The web can be a great equaliser for SMEs which, with a professional website, can set out their wares in competition with larger businesses. However, the web is no longer the unregulated anarchic environment it once was. With the drive to give consumers greater confidence to buy online – and protection when they do – comes a raft of legislation and rules with which businesses must comply.
According to the Electronic Commerce (EC Directive) Regulations 2002, all sites offering products and services must include comprehensive details not only of what is available, but also about the provider. This includes company name, VAT number and other relevant identifying data. Clear explanations are also required about the ordering process and how the contract is concluded, as well as offering consumers an opportunity to correct errors in information provided.
The Consumer Protection (Distance Selling) Regulations 2000 consolidate these requirements, underscoring the need for full information to be provided about pricing – including all applicable fees and charges, delivery and return arrangements, and payment. Written confirmation of purchase details must be given to consumers, including notification of the seven-day "cooling off" period, during which they can cancel the order for any reason and claim a refund, subject to certain limited exceptions.
Most businesses are now aware of the strict rules on the use of personal data under the Data Protection Act 1998. Where any personal information, such as names and contact details, is being collected or used, it is essential to adhere to the data protection principles set out in the act. The information commissioner must also be formally notified and subjects kept aware of what data is collected, why and to whom it is disclosed.
Following concerns about the prevalence of spam and unsolicited marketing, the Privacy and Electronic Communications (EC Directive) Regulations 2003 cemented the requirement to give users the opportunity to opt out of receiving such communications in the future. It also introduced a "prior opt-in" requirement for electronic communications – covering e-mail, faxes and SMS – in certain cases. Using cookies on websites is also prohibited, unless users are given clear information about how and why they are being used, as well as details about how to turn them off.
More recently, the Disability Discrimination Act 1995 has been extended to oblige SME web providers to make reasonable adjustments so their services are accessible to disabled users. Guidance is available from standards body the World Wide Web Consortium (W3C). Although compliance levels are currently low, enforcement activity is likely to be stepped up. Consequently, action should be taken now to avoid becoming a test case.
As well as complying with the rules, SMEs must remember to secure desired domain names and all intellectual property in the site. They must also post appropriate online trading terms and conditions to protect the business. To minimise the risk of falling foul of local laws, it is important to be specific in the terms about the territories whose consumers are being targeted and those being excluded. It is also essential not to trip up over existing UK sale of goods, consumer protection and misleading advertising legislation.
Failure to get things right could result in fines or damage to the company’s reputation. Although it may be a tangled web for SMEs, it is one which can be unravelled with the right information, patience and good advice.
Callum Sinclair is a solicitor specialising in IT and intellectual property at corporate law firm Maclay Murray & Spens