No industry survives without regulations and if there is any industry or business that needs regulations, then online businesses or the eCommerce industry must be on the list. The truth is that regulation is particularly important in combatting commercial fraud, the sale of counterfeit goods, and promoting consumer confidence in transacting online whilst giving sellers more credibility and legitimacy.

The United Kingdom’s legal requirements for online businesses govern digital product and service sales, digital copyrights, as well as customer data collection, storage, and processing.

In the United Kingdom, you can bet that the reason why the online or the eCommerce industry is growing is the fact that the government has been able to put in place legal requirements for all online businesses that operate within the United Kingdom.

Having said that, here are the four main legal requirements all online businesses operating in the UK must comply with.

What are the Legal Requirements for Online Business in the UK?

  1. The Electronic Commerce (EC Directive) Regulations 2002

The Electronic Commerce Regulations govern the way online businesses communicate with their customers. To comply with the Electronic Commerce Regulations, you must ensure that:

  • Your business name and address, company registration number, VAT number, and direct contact information (e.g. email address and phone numbers) are displayed on your website
  • Your website clearly states its terms and conditions
  • Clear information is provided on prices, tax, and delivery charges
  • All orders are acknowledged in writing (e.g., by email)
  • Any marketing offers and their terms are made clear
  • Any communication sent from your company identifies the sender
  • Promotional/advertising emails make it obvious they are of a commercial nature
  • Unsolicited emails are identified as unsolicited

Please note that this legal requirement is designed to have an impact on all online businesses and will mean that things will need to be put in place before you launch your company’s website.

You will need to ensure that your business information is on your contact page, that you have a terms and conditions page, that an automatic response email is set up to acknowledge orders, and that an email signature is created so that all emails identify the sender. You also need to ensure any e-commerce software is set up so that prices, VAT, and delivery charges are seen.

  1. Data Protection Act 1998

The Data Protection Act is designed to protect personal information and it applies to all organizations, not just commercial ones. If you collect the personal information of anyone, either internally as an organization or of visitors to your website, then you are legally required to register with the Information Commissioners Office (ICO) and comply with the Data Protection Act.

This applies to information collected by any means, not just electronically. You can register by visiting the ICO website, where you will need to name a member of your staff as the official Data Controller for your business. To comply with the Data Protection Act 1998, you must:

  • Register with the ICO
  • Only collect personal data if it is important to your business needs
  • Ensure all data is securely stored
  • Remove personal data if the individual requests it
  • Make it clear in your terms and conditions what you use the data for and comply with what you state
  • Not move any collected data out of the EU without permission from the individual
  • Specify in your terms and conditions if any data used by third-party organizations (such as Google Analytics) moves outside the EU
  • Provide advice to show individuals how to remove their data

Please note that the essence of this requirement is that you are expected to put things in place before you launch your website including further additions to your terms and conditions. Perhaps the most important requirement is making sure any digital data you collect is secure from hackers. Make sure your website is protected using strong passwords, is scanned for intrusion, and that personal information is encrypted.

  1. The Consumer Protection (Distance Regulations 2000Selling)

One of the major reasons why The Consumer Protection (Distance Regulations 2000Selling) was enacted is to protect the rights of customers. The law applies to businesses that supply goods and services to the general public, it does not cover B2B transactions.

Please note that under the Consumer Protection (Distance Selling) Regulations 2000, online businesses need to do the following:

  • Provide clear and concise information about products and services before purchase
  • Clearly show postage and packaging costs
  • Inform customers whether the price includes VAT
  • Give all customers a 14-day period where they can cancel or return their order (excludes perishable goods and digital downloads)
  • Acknowledge every order in writing (e.g. by email).
  • Explain that customers can return goods for a full refund (except return postage) in your terms and conditions.

It is important to note that some of these conditions overlap with the Electronic Commerce Regulations, however, there is an additional clause to be added to your terms and conditions. The biggest impact here is to recognize that you have to accept returns, even if the product has been opened.

  1. Privacy and Electronic Communications (EC Directive) Regulations 2003

Lastly, another legal requirement that an online business operating in the United Kingdom should comply with is the Privacy and Electronic Communications (EC Directive) Regulations 2003. If you run a website that leaves a cookie on the user’s device, then you are obliged to comply with the revised regulations.

Cookies are small text files that enable websites to track how visitors use their sites. They can be used to gather information on browsing habits and user preferences. The Cookie Law was created to protect internet users from websites that were using cookies for illegitimate reasons.

Although you may not have deliberately intended to create cookies on your site, some of the software or plugins you use, such as Google Analytics, could create them. If you have an online store, your shopping basket software will use cookies to record the customer’s product choice. If you use cookies on your website as an online business, then you are required to:

  • Inform every visitor that you use cookies
  • Provide information about how you use cookies in your privacy policy
  • Inform your users how to turn off cookies (they can do this themselves in their browser settings.)

Please note that for all online businesses operating in the United Kingdom, the Cookie Law means adding more information to the privacy policy section of your terms and conditions (unless your privacy policy is a separate page.)

In addition, you will need to provide a means of displaying that you use cookies. The best way to achieve this is to use a Cookie Law plugin. These appear when a user first arrives at your website and can be closed by the user or vanish after a specific time. You can also use these to provide links to your privacy policy and to give details of how to turn cookies off.

In Conclusion,

It is important to clearly state that the legal requirements for online businesses that operate in the UK or rather all the laws, regulations, and associated EU directives are subject to change. This is why we usually advise that before proceeding, you should check with the Sale of Goods and Services and Data Protection page on the gov.uk website which covers the needs of online businesses.