not just people who buy from you and communication as any text or images, either on your website or in other form (emails, etc.) which is intended, directly or indirectly, to sell products or services.
To comply with the Electronic Commerce Regulations, you must ensure that:
- your business name and address, company registration number, VAT number and direct contact information (e.g. email address and phone numbers) are clearly displayed on your website
- your website’s clearly displays its terms and conditions
- clear information is provided on prices, tax and delivery charges
- all orders are acknowledged in writing (e.g. by email)
- any marketing offers and their terms are made clear
- any communication sent from your company identifies the sender
- promotional / advertising emails make it obvious they are of a commercial nature
- unsolicited emails are identified as unsolicited
This will clearly have an impact on all online businesses and will mean that things will need to be put in place before you launch your company website. You will need to ensure your business information is on your contact page, that you have a terms and conditions page, that an automatic response email is set up to acknowledge orders and that an email signature is created so that all emails clearly identify the sender. You also need to ensure any e-commerce software is set up so that prices, VAT and delivery charges are clearly seen.
Data Protection Act 1998
The Data Protection Act is designed to protect personal information and it applies to all organisations not just commercial ones. If you collect the personal information of anyone, either internally as an organisation or of visitors to your website, then you are legally required to register with the Information Commissioners Office (ICO) and comply with the Data Protection Act. This applies to information collected by any means, not just electronically. You can register by visiting the ICO website, where you will need to name a member of your staff as the official Data Controller for your business.
To comply with the Data Protection Act you must:
- register with the ICO
- only collect personal data if it is important to your business needs
- ensure all data is securely stored
- remove personal data if the individual requests it
- make it clear in your terms and conditions what you use the data for and comply with what you state
- not move any collected data out of the EU without permission from the individual
- specify in your terms and conditions if any data used by third-party organisations (such as Google Analytics) moves outside the EU
- provide advice to show individuals how to remove their data
Again, there is much here which will require putting into place before you launch your website including further additions to your terms and conditions. Perhaps the most important requirement is making sure any digital data you collect is secure from hackers. Make sure your website is protected using strong passwords, is scanned for intrusion and that personal information is encrypted.
The Consumer Protection (Distance Selling) Regulations 2000
The aim of the Distance Selling Regulations is to protect the rights of customers. The law applies to businesses who supply goods and services to the general public, it does not cover B2B transactions.
Under the Consumer Protection (Distance Selling) Regulations 2000, online businesses need to do the following:
- provide clear and concise information about products and services prior to purchase
- clearly show postage and packaging costs
- inform customers whether the price includes VAT
- give all customers a 14 day period where they can cancel or return their order (excludes perishable goods and digital downloads)
- acknowledge every order in writing (e.g. by email).
- explain that customers can return goods for a full refund (except return postage) in your terms and conditions.
Some of these conditions overlap with the Electronic Commerce Regulations, however, there is an additional clause to be added to your terms and conditions. The biggest impact here is to recognise that you have to accept returns, even if the product has been opened.
Privacy and Electronic Communications (EC Directive) Regulations 2003
Cookie law popups have been annoying everyone’s browsing experience since they were introduced in the UK in 2012 under the amended regulations, however, for the time being they are part and parcel of online trading and if you run a website that leaves a cookie on the user’s device, then you are obliged to comply with the revised regulations.
- inform your users how to turn off cookies (they can do this themselves in their browser settings.)
It is important if you run an online business that you stay within the law. Doing so not improves your business reputation but also ensures you don’t end up being prosecuted. After reading this article, you should now have a better understanding of the obligations you need to meet and the things you must put into place before launching your online business.
If you are looking for business web hosting that can provide you with the security you need to keep your data safe, take a look at our business hosting page.
Please note that the laws, regulations and associated EU directives are subject to change. Before proceeding, you should check with the Sale of Goods and Services and Data Protection page of the gov.uk website which covers the needs of online businesses.