Ecommerce Legals and Law

Ecommerce transactions should be legally straightforward. You get money up front for the sale, in return for delivery of a product as described within the timeframe specified.

Generate Ecommerce Legal Documents GENERATE NOW

Generate your Website’s Legal Terms

Outline the terms of delivery, shipping, refunds and payments, exclusions of liability and terms of use for your website.

  • Ecommerce Shipping and Delivery Policy
  • Ecommerce Refunds Policy
  • Protecting Your Interests
Generate Ecommerce Legal Documents GENERATE NOW

Ecommerce Legals and Law

Last Updated
June 8, 2021

Affiliate commissions partially fund our unbiased reviews, at no extra cost to readers. Learn more

Ecommerce Legals and Law

Ecommerce transactions should be legally straightforward. You get money up front for the sale, in return for delivery of a product as described within the timeframe specified. A standard set of terms and conditions should cover the vast majority of transactions.

You may also be interested in:

Your terms and conditions should outline that buyers are entering into a contract to when they purchase goods from your website. Outline the terms of delivery, shipping, refunds and payments, exclusions of liability and terms of use for your website. Finally, specify the choice of law and jurisdiction of wherever you’re based – this will shift the case to your own legal system, so you don’t find yourself negotiating some unknown foreign law interpreting your terms in the event of legal issues.

While most transactions will be fine, a not insignificant percentage of transactions will be fraudulent. Fraud occurs when a buyer uses false details or someone else’s payment information to make a purchase. By the time they are found out, they’ve already disappeared with your product, and you could be left footing the bill. Some fraudsters also order products, say they never arrived and demand a refund, or chargeback their credit cards once the receive the products they’ve bought.

This can be extremely damaging for your business, especially given the often slim operating margins. You can protect yourself from fraud to a certain extent, but you probably won’t be able to avoid being targeted if you reach any scale. Your best option is to keep a record of all transactions and refund behaviour and attempt to identify patterns that might give you a case against a particular customer. While expensive and uncertain legal routes are available, most ecommerce operators just take the hit and move on.

Choosing a reliable payment processor can help weed out the fringes of fraudulent activity, but you also need to remain vigilant and monitor what’s going on in your business if you want to stay one step ahead.

Ecommerce Shipping and Delivery Policy

A clear, defined delivery policy is a must-have, so that customers know when to expect their products and how their packages will be delivered. You will need to specify the expected delivery timeframes and costs, as well as detailed terms on any shipping promotions. A number of merchants use shipping discounts and promotions to encourage a higher average spend – for example, free shipping on orders over £200. Policies like this can help squeeze extra revenue into the bargain.

By making your shipping information clear on your product pages, and within your terms and conditions, you can prevent any problems from arising with disgruntled customers. This means customers are more likely to understand the shipping terms you offer, with the security of their agreement to your terms in the event of disputes.

Ecommerce Refunds Policy

Refunds are an important part of building trust with customers, and you will hamper conversions if you don’t recognise that refunds will sometimes be required. It is wise to be liberal in your refunds policy, and you must refund cancelled purchases within the statutory ‘cooling off’ period – 14 days. You can ask the customer to pay the cost of returns, and you are entitled to expect goods to be returned to you in a merchantable condition.

Accepting that refunds are a natural part of the business, and responding promptly in handling refund requests will help assure customers that you care, while ensuring you don’t end up shy of consumer selling regulation.

Include your refunds policy prominently on your website, and certainly within your terms and conditions so that buyers can see what they are getting into. By getting the customer to read agree to these terms and conditions before their purchase, you can be sure they understand and accept the terms of refunds beyond their statutory rights.

You can keep refunds low by using better photos on your product pages, improving the accuracy of your descriptions, and making sure your products are well packages and promptly despatched. Try to make it easy for your customers to keep your product, by limiting the potential reasons they could request a refund.

Ultimately, refunds can hit your bottom line, and this can become a problem as you try to scale your shop if you don’t keep a grip on the reasons your customers are refunding. Track refund activity and the reasons for refund requests, so you can work on getting the percentage down.

Protecting Your Interests

Terms and conditions are essential for protecting your business, and possibly your personal, interests when selling online. In an ideal world, you would never encounter disputes or difficulties in ecommerce. In the real world, it’s an absolute guarantee with scale. By taking care over drafting your terms and conditions, and consulting a lawyer where the budget allows, you can clearly set out the terms of business, and secure agreement from your customers at the point the contract of sale is created.

Standard Ecommerce Terms and Conditions

There are a number of clauses that can be found in most terms and conditions, either by virtue of legal necessity or to protect the merchant in the selling process. The following is a non-exhaustive list of some of the things you might want to include within your ecommerce terms and conditions:

  • Information Commensurate with latest Consumer Contract Regulations: The latest Consumer Contract Regulations stipulate information that must be made clear to consumers purchasing online via your terms and conditions. These include your contact details, including clarification of your business identity, the products you sell, and how you can be contacted by your customers. This is not optional, so it pays to do your homework on what must be included when drafting up your terms and conditions.
  • Liability Limitations: Limited liability is a standard practice across most contracts, in a bid to limit any future claims that may arise from the transaction. There are some claims to liability you can’t contract away from – such as those causing death or personal injury – but broad exclusions of other types of damages can be effective in reducing your future obligations (and keeping legal costs to an absolute minimum).
  • What Happens And Who Pays For Returns?: Returns are a fact of life in ecommerce, and it’s useful to be upfront about how your returns process works, and who bares the costs of return shipping. Specify this within your terms and conditions, even if you have an external refunds policy in place.
  • Jurisdiction/Choice of Law: Under which laws will the contract of sale be interpreted? This matters particularly in ecommerce, where you may end up resorting to the lottery of legal systems when selling across the EU, or indeed the world, if you don’t seize the initiative.
  • Delivery Terms: It’s also useful to take into account your delivery terms, or to directly reference your shipping policy if you have one in place. When your customers accept these terms, you can solve so many support issues or refund requests, simply by referring to the terms and processes laid down in your delivery terms. Provided they are fair and reasonable, as you must be at all times in drafting terms relating to consumers, you will likely cover your back for more situations.

Terms and conditions generators and templates are available, which model on some of the most common terms used in ecommerce contracts. Alternatively, for maximum protection, speak to a lawyer.

Ecommerce Data Protection 

Data protection is an area of the law all website owners should be mindful of. If you intend to collect personal information about your website visitors, you will need to be registered under the Data Protection Act, and to handle your data in compliance with the law at all times.

You are not allowed to migrate information collected from your customers or website visitors outside of the EU, and you can only hold information relevant to the needs of your business. If a customer asks for their information to be removed from your records, or to be revealed to them, you are required by law to do so.

Failure to adhere to Data Protection laws can land you in hot water, with fines likely if you get taken to task. Be mindful of your responsibilities – it is helpful to keep up to date with legal goings-on relevant to the ecommerce sector, if you’re not engaging the services of a lawyer to manage this on your behalf. As with all matters legal and accounting, it’s best either way over time if you move to outsource.

When starting a small business ecommerce site, retail is one type business that many people lean toward.  While it may seem that the requirements for conducting retail business online are easier than those for a brick-and-mortar store, it’s important to know you still have rules, regulations and standards to comply with.

In the United States, the Federal Trade Commission (FTC) is the primary agency that regulates ecommerce activities. This includes regulations for a number of ecommerce activities such as commercial email, online advertising and consumer privacy.  Another organization that ecommerce site owners should become familiar with is the PCI (Payment Card Industry) Security Standards Council. This organization provides security standards and regulations for handling and storing your customer’s financial data.

Some of the important regulations you will need to learn about before starting your online retail business include protecting consumer privacy, handling customer data, collecting taxes and complying with online advertising regulations.  In this ecommerce regulations guide we discuss these four issues and provide details that every ecommerce site owner should know to comply with federal laws in the U.S.

Protecting Your Customer’s Privacy Online

Online privacy is a big issue as many ecommerce sites collect and retain personal information about customers. Some of the personal data you will likely obtain would include a customer’s name, address, email address, and possibly their credit card and other types of financial information. As the ecommerce site owner it is your responsibility to ensure this personally identifiable information is protected, and that when you collect such data you comply with federal and state privacy laws.

Ecommerce site owners should provide a privacy policy and post it on the ecommerce website. This policy should clearly identify what kinds of personal information you will collect from users visiting your website, who you will share the information you collect with, and how you will use and store that information.

Most small business ecommerce site owners approach a privacy policy like any business requirement.  You could have a lawyer draft a privacy policy document for your business, or secure a trusted service provider to manage and host your privacy policy. Once you have privacy policy in place, be sure to remain in compliance with it — if not your business can face costly legal fees. For more tips on creating a privacy policy, see Ecommerce Content: Writing a Good Privacy Policy.

 Online Advertising Compliance

Ecommerce site owners must know about the applicable laws for online advertising. Like traditional advertising for brick-and-mortar stores, online retailers must also comply with regulations when advertising online. The FTC regulations for advertising are designed to protect consumers and to prevent deceptive and unfair acts or practices.

One of the main forms of online advertising for a small business ecommerce owner is email. For this reason, ecommerce business owners need to become familiar with federal advertising laws to ensure the content of any emails is compliant, but also be familiar with the CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act) of 2003. This act establishes requirements that any business that engages in email marketing must follow.

Under the CAN-SPAM Act, hefty penalties can be levied against email marketers who violate the law — each email sent that violates the act is subject to penalties of up to $16,000. Additionally, any commercial email message you send must include notice that the message is an advertisement, and it must also include opt-out information and your business postal address. To comply with this law you must also honor opt-out requests promptly. The FTC website defines the laws you need to know about email marketing.

How to Collect Taxes Online

When you shop at a store you pay tax on the purchase, and the Internet does not change this — but there are differences.

Have you ever noticed that some ecommerce websites charge you tax when you make an online purchase, while others don’t? The reason is because if a business has a physical presence in a state (e.g. a store or office), then it is required by law to collect state and local sales tax from customers.  However, if the business doesn’t have a “physical presence,” then collecting tax on purchases is not required.

This dates back to a 1992 Supreme Court ruling that said states cannot require mail-order businesses, and by extension, online retailers to collect sales tax unless they have a physical presence in the state.

For ecommerce site owners, the one thing you will have to research is how your state classifies a physical presence. In legal terms, this is called a “nexus,” and each state defines nexus differently.

Navigating sales tax laws can be difficult. To ensure you are in compliance with tax laws, it’s always best to contact your state’s revenue agency to ensure you have the correct information on taxation before starting your ecommerce venture.

How to Handle Customer Financial Data

PCI compliance is a term familiar to many people researching ecommerce regulations. As an ecommerce site owner, one of the standards you will need to know about is the PCI DSS standard, which is short for Payment Card Industry (PCI) Data Security Standard (DSS). All organizations, including online retailers, must follow this standard when storing, processing and transmitting credit card data.

The PCI Security Standards Council is the organization — founded by a number of financial institutions including JCB International, MasterCard and Visa — that is responsible for the development and implementation of security standards for account data protection. Through its PCI Security Standards, the organization seeks to enhance payment account data security.

There are a number of security initiatives in this standard, such as using a firewall between a wireless network and the cardholder data environment, making use the latest security and authentication, and using a network intrusion detection system.  The PCI DSS standard, as of September 2009 (DSS v 1.2), includes the following 12 requirements for best security practices:

To achieve PCI compliance, an online retailer must meet all PCI DSS requirements. The PCI DSS standard is broken down into six milestones with a number of requirements to be fulfilled at each stage. The PCI Security Standards Council website offers this PDF, which is designed to help merchants to better understand the requirements. It is probably the best resource online to begin to understand what compliance entails.

There’s no question that meeting PCI compliance is a challenge for small business ecommerce site owners — and being certified as PCI-compliant is a time-consuming process.  One way that a small business can meet standards is to outsource PCI to a third party that has the experience and payment system to ensure your business meets PCI regulations.

Resources/Further Reading