Legal Requirements for Ecommerce Websites
There are many worldwide and country specific rules, regulations and laws that govern how websites and in particular ecommerce enabled website should be presented, work and what content should feature on them.
This is a quick guide to the main issues which effect ecommerce businesses using shopping cart software. This is in no way a complete guide and you should always seek proper legal advice from professionals if you are unsure about any legal issues with your website or online shop.
In the UK if you are running an ecommerce enabled website there are three major acts and directives that you must comply with. These acts and directives are
- Data Protection Act 1998
- Distance Selling Act 2000
- Ecommerce Directive 2002
We have covered the basics of each of these acts and directives below along with contact information should you wish to learn more about them.
(a) You must register under the Data Protection Act if you collect any kind of information about people, these could be your customers, employees or potential customers. This information includes names, addresses, telephone numbers and email addresses.
(b) You must state what you do and intend to do with your subject's data and not deviate from that statement.
(c) The Act is applies to any size of business.
(d) You must not export the personal data outside the EC (European Community) without permission from the people you are collecting data on.
(e) You must ensure that all information is held securely and must be revealed or deleted upon request from the subjects of the information.
(f) You must only record data which is pertinent to your prime business needs.
For more information see: The Data Protection Act 1998
Consumer Protection (Distance Selling) Regulations
The Consumer Protection (Distance Selling) Regulations 2000 apply to many ecommerce websites. However, they are not applicable to 'business-to-business' transactions.
(a) You must provide clear information about your products and services before purchase.
(b) You must be clear about postage and packing costs and whether VAT or any other tax is included in the prices shown on your website.
(c) You must provide a written confirmation of order following purchase, for example a confirmation email.
(d) You must allow a "cooling off" period where by the customer can change their mind and cancel or return the order within 7 working days for most goods. Certain exclusions do apply with items such as perishable and digital goods.
(e) You must inform your customers of their right to cancel their order with no loss other than return postage and packing.
For more information see: The Consumer Protection (Distance Selling) Regulations 2000
(a) You must display the name of your business, the company registration number (or proprietor's name), geographical address (not a PO Box number), contact information e.g., telephone number and email address, VAT registration number (if registered).
(b) You may refer to trade or professional schemes if applicable.
(c) You must provide clear information on price, tax and delivery to buyers.
(d) You must clearly display your site's Terms and Conditions.
(e) You must acknowledge all orders.
(f) In commercial communication with your customers, you must clearly identify any electronic communication designed to promote your goods or services.
(g) You must clearly identify the sender of all electronic communication.
(h) You must clearly define any promotional offers and the qualifying conditions regarding these offers.
(i) If you send unsolicited emails, you must clearly identify them as unsolicited.
For more information see: The Electronic Commerce (EC Directive) Regulations 2002
Information Commissioner’s Office e-privacy directive (ICO Cookie Law)
(a) Your website must provide clear and comprehensive information about the purposes of the storage of, or access to that information.
(c) Cookies used for functional purposes do not require consent. Cookies used by ekmPowershop.com for instance, which make the cart and other aspects work properly do not require consent/opt in.
For more information see: Information Commissioner’s Office e-privacy directive.