Web sites: the facts on legal compliance

Your guide to detecting and managing the online risk

Your guide to detecting and managing the online risk

Online sale of branded goods
If you are buying branded goods from outside the European Economic Area for resale via an online shopping service within it and the goods have not already been marketed here, check that the trademark owner has consented expressly to the marketing you propose to carry out. Otherwise, you risk a claim for trademark infringement.

E-commerce terms and conditions
To avoid being contractually bound to fulfil orders for goods or services advertised at incorrect prices, reserve to yourself the right not to fulfil or to cancel orders in the event of obvious inaccuracies in prices

To give yourself the flexibility to refuse orders (for example if you have a limited stock or do not want to be contractually bound to every person who visits your Web site) state in your terms and conditions and/or otherwise clearly on the Web site that:
  • The customer's order constitutes an offer to buy the goods/services in question

  • The purchase contract is concluded at the point at which you send an acceptance/confirmatory e-mail

To ensure that you can enforce your terms and conditions against consumers:
  • Bring the terms and conditions to their attention. A dialogue box containing the terms and conditions which the consumer has to scroll through and click "I accept" is best from a legal perspective

  • Keep electronic copies of concluded contracts. This evidence will be required if disputes arise.

Electronic Commerce (EC Directive) Regulations 2002
Refer to draft Electronic Commerce (EC Directive) Regulations 2002 expected to come into force later this year.

To avoid consumers being able to cancel their online contracts with you ensure that:
  • Your terms and conditions are available in a form that consumers can store and reproduce

  • Acknowledge receipt of orders without undue delay and by electronic means - by sending a confirmatory e-mail

  • Ensure that consumers can identify and correct input errors before placing their orders.

Consumer Protection (Distance Selling) Regulations 2000
Ensure that your terms and conditions and/or pages of your Web site include the following information and that this information is confirmed, together with details of the customer's order, by letter, fax or e-mail, following conclusion of the contract:
  • Your full company name and address

  • A description of the main characteristics of the goods or services

  • The all-in price of the goods or services sold

  • How much it will cost to deliver (or return) the goods

  • How the customer pays for the goods or services and the specific delivery arrangements

  • The customer's right to cancel, how they return the goods and information on after-sales services or guarantees

  • How long the contract will remain valid. You will not be able to enforce the terms of any contract which are inconsistent with these regulations.

Refer to The Brussels Regulation, which came into force on 1 March 2002.
To avoid being sued by consumers who are protected by online contracts operating in their home territory:
  • Make clear on your Web site the countries your business is targeting

  • Use technological means to prevent consumers from unwanted territories placing orders

  • Consider introducing mediation clauses in your terms and conditions to resolve disputes with consumers without recourse to the courts

  • State your preferred choice of jurisdiction in your terms and conditions.

Given the global reach of the Internet, you could be sued for infringement of third-party rights in any jurisdiction in which your Web site can be accessed or has a connection. This risk increases the more interactive your Web site is.

Operating the site
Domain names

Undertake trade mark searches before registering a domain name to avoid conflicts with trade mark owners

If you discover a potential conflict, seek agreement of the trade mark owner to avoid problems, such as actions for passing off

Country code top-level domain names - countries outside the UK may have a local business presence requirement.

Get permission before linking to a third-party site. This can be achieved by an e-mail request or formal linking agreement dealing with reciprocal links and any payments that may have been

When linking to an external site make this clear to avoid accusations of passing off and to distance yourself from unsuitable material on the linked to site. For example, word your link "See the Computer Weekly Web site", rather than "For more information click here"

Consider restricting linking to your site in your terms and conditions

Do a "link search" in a search engine to check which sites have links to your own Web site: search for "link:www.cw360.com"

Only link to the home page of the target site. This overcomes objections to "deep linking" (bypassing the home page where advertising and branding is most likely to appear)

Get permission to use the logos or brands of the target site next to the link, to avoid claims for trade mark or copyright infringement

If you are getting a third-party to develop your Web site for you, ensure the Web site development agreement provides that no links may be added to the site without your consent to avoid the developer getting you into trouble.

Always get permission. Framing by its nature is more likely to be confusing to the consumer and therefore more annoying to the target site.

Hosting of Web site
Consider including the following in your agreement with your service provider:
  • A right of termination that is triggered upon reasonable notice of bad news relating to your service provider such as stories of financial difficulties or layoffs;

  • Provision for assistance with the transition from one host service provider to another.

Ensure that your existing insurance policy covers your Web site activity.

Interacting with site users
Data protection

Check to see if you should file a data protection notification. If you are using your Web site as more than just an advertising tool you will probably need to do so.

Consider producing a data protection policy or manual to ensure internal compliance with data protection legislation

Privacy policies are useful for complying with the Data Protection Act requirement for data to be processed fairly

Consider including in your privacy policy provisions to obtain consent from consumers to the use of their personal data for:
  • Passing data to third parties in the event of sale of the company (as in the sale of the customer database by boo.com liquidators)

  • Transferring data outside the European Economic Area

If you collect data via your Web site, consider encrypting it - the Information Commissioner does not consider unencrypted data to be sufficiently secure

If you are using covert surveillance devices, for example traffic data, Internet Protocol addresses, Web bugs and/or cookies, inform users of this fact, except where these devices are used to aggregate patterns of Web site usage which cannot be linked back to a particular individual

Ensure your privacy policy and notices are clearly positioned on the Web site. Highlight data protection notices at the point of collection of the data

Disclaimers, notices, terms and conditions
Consider displaying on your Web site and bringing to the attention of users the following:
  • Terms and conditions of use of the Web site

  • Privacy policy

  • Copyright notice

  • Disclaimer limiting liability/jurisdiction

  • Frequently asked questions

  • Complaints procedure.

  • Chat rooms, bulletin boards, interactive element
    If your Web site includes a chatroom area, bulletin board or interactive element, consider:
  • Implementing procedures to monitor the activities taking place

  • Including special provisions in your terms and conditions disclaiming exercise of editorial control

  • Implementing procedures to deny access to the Web site to users who breach your terms and conditions and/or have a bad user track record.

  • Advertising
    Distinguish fact from opinion

    Be clear, fair and honest, do not mislead or confuse

    Compare like with like to avoid breaching the comparative advertising regulations

    Do not disparage, denigrate, discredit or take unfair advantage of a competitor's goods and/or services or reputation.

    Ensure that the meta-tags you use for your Web site do not include the brand names and/or trademarks of third parties, otherwise you may face an action for trade mark infringement and/or passing off.

    Web site content

    Check whether there are any local language requirements in the territories you are targeting and consider making available a version of your Web site in the local language. France and Quebec, for example, have local language requirements.

    If engaging a third party to develop your Web site, ensure the development contract includes a clause assigning all copyright in the Web site to you

    If you include in your Web site content (photographs, images, logos, text) which you did not create or in which you do not own the copyright, ensure you have appropriate licences from the copyright owner to use it in the way that you intend to

    Regularly monitor search engines for unauthorised copies of your Web site and any documentation which you may have available for download from your Web site

    Consider using a copyright notice on each page of your Web site to deter the casual plagiarist.

    Consider obtaining trade mark registrations for your company name, logos, products/service names in the countries which you intend to target with the goods/services and in classes relevant to the goods/services you are providing

    Consider routine monitoring for trade mark infringements (make contact with local trading standards officers)

    Consider adopting a trade mark use policy to ensure correct use of your trade marks by employees and third parties

    If you want to obtain a trade mark registration for the trade marks you are using on your Web site, at the time of making the application you must be able to prove to the UK Patent Office either: active promotion of or firm plans to promote your Web site to the UK public. Evidence of targeting UK customers would include whether they can make online purchases and the currencies in which the site trades

    You will not be able to prevent a foreign Web site using marks which are identical or similar to your own if that foreign Web site is found not to be actively encouraging UK users to access the site or is not deliberately targeting UK customers.

    Compiled by Mathilde Heaton, a solicitor in the technology law firm DLA

    Read more on IT risk management