When entering the digital world, there are additional legal requirements that may apply to your business.
Before launching your e-commerce platform you should check if your jurisdiction requires any special licences or permits to sell your products online. This is especially applicable to products that are perishable or need to be preserved at low temperatures, as the authorities want to keep track of the supply chain until the products reach the end consumer, ensuring that controls are not being relaxed through the online platform. Even if the business is fully online, the authorities may want to inspect the depots where products are stored and have an address to which to send any notifications.
Other products like alcoholic beverages or services like gambling platforms may also require additional permits if launched online, as the authorities want to be sure that these products and services are not available to underage consumers and that proper controls are in place.
When selling online, you may also need to know about local rules regarding executing electronic agreements, data protection and consumer protection.
E-documents and e-signatures
If your business is entirely online, you will need to ensure you have a functional system in place for the digital signing of documents and legal recognition of digital signatures.
An e-signature or electronic signature should enable legal consent to or approval of electronic documents. There are several definitions and options for what may constitute an e-signature:
— typing a name into a contract or into an email containing the contract’s terms
— clicking an “I accept” button on a web site
— pasting a signature in the form of an image into an electronic contact
— using a web-based electronic signature platform to generate:
— an electronic representation of a handwritten signature
— a digital signature using public key encryption technology and backed by a digital certificate from a provider (or a trusted third party) verifying the identity of the signatory (for example, signature platforms like DocuSign).
Key considerations for electronic signatures
Businesses should ensure certain requirements have been met to guarantee the validity of their electronic signatures, including:
— Intention: the counterparty must have intended to sign and be bound by the document.
— Evidential: the business must retain evidence that the counterparty entered into the agreement, along with the content of the agreement. All surrounding phone calls, emails and letters could be used in legal proceedings if the signature were ever in question.
— Understanding: ensuring that the counterparty does not enter into the transaction without an understanding of what they are doing. A business must have protective measures for more vulnerable customers.
— Security: consider measures to provide comfort around security and reliability; for example, additional anti-fraud measures.
— Labelling: making it clear to counterparties what kind of a document this is and what its effect will be.
— Formalities: all other formalities specified under law or regulation, or as set out in the agreement, must be satisfied; for example, if it needs to be witnessed.
Discuss with the other party how the relevant documents can be signed, documents exchanged, and what kind of signatures are allowed.
• Electronic signing helps you provide verification and continuity of business operations when physical signing is not possible. You should check the legal requirements where your business is located as it is not always appropriate for a document to be executed solely electronically. You should also be alert to any risk of fraud and ensure secure and reliable identification and authentication methods.
Understand local regulations for e-documents and e-signatures
There may be situations when a document cannot be executed solely electronically. When digitally signing documents, consider any local and legal requirements that may arise.
• Regulatory body requirements: a legal body that requires physically signed documents.
• Cross-border enforcement: acceptance of electronic signatures varies across countries and your document may not be legally binding in some countries if it is only electronically signed.
• Local law formality requirements: some documents (such as loan-related documents) need to be additionally authorised by a notary.
• Signatory restrictions: a contracting party could have restrictions in its constitution regarding the electronic signing of documents.
Bear in mind that, in some cases, certain types of electronic signature may not have the same legal effect as a handwritten signature.
Read more about what affects whether digital signatures are legally valid.
Cross-border recognition of electronic signatures
Electronic signatures have different technological implementations and they are accepted to differing degrees by different jurisdictions. This can cause problems when they need to be valid across borders. Technological incompatibilities or requirements, and differences between local legislations, mean you cannot assume a valid digital signature in one jurisdiction is also valid in another.
If you collect and store your customers’ personal information, you must comply with laws on privacy, personal data and confidential information. These laws prescribe how a business must handle personal information, especially as it relates to direct marketing purposes.
To collect personal data you will need to develop a privacy statement describing:
• the reason for processing the data
• the way you collect, handle and ensure protection of all personal data provided
• how that information is used
• what rights customers have in relation to their personal data.
Although data protection rules vary across jurisdictions, in general they prescribe that personal information should be used only for the explicitly specified purposes, in a way that is appropriate, relevant and limited to only what is necessary. It must be handled securely, including protection against unlawful or unauthorised processing, transfer and access.
There may be stronger legal protection for more sensitive information such as political opinions, ethnicity, race, sexual orientation or health information. This list varies by jurisdiction.
To process personal data from customers, you will need to provide them with certain basic rights prescribed by law. Customers have the right to be informed about how their data is being used and to access, erase and, where their data is inaccurate or incomplete, rectify it. In certain jurisdictions, customers also have certain rights when their personal information is used for automated decision-making processes (without human involvement), for example to predict behaviour or interests.
Your privacy statement should consequently cover at least the following details:
• Why and how do you process personal data?
• Which personal data do you collect and process?
• How long do you keep personal data?
• How do you protect and safeguard personal data?
• Who has access to customers’ personal data and to whom is it disclosed?
• What are customers’ rights and how can they exercise them?
• How do customers contact you regarding their rights?
The law usually establishes penalties for when a business breaches these obligations.
To protect the growing number of consumers who are active online, governments have developed laws and policies designed to help ensure the safety of consumer transactions in e-commerce. Without these legal protections, consumers would be even more vulnerable to scams, fraud and other illicit activities that put their personal finances and privacy at risk.
In general, when selling products or services online you will need to provide basic information about the product or service and your business. Special consideration should be given to delivery arrangements, costs and how long goods will take to arrive or, in the case of services, the minimum length of the contract and billing period.
Customers ordering online, by mail or by telephone usually have the right to cancel their order for a limited time even if the goods are not faulty. This right applies after the order is delivered. Local laws will determine whether you or the customer are liable for shipping in each direction.
You must check local rules concerning refunds. Many jurisdictions require businesses to offer a full refund if an item is faulty, not as described or does not do what it is supposed to. This may still be applicable to products offered at a sale price. Personalised items, custom-made items and perishable items are generally not eligible for refund unless they are faulty.
Where an item is faulty, you might be able to offer a repair or replacement instead of a refund, but the customer can still reject the item after repair or replacement. You must also check local rules on warranties. A customer may have the same right to free repair or replacement regardless of whether they have a warranty or guarantee by contract or not.
The law usually establishes penalties should a business breach these obligations.