top of page
Search

Legal eCommerce Essentials: Ticking the Boxes for Data Consent and Consumer Law

  • 8 hours ago
  • 7 min read

Landmark Global reports 59 million e-commerce users in the UK and according to the Office for National Statistics, more than a quarter of retail sales are made online. Far from a fad, the future of purchasing will be conducted largely online, and that’s for both goods and services.


Whilst there are many advantages of selling online, it’s important for retailers and suppliers to understand that consumer law differs a little and that there are more privacy laws and regulations to comply with.In this article, we will address some of those common questions online sellers may have when ensuring legal compliance and adherence to best practice.


Information That Must Be Accessible On Your Website


Under the Electronic Commerce Regulations 2002, and other related regulations, your website must display key contact and identifying information. This includes - 


  • Business name - both legal and trading, if different.

  • Geographical address

  • Contact details - email, as well as another quick way to reach you (phone number or quick contact form). 

  • Company registration number, registered office and place of registration for LTDs or LLPs 

  • VAT registration number if registered for VAT. 

  • Details of any professional or trade body memberships, where applicable.


Although sometimes difficult for smaller businesses, it’s important that consumers are able to contact you and access your registration information. This promotes confidence in your service and enables them to reach you should they need to.


Contracts and Policies That Must Be Accessible On Your Website


Unlike a brick and mortar shop, online businesses are required to display certain contracts and policies on their website. These include - 


Terms and Conditions 


Sometimes referred to as ‘Terms of Sale’, this is a standard contract that details the agreement a customer or client makes with you when purchasing your products or services. This should include payment, refund, return and cancellation policies, the rules for which are different for online purchases (more on this later in the article). It may also detail warranties, liability limitations, jurisdiction and dispute resolution clauses.


Whilst including a tick box for users to consent to your terms is not explicitly a legal requirement, to make your contract enforceable, they must be presented clearly and repeatedly, especially for key parts of the transaction where consumers have a right to be made aware of clauses such as refunds or liability limitation.


Although it may be argued that a person’s use of the website and their making transactions implies agreement to the terms, courts are more likely to uphold terms where customers have actively acknowledged them, and this evidence of acceptance can be crucial in the event of a dispute.


Therefore, it is good practice to include a tick-box which customers must mark to confirm they have read and understood your terms and conditions before placing their order.


Privacy Policy 


Selling goods and/or services online requires collecting personal information, and so business owners must ensure they’re compliant with GDPR and the Data Protection Act 2018.


Customers being asked to share personal information with you have a right to know what information is collected, how this information will be used, how it will be protected and how long it will be kept for. Businesses must also only collect information that is necessary. You must also share your key business information so you are contactable.


Privacy policies are often linked to in the website footer but also at key points where information is collected. Although a tick box consent is not required when collecting information for transaction purposes, it may be required if you intend to use their information for marketing purposes, which would include sending promotional emails. In these cases, you should include a tick box consent to give users the option to opt out.


Cookie Consent 


Websites in the UK no longer need consent for every cookie: simple analytics and basic preference cookies can now be used without asking, as long as they only collect anonymous statistics or remember things like language settings. 


Any cookies used for advertising, tracking, or profiling still require clear, opt‑in consent, and websites must continue to explain what cookies they use.  For these you’ll need to display a banner or a pop-up on your website that requires opt-in consent and this should also link to your cookie policy.


You can have a stand-alone cookie policy, or you may opt to include a cookie policy section within your privacy policy. Regardless, this must explain the types of cookies you’re collecting and how they’re used.Cookies can be categorised into necessary, performance, functional, and marketing.


When obtaining consent, specific consent is legally required for cookies collected for marketing purposes. If you are collecting such cookies, this does need to be specified, so it’s wise to offer tick boxes for each category as most users will give consent for cookies that allow them to access the website’s full functions, but not necessarily wish to agree to being tracked for marketing purposes.


Pre-purchase Customer Information


All businesses selling online have a duty to uphold the Consumer Rights Act 2015. Although some requirements for selling to the general public do not apply for business-to-business sales, it is wise to comply regardless, both to protect your business and be seen to be operating transparently and responsibly. 


The Consumer Rights Act demands that you ensure goods are fit for purpose, are of satisfactory quality and are described accurately. You must also be clear on costs, including taxes, delivery costs, and any recurring charges (including subscriptions).


Note that inclusion of pre-ticked boxes for any add-ons, upgrades or subscriptions are prohibited under the Consumer Contracts Regulations. Prior to ordering, consumers should also be informed of delivery details, including costs and timeframes.


Lastly, refund rights, cancellation rights and cooling off periods must be accessible and adhere to the Consumer Rights Act. Since these can differ from physical store consumer rights though, we’ll go into a little more detail on some of these - 


Cancellation Rights and Cooling-Off Periods Online 


When selling goods or services to consumers online, businesses are generally required to provide a statutory cancellation period, subject to certain exceptions.


In most cases, consumers are entitled to a minimum 14-day cancellation window. For goods, this period typically begins the day after the customer receives the item. For services, it usually runs from the date the contract is entered into. However, the right to cancel may be lost where:


  • A service has been fully performed (provided the consumer agreed in advance to performance beginning during the cancellation period and acknowledged that the right would be lost once fully performed).

  • Digital content has been supplied immediately (for example, downloadable courses or software) with the consumer’s prior consent and acknowledgement that cancellation rights would end once delivery begins.

  • Goods are made to the consumer’s specifications or are clearly personalised.

  • The contract falls within one of the specific statutory exemptions (which include certain leisure, accommodation, transport, and catering services provided for specific dates).


The purpose of these exceptions is to prevent unfair outcomes, such as consumers fully accessing digital materials or commissioning bespoke goods and then cancelling without consequence.


Where the cancellation right does apply, consumers may withdraw from the contract within 14 days without giving any reason. The goods do not need to be faulty or misdescribed; a simple change of mind is sufficient. This statutory right exists in addition to (and separate from) rights relating to defective goods.


That said, if a consumer handles goods beyond what is necessary to inspect them (as they might in a shop), a business may make a deduction from the refund to reflect any diminished value. Similarly, once a service has been fully delivered in compliance with the Regulations, the cancellation right no longer applies.


Importantly, these statutory cooling-off rules apply to traders acting in the course of business. They do not apply to private individuals making occasional sales outside of a business context.


For example, private individuals selling casually on platforms like Vinted or Facebook Marketplace.Learn more about consumer rights through our guide to What Businesses Need To Know About Consumer Rights.


Handling Online Payments 


All eCommerce sites handling card payments must comply with PCI DSS (Payment Card Industry Data Security) Standards. This applies no matter how many transactions are processed and even if using third-party processors like PayPal or Stripe. The purpose of compliance is to ensure the protection of information for the cardholder. To learn more about PCI DSS Standards, please refer to the PCI Security Standards Council.


Post-Purchase Requirements for eCommerce and Online Businesses


Under the Consumer Contracts Regulations 2013, businesses must provide certain information in writing following transactions on their site. They should be sending order confirmations that contain key contract terms, as well as how to raise complaints.


If the content is digital, retailers should remind customers of their consent to begin the download within the 14-day cancellation period and that they lose their right to cancel once the content has been downloaded.


Due to the requirement to provide this information in a swift manner, most businesses will opt to automate this crucial communication.


Quick Compliance Checklist


All eCommerce websites must comply with various regulations and this can be confusing. However, these are the key actions all online retailers should take to stay compliant - 

 

✓ Contact details and company information displayed

✓ Terms & Conditions accessible and accepted at checkout

✓ Privacy Policy and Cookie Policy in place

✓ Clear pricing including all fees

✓ 14-day cancellation rights explained (with exceptions)

✓ Order confirmation process set up


Ensure all the above is in place and you’ll be operating in a way that protects both your business and your customers.


Legal Support For eCommerce and Online Businesses


As stipulated above, there are a few necessary contracts and policies required when selling online in the UK and these can get even more complex for websites selling abroad.


Although it may be tempting for some smaller businesses to use free templates, it’s essential that contracts and policies are tailored to your business - to the information you are collecting and how you will use it, as well as how you deliver your specific goods and/or services. Therefore, it’s important to ensure any policies you display are accurate and stand up to scrutiny.


Aubergine Legal’s legal package for eCommerce includes - 


  1. Website legal audits / advice on website updates required to ensure legal compliance.

  2. Website terms and conditions.

  3. Privacy Policy and required customer notifications on your site where personal data is collected.

  4. Cookie Policy and Cookie pop-up notice requirements.

  5. Website information requirements.

  6. Sale of online goods / services terms and conditions.

  7. Copyright legends and advice on content protection.

  8. Online Membership - legal advice and required documentation.


Get in touch for more information or to arrange a consultation.

 
 
bottom of page