In the United Kingdom’s non-financial sector, e-commerce sales in 2018 were around £688 billion, which was a growth of 18% from the previous year and the greatest increase since comparable records began in 2014. This clearly shows that businesses need to operate online to be able to compete in the modern market. The Covid-19 pandemic has intensified the need for online activity.
There is no globally accepted definition of electronic commerce. However, the Organisation for Economic Co-operation and Development has defined e-commerce as the following; ‘An e-commerce transaction is the sale or purchase of goods or services, conducted over computer networks by methods specifically designed for the purpose of receiving or placing of orders. The goods or services are ordered by those methods, but the payment and the ultimate delivery of the goods or services do not have to be conducted online. An e-commerce transaction can be between enterprises, households, individuals, governments, and other public or private organisations. To be included are orders made over the web, extranet or electronic data interchange. The type is defined by the method of placing the order. To be excluded are orders made by telephone calls, facsimile or manually typed e-mail.’
With all this in mind this article will now briefly discuss various requirements that a website needs to comply with.
A company or partnership operating a website must provide information about itself on the site. This applies to any website, even those that do not have any e-commerce functionality. The information needs to be easy to find. Usually it is shown on a ‘contact us’ or ‘about us’ page. The information should include:
- Name of website operator (trading and registered names).
- Company registration number and place of registration.
- Physical address. This includes the registered office address, established address, and any address for the receipt of notices required by law.
- Communications address (postal address, email address and telephone number or other method of contacting by non-electronic means).
- VAT number, if applicable
- Name of any trade bodies, professional associations, or authorisation schemes that the business belongs to or is subject to. Including membership or registration details of the relevant authority.
- Details of any alternative dispute resolution procedures applicable.
There are additional and overlapping requirements regarding the disclosure of information depending on the website’s functions. These are shown in the:
- Electronic Commerce (EC Directive) Regulations 2002.
- Provision of Services Regulations 2009.
- Company, Limited Liability Partnership and Business (Names and Trading Disclosures) Regulations 2015.
A website operator that sells to consumers must comply with the Consumer Rights Act 2015. Some of what the act covers is, goods, services, digital content, and unfair terms.
The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 applies to contracts made through a website amongst other things. The regulations contain:
- Pre-contract information requirements.
- A requirement for consumers to acknowledge their obligation to pay.
- Consumer cancellation rights.
- A prohibition on hidden costs.
- Restrictions on help-line charges.
The Consumer Protection from Unfair Trading Regulations 2008 require the fair treatment of consumers by businesses. They include the transaction of goods, services, digital content, and immoveable property. They prohibit certain commercial practices.
As most websites will collect some degree of personal data, the website owners will be classed as data controllers. They are then required to comply with the General Data Protection Regulation (GDPR) ((EU 2017/679) applied into UK law with the Data Protection Act 2018. This includes drafting notices and privacy policies.
Under the Equality Act 2010 website operators are obligated to make reasonable adjustments for disabled people in the services that they provide.
Cyber-security obligations arise from various laws including the GDPR (concerning personal data) and the Network and Information Systems Regulations 2018 regarding certain digital service providers and operators of essential services. Both require security breaches to be notified in certain situations and impose significant fines for breach of the relevant obligations. Security breaches may also place a business in breach of other obligations such as, confidentiality or contractual.
If a website includes the function to make payments for internet transactions including, physical payments by cheque, Worldpay, PayPal or credit/debit card then additional regulations will apply.
There are other areas to consider such as, advertising law, competition law, taxation, intellectual property, and respecting copyright.
Our Bronze, Silver, Gold and Diamond Stay Legal packages offer a one stop shop solution to take the stress away from you and ensure your website stays legal.