| This guide
serves as an introduction to some of the key legal issues
that apply to the Internet. However, many aspects of the law,
particularly in relation to e-commerce, are still being developed
and are subject to change. In most cases, you will need some
legal understanding to help your online venture be successful.
What are the risks?
Even if you’re only using a website to display your
wares or collect data on your customers, there are legal implications.
If you intend to trade on your website, and many companies
with an online presence take up this opportunity, then the
legal implications increase.
E-commerce is just like any other form of commercial activity
and is largely bound by the same regulations and legal principles.
This means it also carries the same penalties, if you break
the law.
Just because the Internet is difficult to police, don’t
assume it won’t be noticed if you flaunt the rules –
where loopholes do currently exist, you can be sure there
are people working to rectify the oversights.
Many Internet regulations exist to protect the rights of
your customers. You ignore these at your peril because an
Internet customer has great power at his or her fingertips.
A poor experience on your website can quickly be publicised
(e.g. through blogs) and materially damage your reputation.
It is vital that you:
- Give one person in your company responsibility for complying
with the legal requirements of having a website.
- Don’t start trading online without seeking legal
advice about your terms and conditions (discussed below).
Finally, the laws that govern the Internet are not international
and you must at least abide by the laws of the country where
your registered office is. You should also consider taking
advice regarding any conflicting laws with other jurisdictions
if any of your business comes from abroad.
What are the regulations?
Regulation of the Internet falls into two categories:
- Established laws – the rules of which can be applied
to online activities.
- New laws specifically created to address Internet issues.
The laws that are most relevant to the Internet are:
The Data Protection Act 1998
This Act provides rules that apply to the processing of personal
data. The term ‘processing’ in the Act has a very
broad meaning and includes obtaining, recording and holding
data which relates to or may identify a living individual,
as well as organising, altering or disclosing such information.
The Act exists to protect the interests and wishes of the
individual. The growth of e-commerce raises a threat to the
‘right to privacy’ of an individual because of
the ease of data flow on the web. It is recognised that some
data is usually considered more private than the rest and
requires special protection. In practice, almost every business
needs to register, including those that only deal in a business-to-business
(B2B) environment. The other key principle is to ensure individuals
consent to all the use you intend to make of their personal
data.
The Consumer Protection (Distance Selling) Regulations
2000
These Regulations (derived from a European Directive) protect
consumers against some of the risks involved in distance selling.
The Directive aims to encourage and increase confidence among
consumers and attempts to harmonise laws in the European member
states. The Regulations cover any contract where the supplier
and consumer don’t come face to face, which obviously
includes telephone sales and mail order as well as e-commerce.
The Regulations specify that, prior to the conclusion of
any contract, the buyer should be provided with certain information.
This includes, for example, the identity and postal address
of the supplier. You also need to provide a set of terms and
conditions and clearly inform consumers of their rights under
these Regulations, in particular the existence of a cooling-off
period in respect of most contracts which allows the consumer
to cancel the contract, return the goods and get his or her
money back.
The Electronic Commerce (EC Directive) Regulations
2002
These Regulations (derived from a European Directive) apply
to anyone providing goods or services electronically, particularly
via a website. These Regulations apply both in respect of
business-to-business (B2B) transactions as well as business-to-consumer
(B2C) transactions.
The Regulations require that suppliers provide the customer
with certain information (similar to the Distance Selling
Regulations referred to above) but in addition, suppliers
must inform customers of the steps needed to form a contract.
Suppliers must also give customers an opportunity to amend
any input errors prior to the placing of the order and provide
the terms and conditions applicable to the contract in a downloadable
form.
Some of the requirements of the Regulations may be contracted
out of when dealing in B2B transactions, which is another
reason why any business (whether dealing electronically or
not) should have an up-to-date set of terms and conditions
of business which apply to its contracts.
The Electronic Communications Act 2000
This Act gave legal validity to digital signatures and created
a voluntary framework for providing encryption services.
The Privacy and Electronic Communications (EC Directive)
Regulations 2003
These Regulations came into force in December 2003 and come
under a European Directive of the same name. The Directive,
among other things, has introduced new rules relating to the
use of email and SMS messages for marketing purposes. It also
regulates the use of devices used by websites to track users,
eg cookies. The regulations in the Directive must now be taken
into account when planning and designing a website.
How do I comply with the Acts?
The Data Protection Act 1998
Every data controller must notify the Information Commissioner
and comply with the Act. Notification requires you to supply:
- Your name and registered business address.
- The name and address of a nominated company representative.
- A description of the personal data being processed.
- A description of the purpose(s) for which the data is
being processed.
- A description of the recipients the data will be disclosed
to.
- The names of countries that data will be transferred to
that are outside the European Economic Area.
The Data Protection Act requires you to abide by eight principles.
These insist that:
- You process data fairly and lawfully with the express
consent of the individual.
- You obtain data only for specified and lawful purposes.
- Data must be adequate, relevant and not excessive relative
to your purposes.
- You must not keep data for longer than is necessary.
- You process data in accordance with the rights of the
data subjects.
- You take appropriate technical and organisational methods
to protect the security of personal data.
- You transfer data outside the European Economic Area only
to countries with an adequate level of data protection.
Any business collecting personal data should be aware that
the people they collect information about have greater protection
under this Act than its predecessor. This protection includes:
- The right to consent in advance to how any data about
them is to be used (‘fair obtaining’).
- The right to be informed whether a company holds data
on him/her, what this data comprises and to see the data
held.
- The right to object to data being processed for direct
marketing purposes.
- Additional rights for sensitive personal data, e.g. data
referring to racial/ethnic origin, political stance or religious
belief.
- The right to ensure that no significant decisions are
taken based solely on the automated processing of data.
- The right to destroy, erase or rectify inaccurate data.
- The right to claim damages where loss is suffered as a
result of any breach of the Act.
One way many businesses trading online ensure they are fulfilling
the Data Protection Act’s requirement to obtain customer
consent is to have a privacy policy published on their website.
It is also a good way of getting customers and potential customers
to view the company in a positive light by telling them how
you are using and protecting their data, and what rights they
have. A typical policy will include:
- What categories of information you are collecting (e.g.
name, email address, telephone numbers).
- Why you want the information (e.g. for invoicing, delivery
or marketing).
- The way you will (and will not) use the information (e.g.
to share information with contractors, not to sell to third
parties).
- The security measures you are taking to protect their
data.
- Your customers’ rights (e.g. to correct data).
- Your company’s contact details.
The Consumer Protection (Distance Selling) Regulations
2000
These Regulations (again derived from an EU Directive) specify
that prior, to the conclusion of any contract, the consumer
must be provided with the following information:
- The identity and postal address of the supplier.
- A description of the main characteristics of the goods/services.
- The price of the goods/services including all taxes.
- Delivery costs and payment terms.
- The existence of a right of cancellation (normally seven
working days).
- Statement about how long the offer price remains valid.
- Information on complaints and after-sales services.
In addition, you should always state for your own protection
that a binding contract is subject to confirmation and availability
of goods. Many companies send an email to confirm the contract
once they have checked availability.
The information your customers require should be included
in your terms and conditions. There are a number of ways of
informing your customers of your terms and conditions, but
each carries different weight in legal terms and this needs
to be balanced with the effect on the attractiveness of your
site.
A simple reference statement that the contract is subject
to your terms and conditions, hyperlinked to a page that displays
them, is a popular choice because it doesn’t disrupt
the website. However, a court might decide that the link does
not do enough to draw the attention of the customer to the
terms and conditions, and that, therefore, the terms and conditions
are of no effect.
Placing all of the terms and conditions on the order page
carries more legal weight but can look unattractive. In addition,
the user remains passive as the site hasn’t actively
demonstrated that he/she has read the terms and conditions.
A more effective legal method is to create a dialogue box.
Here the customer is forced to review the terms and agree
them through positive action (eg by clicking ‘I agree’).
You would not need to prove that the customer actually read
the terms and conditions but rather that, as part of the order
process, the customer was required to, and was given a clear
opportunity to review the terms and conditions, and this was
actually confirmed by the customer. This method calls for
the use of available website design methods to protect your
commercial interests more effectively, without compromising
the attractiveness of your website. Perhaps only first-time
customers should be required to perform the full ‘review
and click’ process as you can argue for subsequent visits
that they are familiar with your terms and conditions. This
really is a question each business must view individually
in light of all the relevant circumstances to balance commercial
viability with legal protection.
The Electronic Commerce (EC Directive) Regulations
2002
You should review the Regulations and ensure that the required
information (most of which is required also under other legislation
mentioned above) is provided to your customers in the required
form, and that the necessary procedures (such as order amendment
and downloadable terms and conditions) are complied with.
It may be useful to review websites of reputable online traders
to get a flavour for the impact these (and the other) Regulations
have on websites.
The Electronic Communications Act 2000
You will need to seek professional help to allow your customers
to benefit from the convenience of digital signatures. Many
financial products including mortgages, loans and insurance
policies can now be signed and sealed online.
Digital signatures require encrypted strings of information
that can securely identify the sender of a message.
Other legal considerations
Intellectual property issues
- Copyright
Existing English copyright laws apply on the Internet.
If you are generating your own site content, copyright
arises automatically without the need for any registration,
but notifying your website visitors of your reserved rights
will help you in any dispute (e.g. © Your Company
2005). Any content your employees create should already
be covered by their contract of employment – which
should transfer all intellectual property rights to the
employer.
If someone is designing your website for you, the intellectual
property rights will usually remain with the designer.
You should contract with your designer to pass those rights
to you – or you may find you can no longer use your
site if you terminate the contract with the designer.
Similarly, software copyright is usually held by the supplier
who simply licenses you to use it. If you have bespoke
software made, ensure the rights are formally transferred
to you.
You must be careful not to breach anyone else’s
copyright by using their material. This can even apply
to sites to which you create a hyperlink – so make
sure you get permission.
If you are happy, or even keen, for your visitors to
use, reproduce or adapt anything on your website, then
make their rights clear by stating this.
-
Domain names, trademarks and passing-off
When you select your domain name, take care not to infringe
someone else’s registered trademark by carrying
out a trademark search. Register your own domain name
as a trademark to stop others infringing your rights.
The much-publicised practice of cybersquatting –
registering a well-known trade name as a domain name then
holding a company to ransom for it – is now illegal
in many countries. In Britain judges have not viewed the
practice very kindly and it is becoming a lot less common.
If your trademark isn’t registered, then you have
to rely on the law of passing-off, where you can sue anyone
taking advantage of the reputation you have built up by
pretending to be you. It is much safer to register your
trademark, because passing-off is very hard to prove.
Finally, ensure any site visitors are aware of your registered
trademarks. This should help deter people from infringing
your rights.
Internet Advertising
All UK advertising is governed by industry self-regulation
set out by the Advertising Standards Authority (ASA), which
also covers Internet advertising. The ASA’s Code of
Practice insists adverts must be legal, decent, honest and
truthful.
There is also a good deal of relevant legislation for Internet
advertising. Again, it mirrors that for traditional media
and includes the Trades Descriptions Act and the Price Making
Order. You must assume that any legal rules applying to printed
material will also apply to your website, though it may not
always be easy to apply them directly.
A major pitfall of Internet advertising is the many jurisdictions
that can apply according to who will see your website. In
general there should not be a problem unless you are directing
your site or sales to people abroad. You must take legal advice
on this subject, and may find you need to run a disclaimer
saying an offer is only available to UK residents. Advertising
laws are more stringent in some countries, e.g. in Denmark
where no advertising is allowed to target children. You may
also find that the sale you make to consumers abroad is subject
to their local law, even if your terms and conditions apply
to English law.
Links and Information
Websites
View the Acts of Parliament: www.opsi.gov.uk/acts.htm
Website for The Information Commissioner: www.ico.gov.uk
New Media Knowledge, a publicly funded business and management
resource for companies and individuals working in new digital
media: www.nmk.co.uk
Back |
