Keeping it legal when running an e-commerce website
Launching and running an online business may seem a world away from the bureaucratic red tape associated with having a high street presence and the stringent regulations that govern the sale of products and services. Rules do exist on the information super highway and it is important that you are aware of these restrictions so you’re not breaking the law.
In the UK there are four important acts, directives and laws that you must comply with if you are selling goods or services online. These are:
- The Electronic Commerce (EC Directive) Regulations 2002
- The Data Protection Act 1998
- The Distance Selling Act 2000
- ICO Cookie Law
The first of these, The Electronic Commerce Directive came into force on the 21st August 2002 and lays out the ground rules associated with commercial communication with the customer and the contact information you must provide. The directive states that the term “commercial communication” means a communication, in any form, designed to promote, directly or indirectly, the goods, services or image of any person pursuing a commercial, industrial or craft activity or exercising a regulated profession.
So in essence any wording or image you display which relates to selling goods or services is affected by this directive.
The Electronic Commerce (EC Directive) Regulations 2002
- You must clearly display your website’s “terms and conditions”.
- You must provide clear information on a products price, tax and the cost of delivery.
- You must acknowledge all orders.
- You may refer to professional or trade schemes if applicable.
- You must display your business name, company registration number, your VAT number, your geographical address (a PO Box is not allowed) and other direct contact information such as email address and telephone number.
- You must define clearly any marketing offers and the conditions of these offers.
- If you send unsolicited emails you must identify these as being unsolicited.
- You must clearly identify any emails to customers which are of a commercial nature.
- You must always identify the sender of any electronic communication.
Data Protection Act 1998
The Data Protection Act is a set of rules that govern how you deal with personal details of your customers. Whether you are collecting data for marketing purposes or storing address details of people who have placed an order online, you must register and comply. The first step is to register your business and this can be done at http://ico.org.uk.
There is a small administration fee and once you are registered you must continue to adhere to the act. If you are not registered and are in breach of the act, this will certainly have legal ramifications for you and your business. The act applies to a business of any size.
- You must only record data of a person what is pertinent to the needs of your business.
- All personal data must be held in a secure way and provided or removed upon request from the individual.
- Your terms and conditions on your website must indicate what you do with personal data and you must not then deviate from this.
- Data collected must not be taken out of the EU (even digitally via email) without permission from the individuals involved.
- You must therefore ensure that your terms and conditions specify whether data could be used by third party organisations outside the EU and provide guidance on how people can remove their data.
Importantly you must register under the Data Protection Act if you collect personal information including customers, employees or future customers.
Then there is the Distance Selling Act 2000 which is about the rights of customers.
Note though that this act is aimed at consumer protection and is not applicable to transactions of a “business to business” nature.
The Distance Selling Act 2000
- You must provide clear and concise information about your products before purchase.
- You must show clearly postage and packing costs.
- You must indicate whether VAT is included on the prices shown.
- All goods (excluding perishable and digital downloads) are subject to a 14 day returns period whereby a customer can cancel or return their order.
- Every order online must be followed by written communication (normally an email).
- Your terms and conditions must stipulate that a customer has a right to return goods for a full refund, other than return postage costs.
ICO Cookie Law
You have no doubt seen on many websites a message saying you must accept the fact that “cookies” are used to store data before continuing.
This law relates to certain types of information collected, which are stored on the persons device (smartphone/computer) in the form of a cookie – in essence a small text file.
It is a law that doesn’t necessarily affect an e-commerce store but if you currently run a store then it would be wise to undertake a small audit of your website (talk with your web agency) to find out if information is tracked, how it is and why.
The law was created with the intention to target websites that are using tracking in devious or suspicious ways and not for websites using standard analytic or marketing systems, such as Google Analytics.
Google Analytics does not collect personal information that is identifiable back to an individual and as such, explicit consent is not required.
It is also understood that to run an e-commerce store, the basket facility must have some way of storing a users choice of products in order to buy. This must therefore use a cookie.
This normal use of a cookie is again exempt from this law unless your e-commerce platform is keeping track of all user activity from multiple visits to build up a personal picture of individuals who can be identified.
As you can see, red tape does indeed apply its stickiness to the online world. However, by understanding and being provided guidance by your web agency, you should be able to stay behind the thin blue line. For more information on whether your website is compliant with the relevant laws, please contact us at firstname.lastname@example.org or 01202 798 321.