laws and regulations for internet businesses

There are a raft of laws and regulations that you need to be aware of when using the web or email in business. This checklist highlights the main ones.

E-commerce Regulations

Businesses that advertise or sell online to consumers or other businesses must comply with the Electronic Commerce (EC Directive) Regulations 2002. This means that you must make certain information available before an order is placed, such as how the customer can identify and correct any errors with their order. You also need to provide certain information on your website, including your business name, geographic address, email, VAT registration number and details of any professional body memberships.

Distance Selling Regulations

If you sell goods or services to consumers online, the Consumer Protection (Distance Selling) Regulations 2000 may apply to your business. Before making a purchase, the consumer must be given certain information, including the supplier’s name, if payment is required in advance and an accurate description of the goods and services. After making the order, the consumer must receive written information of the order details, be informed that they have a ‘cooling off period’ of seven working days (for most goods), how to cancel, and the returns policy.

Enterprise Act

The Enterprise Act enables the Office of Fair Trading to apply to the courts for “stop now enforcement orders” if consumer protection laws are being infringed. Courts can issue enforcement orders which could involve fines or a prison sentence.

Advertising Standards Authority Regulations

The Advertising Standards Authority (ASA) deals with complaints about online ads covering pre-paid space, content in commercial emails and unsolicited commercial emails (spam). The basic rule is that adverts must be ‘legal, decent, honest and truthful’.

Data Protection

If you collect or handle personal data using email or the internet then you must comply with the Data Protection Act 1998. Unless you are exempt, you will need to register as a data controller with the Information Commissioner. You are required to state what you will do with the data (and stick to it), and you must ensure that the data is secure, up-to-date and not excessive. You must also reveal it and delete it if requested by the individual.

Privacy Directive

There are two key requirements of the Privacy and Electronic Communications Directive. Firstly, you cannot send marketing emails to consumers, sole traders or unincorporated partnerships without their prior consent – unless their email address was collected in the course of a previous sale or sale negotiation. This means that you must use opt-in consent rules for email marketing. Secondly, you must provide clear and comprehensive information on websites which use devices to collect data, such as cookies, as well as an opportunity to refuse cookies and similar internet tracking devices.

Copyright & Intellectual Property laws

Material on the internet is protected by copyright and other intellectual property laws. You need to be aware of how to protect your copyright online, as well as ensure that you don’t infringe others’ copyright. You should include a copyright notice on your website, as well as stating what trade marks you are using. You must not use someone else’s trade marks, images or text without their prior permission. Even linking to other websites without permission can be a breach of copyright, especially if their content appears within the frame of your website.

Website accessibility laws

Under the Disability Discrimination Act, it has been a legal requirement for websites to be accessible to disabled people since 1999. This means making “reasonable adjustments” to ensure that disabled people can access your online information and services. If you do not, and can’t justify why you haven’t made these adjustments, a claim can be made against you and you could be liable to pay compensation.

RIP Act

Under the Regulation of Investigatory Powers Act, you may read an employee’s email without their consent for specific business purposes. These include recording transactions and other important business communications, making sure employees comply both with the law and your internal policies, and checking emails when employees are on leave. If you wish to monitor communications for other purposes, then you must get permission to do so.