Just like other businesses, when starting an ecommerce business, you will need to consider the legal requirements. In addition to other statutes, regulations, and directives, there are four legal instruments that you must beware of and comply with. These are:
- The Data Protection Act 1998
- The Consumer Contract (Information, Cancellation and additional Charges) Regulations 2013
- The Electronic Commerce (EC Directive) Regulations 2002
- ICO Cookie Policy
The Act makes provision on how you should deal with your customers’ personal details. You realise that ecommerce business will usually deal with customers’ data for various reasons such as marketing and storage of personal information of customers who place orders. To collect customer, employee or future customer information, you are required to register. Other key requirements under this Act are:
- You should only record a person’s data if it is relevant for your business
- Any personal data must be held securely and removed or provided at the request of the person to whom it relates
- Under your terms and conditions, you must clearly indicate what you do with personal data and should stick to only that.
- You should not take data anywhere outside the EU except with the permission of the person to whom it relates. Consequently, your terms and conditions should state whether you share data with people or organisations outside the EU. You must also provide steps by which one can remove their personal data from your website.
The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013
Basically, these are consumer protection regulations and do not apply to B2B transactions. As an ecommerce seller, the regulations require that you provide full information relating to your products before selling them to a consumer. Additionally, you are required to include all applicable charges such as VAT, postage and packing costs. Moreover, the regulations provide that a customer may cancel a purchase within 14 days of making an order and such a customer will be entitled to a full refund, excluding return postage costs. This must be indicated on your website under terms and conditions. Finally, where a customer makes an order, you must communicate to them in writing, usually email.
The Electronic Commerce (EC Directive) Regulations 2002
Some of the provisions in the directive are similar to those discussed above. The regulations require you clearly display your terms and conditions on your website; clearly indicate the price of every product including all charges such as the cost of delivery and tax; acknowledge all customer orders; display your company/business name, registration number, physical address and other contact details like email and telephone number. In addition to these, you are required to clearly state the conditions of any marketing offers; identify any unsolicited emails as such, and identify any emails of commercial nature that you send to customers.
Information Commissioner’s Office (ICO) Cookie Policy
In the event that you intend to use cookies to collect information from people visiting your website, you will need to update your privacy policy to inform your visitors of this fact. This policy was not intended for websites using standard analytics such as Google analytics.
As you may have noticed, the regulations discussed here were passed to implement EU directives. The UK law is greatly integrated with the EU law. However, it remains to be seen whether they will be repealed once the UK effectively exits the EU in line with the 2016 Brexit referendum vote. Exiting the EU is a process and may take years. Before then, you need to comply with all these laws and regulations.
