How to make your online store legally watertight

The legal basics of eCommerce differ from those of stationary commerce. In addition, there are various legal aspects that only apply to online stores.

These include legal regulations such as:

• the GDPR
• the not-yet active ePrivacy regulations
• and online cookie regulations

All three regulations follow the same goal: to protect user and customer data and ensure that the process by which companies collect data is transparent. Therefore, web store owners need to inform their customers of how they store personal data in case of a purchase and cookies when they access the store website. If you fail to provide the necessary information, you could risk high fines. So if you’ve yet to install a solution that informs customers about how you track cookies, you’re better off not tracking any user activities just yet.

The obligation to provide information about how user data is handled is not the only stumbling block on the way to a legally secure online store. The following points also play an important role in meeting the legal requirements for an online store:

• Tools for error detection and correction: Provide your customers with tools that alert them to input errors in the course of their order so they can be corrected before they are submitted.
• Copyright notice: Your online store is a commercial web project. If you plan to use content such as images and photos, for which you don’t own the copyright, their use must be contractually agreed. You can find out more about online image rights in our article on the topic.
• Confirm receipt of order on a "permanent data carrier": You are obliged to confirm contract terms associated with any purchase made in your store on a "permanent data carrier", such as email or a paper printout that is added to the shipment.
• Label the order button correctly: The button that customers use to place an order must be clearly labeled as such. Labels such as “Pay now” or “Buy” are recommended, while “order” or “register” are inadequate or even misleading and therefore not legally compliant.
• Observe geo-blocking prohibitions: You can set the delivery areas for orders through your store individually, but your offer can’t exclude users whose place of residence falls outside of your delivery area. You can find more detailed information in our article on geo-blocking prohibition.

In times of the coronavirus pandemic, a legally compliant online store is now more important than ever. After all, eCommerce businesses have profited from strict regulations imposed on public life which has affected stationary stores more than most other businesses.

There is no doubt that both large sales platforms such as Amazon and eBay as well as many web stores have benefited from the crisis in recent months. Stores that primarily sell clothing and luxury goods (cars, watches, etc.) on the other hand, have suffered a drop in sales, especially during the spring 2020. The same applies - not surprisingly - to the tourism and entertainment industries. It’s a problem that has quickly threatened the existence of many operators of smaller online stores.

Additionally, eCommerce logistics have been hampered by the coronavirus crisis. In some instances, production and delivery chains could not be maintained which has led to customer complaints over long waits for ordered goods. For stores that rely on drop shipping, i.e. those whicch don’t have their own warehouses, this spells disaster.

It’s never been more important to watch our for legal aspects of online store creation and maintenance. eCommerce plays a central role in our daily lives and it hasn’t even reached its full potential just yet. The following check list summarizes the most important duties and building blocks to create a legally compliant online store.

A disclaimer is a legal notice covering the basic issues that could arise when operating a website. Many websites can use a simple disclaimer, although other business may find they need something more specialized depending on what products or services they offer. In 2004, the FTC (Federal Trade Commission) started to crack down on web businesses that didn’t have the necessarily legal information on their websites. Some were shut down and their operators faced with huge fines.

A privacy policy tells website visitors what type of personal information you are collecting from them and how you plan to use it. It is therefore a legal requirement and is usually found on the T&C page. It is also advisable to specify if you don’t intend to collect any information (such as e-mail addresses and names) so visitors feel at ease and may be more likely to stay on your site. If you have a contact form on your website (e.g. for customers to subscribe to your newsletter), you should let visitors know how any information they enter will be used.

The aforementioned GDPR and online cookie regulations should be considered here.

While you must notify your customers that you’re using cookies, you can employ tracking solutions without their explicit consent. It’s recommended that you install a solution that notifies your customers and allows them to give consent of cookie tracking. These notices must reach your customers before their data are being transmitted. Typically, this process is presented in the form of a pop-up which informs about how you store data and allows customers to accept or deny the use of cookies. 

Depending on know-how and abilities, you can program the cookie pop-up yourself or use a cookie consent tool. For Content Management Systems, there are various plug-ins available to include cookie notices to make sure your web store complies.

To create a legally secure online store, your product descriptions must be complete and not give a false impression of products. Check that all necessary information are included and that relevant pieces of information are accurate. Typical, illegal information include, for example, the following product details:

• Product type
• Ingredients/components
• Date of manufacture
• Availability
• Fitness for purpose
• Possible uses
• Quantity
• Origin

This kind of policy is required so that customers know when to expect their products and how they will be delivered. It’s important that customers know the expected delivery periods and costs otherwise they may look elsewhere if they can’t find the information. Including a discount or promotion can encourage customers to buy more, for example, 'free shipping on orders over $100'.

Refunds are a normal part of online business and customers will want to return or exchange their goods from time to time. They are more likely to make a purchase if they know they can send the product back if it’s not to their satisfaction. Different states have different rules concerning returns so be sure to check which one applies to you. For example, in Florida, you must make it clear if you don’t offer refunds otherwise customers may return goods for a full refund within 20 days of purchasing. In California, customers have 30 days to return what they don’t want.

A good idea is to include the refunds policy with the terms and conditions so that buyers know their rights and what to expect. You could embed a check box onto your site so that users have to agree to the terms and conditions so you know they have read them and this protects you too should any problems arise.

It’s important for online business owners to offer a range of payment methods so that every visitor is catered for. You could lose a potential customer if they don’t see their preferred method being offered. You must ensure that you provide at least one payment method that doesn’t incur additional charges.

You must let your customers know if there are charges for using credit cards or other payment methods. This should be explained as part of the order process and in detail on a sub-page that provides more information about the payment options.

As mentioned, the order button must be explicitly labeled as such to ensure your online store is legally sound. In the past, there have been cases of dubious and fraudulent methods to lure victims into subscriptions. In these cases, customers would enter subscription contracts without their knowledge.

Customers should be able to see that by clicking on a button they are entering a sales contract. Therefore, the button should state the obvious such as

• ”Buy now“
• “Order now”
• “Commit to pay”
• “Commit to purchase”

You should refrain from using dubious wordings such as “Finish shopping” or “Register” or even “Next”.

If there’s no additional information, a customer can expect that products are available immediately. In most cases, immediately is defined as within five days. A shipping policy is required so that customers know when to expect their products and how they will be delivered. It’s important that customers know the expected delivery periods and costs, otherwise they may look elsewhere if they can’t find the right information. Including a discount or promotion can encourage customers to buy more, for example, 'free shipping on orders over $100'.

All product and service costs listed on your website must be accurate and complete. Product prices should list the cost including and excluding sales taxes. Shipping costs must be stated and be easy to find. You should not add notes such as “shipping costs on request” as this can be confusing and lead to frustration among customers.

Newsletter marketing is a favored and cost-effective marketing strategy to reach existing and potential new customers. Newsletter registrations are often included on a website as part of an online form. The CAN-SPAM Act allows direct marketing messages to be sent to recipients without their permission, although this isn’t the case in some areas (i.e. Europe and Canada) where it’s forbidden to send e-mails and newsletters unless the recipient has specifically asked for them. So even though in the US, you can send commercial e-mails in the hope of winning over potential customers, you must have an opt-out or unsubscribe button so your customers can let you know they don’t want your information. Coming across as spammy can damage a company’s reputation so to play it extra safe, you should make use of the double opt-in process. The customer signs up to the newsletter, then receives an e-mail with a link that they have to click in order to activate future newsletters

As a store owner, it’s your responsibility to provide your customers with relevant content in a professional and transparent way. Besides this valuable content, it is also important that pages are clearly marked and always available. The topic of data protection is not only relevant for legal reasons, but is also very important for online businesses from a marketing perspective.

Please note the legal disclaimer relating to this article.