A recent DTI investigation found that over 50% of company websites broke the law. Make sure yours is not one of them. Common mistakes include not complying with the Data Protection Act, omitting standard terms and conditions of business, misuse of copyright material, exposure to libel and failing to make websites accessible to the disabled.
Customers in the EU now benefit from a swathe of laws and regulations concerning sales and services, and internet business, far from being exempt, is the focus of many of the new policies. The rules can be complex and they change regularly. If you advertise or sell goods or services online, or transmit or store electronic content or provide access to a communication network, you must comply with the E-commerce Regulations (direct marketing by phone or fax are not covered here).
The E-commerce Regulations, which came into force in August 2002, are primarily intended to ensure that online contracts are legally binding and enforceable throughout Europe. The rights and obligations of businesses and consumers are now grounded in law to encourage free movement of all commercial online services across the EEA (i.e. the 15 member states plus Iceland, Norway and Liechtenstein) For most businesses the extra sales gained online more than make up for the hassle and red tape involved.
In this article Duport focuses on how to comply with the E-Commerce Regulations, as well as the other legal requirements which apply to the internet such as the Data Protection Act, the Distant Selling Regulations, and Disability Discrimination. The importance of an internet policy for every company is also examined and we also look at the consequences of not complying with the various rules. Although the list of regulations, acts and laws seems daunting, do not be put off. Many businesses simply cannot afford to ignore the advantages of trading on the world wide web. Yes you have to abide by certain criteria, but any proper e-commerce site does that anyway, and you will probably find you are doing most things right already. There are links to various other articles and websites to help.
What are the main provisions of the e-commerce regulations?
There are four main provisions. These are the country of origin principle, the general information requirements that must be given to the consumer, including advertisements and promotions and finally how to conclude contracts on-line.
In addition the law also provides for limitations on service providers’ liability for unlawful information that they unwittingly carry or store. How to comply with each provision is outlined below.
1) The country of origin principle
UK based businesses have to comply with UK laws even when providing services in France, Germany etc. UK based business must also comply with any consumer contract laws in place in the consumer’s home state.
2) General information requirements
Basically you must now make specified information about your business available on your website. This includes your business’ name, geographic address and other details including your email address.
If you are in any publicly available register or have a registration number or equivalent, these details should also be displayed, plus the particulars of the supervisory body if the service is subject to an authorisation scheme. Details of any professional body with which you are registered must also be on the website.
If the website refers to prices, these must be clear and must indicate whether they include tax and delivery costs. If you form a contract online by electronic means your customer should be able to print and store a copy of the terms and conditions. Make sure these are readily available and clear on the site. Inadequate site design can mean that standard terms of business are omitted and thus they are not part of the contract. In such cases you can be sued abroad due to lack of protection for the customer.
You must provide your customers with information about all the technical details needed to complete the contract (for example “click this box”).You must provide clear information about whether the concluded contract will be filed by you and whether it will be accessible. The languages offered for the conclusion of the contract must be clearly outlined and any relevant codes of conduct to which you subscribe and information on how these can be consulted electronically. Customers need to be able to go back and forth the website to correct any mistakes made before an order is placed. Once the order is placed electronically you must acknowledge a receipt without undue delay (more on contracts below).
3) Advertisements and promotions
If you intent to advertise on the internet, by email or SMS, the Regulations say that “commercial communications” must be clearly recognisable as such. They must clearly identify the person on whose behalf the marketing communication is sent, together with any promotional offer. To address the problem of “spam”, the Privacy and Electronic Communications Regulations require that an individual’s consent is obtained prior to sending them unsolicited advertising by email unless they have already “opted-in” or expressly consented to the receipt of such emails. However existing customers can be sent unsolicited advertising if the direct marketing relates to products and services similar to those they have already purchased. If such “unsolicited commercial communications” are sent they must be identifiable from the subject line of the email, without the need to read the rest of the message. SMS messages are not covered for these purposes.
The Regulations also cover the use of “cookies” – files downloaded from a web server to the PC of a visitor to a website. They can provide the owner of the website with personal details about the visitor, such as what purchases were made from the site, what files were downloaded and the information viewed. The aim of the regulations is to allow the visitor to choose whether they want cookies on their PC. Individuals should be given information about cookies and how to disable them if they wish to.
4) contracting online
Recent regulations are intended to ensure that electronic contracts are binding and enforceable throughout Europe. The Electronic Communications Act 2000 deals with electronic signatures and related certificates. This act gives legal certainty to documents created and sent electronically, creates a framework for legally binding electronic signatures and removes requirements that documents must be in paper form.
Under English law, provided an offer has been accepted and there is a ‘consideration’ (payment), most types of contract can be made regardless of whether or not there is a signed document. The law includes contracts agreed by telephone, letter, fax and email.
It is therefore important that your website is constructed so that it presents ‘an invitation to treat’ rather than an offer. This simply means that the customer is offering to buy goods, rather than you offering to sell them. This gives you, as the website owner, full control over the contractual process, and you are not legally obliged to satisfy each offer that may be made for the items or services you are advertising. This will protect you from risks such as:
entering into contracts that you physically cannot fulfil – for instance if your suppliers discontinue a product or range
entering into illegal contracts, such as with minors below the appropriate age, to purchase the goods advertised
being forced to supply goods which have been under priced on your website in error
If you allow customers to place orders online, you must, as stated earlier, ensure that the terms and conditions of the contract are set out on the website and can be downloaded. This is crucial. Even when the website is simply used as an advertising tool, it is still advisable to clearly set out your terms and conditions. The terms and conditions about when the contract is formed should be crystal clear – for example when the supplier sends back a confirmation email. This will help avoid situations where you are unable to meet the customers’ expectations for any reason. Furthermore, if your company deals with both consumers and other business customers, it is usually better to have two sets of terms and conditions – one to use in connection with sales to consumers and the other for dealing with other businesses.
What are the essential terms of a contract?
Any terms and conditions that you use should obviously be tailored to the needs of your business. Generally any contract for goods or services should address:
the description of goods or services being supplied
the price and payment structure
the delivery details, including the time, place and who is responsible for delivery
the rights of either party to terminate the contract
limitation of liability provisions
confidentiality provisions, especially if the contract is of a sensitive nature
confirmation of which country’s laws applies to the contract
Consumer protection legislation, including the Unfair Terms and Consumer Contracts Regulations 1999 and the Consumer Protection Act 1987, extends to cover goods sold over the internet. Under the Consumer Protection Act 1987, it is an offence to give consumers misleading price information about goods, services, accommodation or facilities. This legislation stipulates that the supplier must sell goods that comply with their description, that match the quality of samples or models, have the same quality and performance characteristics of such goods and are fit for any purpose accepted by the supplier. The consumer has two years from the delivery date to seek redress for faults demonstrably present at the time of delivery, in goods which should have lasted for this length of time.
Clauses limiting one or both parties’ liability can be contentious. Generally, clauses limiting liability need to be reasonable in order to be enforceable, and there are restrictions on the ability of business to limit their liability.
In addition, companies also need to comply with other legal considerations. These include the Data Protection Act, 1998. The eight principles of good practice require that personal data must be fairly and lawfully processed – and only for limited purposes- adequate, relevant and not excessive, accurate, not kept longer than necessary, secure, not transferred to countries without adequate protections and also processed in accordance with the data subjects rights. For many companies it is simply a case of understanding and following the Act and registering the business.
Intellectual Property issues such as copyright and trade marks should be considered, not just for items displayed on your site, but also within any metatags. If your business uses copyright material published on the internet without permission you risk legal action, which could lead to fines or even imprisonment. As with all other material published by traditional means, web pages and email messages are copyright protected as soon as they are created. Everyone must be aware that they cannot copy material verbatim (limited extracts for fair use purposes are allowed).
Security is another consideration – be aware that selling online will necessitate the passing of sensitive data and payment instructions. An online vendor could be liable for breaches of security on their site (see below). Other issues include being aware of specific regulation to specific industries (e.g. premium rate sites and those aimed at children) and access agreements.
Distance selling regulations
The aim of the Distance Selling Regulations 2000 is to protect customers who are not physically present with the seller at the time of purchases. They cover purchases made via email and the internet, together with telephone and mail order. The Regulations apply to transactions between businesses and consumers and do not include business-to-business contracts and auctions.
Consumers have a right to details in writing about the supplier and the terms of the transaction, written confirmation of their orders, further information including a notice of cancellation rights, the complaints procedure, after-sales services and guarantees, and delivery within 30 days unless otherwise agreed.
Customers have seven working days to cancel a contract, and if no details of this cooling off period have been given, the seven days is extended to three months. Even after the goods have been delivered, or the services have been provided, the consumer has the right to withdraw and receive a full refund for a cancelled contract within 30 days. There are some exceptions to cancellation rights including, in certain circumstances, the provision of accommodation, transport, catering or leisure services. Cancellation rights are also curtailed for the sale of personalised goods or perishable goods, sealed audio or video recordings, or software, which has been opened, and also sales by auction.
how does a business comply with the distance selling regulations?
You must provide consumers with the following information before they enter a contract:
supplier’s name, and (where payment is required in advance) the suppliers address
a description of the main characteristics of the goods or services
the price – including all taxes
delivery costs, where applicable
arrangements for payment, delivery and performance
the right to cancel within a certain time period
how long the offer or price remain valid
the minimum duration of the contract where the contract is to be performed permanently or recurrently
whether the supplier will provide substitute goods and services if the ordered goods are unavailable, and if the consumer then cancels, whether the supplier will pay for the return of the substitute goods
In addition the customer must also be given the following in writing – including fax or email:
information about the conditions and procedures for cancelling
the address of the supplier to whom the customer may address complaints
information about any after-sales service and guarantees
the conditions for exercising the contractual right to cancel a contract when the contract is indefinite or lasts for longer than one year
These include banking, insurance, investment or payment services. Retail financial services sold at a distance are regulated by the Distance Selling Directive for Financial Services. Basically, consumer purchasers must receive information about the service and they have a cooling- off period of up to 30 days , depending upon the individual member state’s law, according to the financial service.
However the right of withdrawal does not extend to financial services which could involve speculation, such as foreign exchange, futures, options, collective investment schemes etc.
Taking payment online
The Payment Card Industry Data Security Standard came into force for online retailers from 39 June 2005. It sets out several mandatory procedures for handling cardholder information securely. All online retailers are affected, but any business carrying out more than 20 000 transactions per year will have to have its compliance with the standard audited or risk hefty fines. See www.visaeurope.com/accepting visa/security standards.html
Your website, just like your premises, marketing materials and services, is subject to the Disability Discrimination Act 1995. Websites are specifically mentioned in the DDA Code of Practice which states that any company that provides a service to the public needs to be accessible to all, including people with visual, hearing, physical and reading impairments. What is more, it is you, the website owner, and not your website developer, who is responsible for ensuring that your website is accessible.
Your website needs to comply with the W3C (World Wide Web Consortium) Accessibility Guidelines. There are three levels of compliance, with Priority 1 being the minimum and Priority 2 recommended by the EU.
Check how accessible your website is by using a free online service. For example try WAVE which checks pages for content, quality, accessibility and privacy.
Setting your internet policy and implementing it
You are responsible for the actions of your employees and you must have an internet policy.
An internet policy will ensure that all staff understand your business’ requirements for both email and internet use, and will allow you to maintain on-going compliance. An internet policy will address issues such as:
the extent of your employee’s right to use the internet at work
strict adherence to unalterable security settings
your right to monitor both business and personal emails and internet use
illegal activities, including pornography, crime and fraud
virus protection and handling of attachments
copyright with regard to downloading and publishing material from the internet
forming contracts with customers
sexual and racial discrimination or harassment
the Companies Act 1985 – email as stationery
What happens to businesses that do not comply with e-marketing regulations?
Non-compliance could have serious implications for a business. Depending on the exact nature of the non-compliance, end users may, for example cancel their order, seek a court order against you, and/or sue for damages for breach of statutory duty (if they can demonstrate that they have suffered a loss as a result of your failure to comply).
Trading Standards can also apply to the courts for a ‘Stop Now Order’ if your failure to comply with the regulations “harms the collective interest of consumers”. Courts have powers to order you to publish corrective statements with a view to eliminating the continuing effects of past infringements. A business that fails to comply with a Stop Now Order may be in contempt of court and can face a fine and/or imprisonment. The Regulations can be enforced by any body able to impose a sanction for failure to observe or comply with any provision of UK law. This includes, for example Trading Standards Departments, the Office of Fair Trading and the Independent Committee for the Supervision of Standards of Telephone Information Services.