The prominence of several recent high-profile ‘data disasters’ within the online businesses forum demonstrates the importance of complying with the substantial legal requirements set out in EU and UK Legislation. In this article, we discuss some of the substantial requirements of the main regulations governing e-commerce, the Electronic Commerce Regulations 2002 and the steps a business should take to avoid claims from consumers.
Businesses engaged in e-commerce, or offering an ‘information society service’, have been subject to relatively stringent regulation for some time, primarily the EU’s Electronic Commerce Directive 2000, implemented in the UK by the Electronic Commerce Regulations 2002, known informally as the e-commerce regulations (“the Regulations”).
As online businesses receive greater attention, it is essential that they maintain compliance with current e-commerce laws and are aware of new legal developments.
The explosion of the digital economy has seen several recent high-profile organisations criticised for mistreating customers, misusing personal information and invading the privacy of their users.
In August 2014, the Ministry of Justice was fined £180,000 for a data protection breach by the Information Commissioner's Office, in which the loss of an unencrypted back-up hard drive at a prison in Wiltshire led to the loss of sensitive and confidential information about 2,935 prisoners, including details of links to organised crime, health information, history of drug misuse and material about victims and visitors.
Facebook was widely condemned for the conduct of secret psychological tests on nearly 700,000 users without their consent in 2012, as reported in The Guardian.
These high profile examples are indicative of a trend towards a greater scrutiny of businesses and organisations that interact with customers and users over the internet. That is likely to include anyone operating a commercial website at this juncture, but it is inevitable that those businesses based predominantly online such as e-commerce businesses are most at risk of regulatory indiscretions and e-commerce claims.
The minimum requirements for any organisation with an online presence are that the following information must be readily and easily accessible:
The name of the operator/service provider including details of the trading name if different from the individual or company name;
E-commerce businesses should also make sure that they have compliant online ordering processes, whether they are selling to consumers or other businesses. Those selling to consumers must also comply with the Distance Selling Regulations (as of 13 June 2014, the Distance Selling Regulations no longer apply in UK law. The Consumer Contracts Regulations - which implement the Consumer Rights Directive in UK law - now apply to all purchases made at a distance)
UK legislation has always required that contracts entered into online must to be properly constituted. However, the introduction of the e-commerce regulations created additional requirements regarding the information provided during the course of an online transaction. This information must be clear, unambiguous and comprehensible in setting out:
Due to the proliferation of spam emails and text messages, digital marketing is tightly controlled in the e-commerce regulations, and other legislation, such as the Privacy and Electronic Communications (EC Directive) Regulations 2003.
Broadly speaking, businesses sending out emails or text messages must clearly identify that the communication is a commercial one, who has sent it and the purpose of the communication. Any conditions related to the communication must also be accessible and comprehensible.
The law in this area is substantial and complex but basic compliance can be successfully managed by setting up effective policies and procedures and by implementing and enforcing them properly. The Regulations facilitate consumer access to company information and require that such information is clear and unambiguous. Other conditions are likely to apply depending on the circumstances, such as whether the supplier is selling internationally.
For specialist advice on e-commerce claims or the e-commerce regulations, contact Charlie Goldblatt on 020 7353 1770.
For business legal advice and more information on commercial disputes and confidential information, contact us online or call us on 020 7353 1770.