Is your website breaking the law?

All business websites are governed by laws set out under both UK and EU law. This post addresses the legal requirements placed on commercial websites that must be met to operate within the law – and the possible consequences of failing to comply.

The growth of business on the web has pushed governments from across the EU to toughen up online consumer protection laws. In particular to improve consumers confidence that the services or goods on offer are being provided by legitimate businesses, and that their rights are protected.

Both the EU and Britain agree that there are two key areas in which consumers requires protection:

  1. The safety of their personal and financial data.
  2. The ability to enforce their legal rights when buying online.

To address these points, the EU introduced Directive 97/7/EC on the protection of consumers in respect of distance contracts (Distance Selling Directive) and Directive 2000/31/EC on certain legal aspects of information society services (E-commerce Directive).

Both of these EU laws were implemented in the UK through the Consumer Protection (Distance Selling) Regulations 2000 (SI 2000/2334) (Distance Selling Regulations) and the Electronic Commerce (EC Directive) Regulations 2002 (SI 2002/2013) (E-commerce Regulations).

In short, all business websites must address the following points to be legally compliant:

  • Registered information: For a UK registered business, the website needs to display the Company Information i.e. the business name, place of registration, registered number, registered office address and if it is a member of a trade association. For sole traders and partnerships, the address of the principle place of business must be displayed.
  • Cookies: Recent legislation changes have meant that websites must require user consent to leave cookies on the visitor’s computer unless the cookie is a necessary requirement for the website to function (e.g. shopping cart cookies). For more information on cookies see our in-depth article  EU Privacy Directive on website Cookies – is your site about to break the law?
  • Privacy Policy: A Privacy policy or data protection notice must be displayed on the website if data is processed and must inform the user what the data is used for and that it is compliant with the Data Protection Act 1988. The Privacy Policy must also explain what cookies will be created and their purpose.
  • Disability Discrimination Act 1995 (now the Equality Act 2010): All website owners must make sure their content is available to all users – for example the visually impaired – failure to comply may be considered ‘unlawful disability discrimination’.
  • Disclaimer: Visitors to a website can use the information published on it to the extent stipulated in the disclaimer. This document should also state that the website owner does not accept any liability that may arise from using or downloading information from the website.
  • Terms & Conditions: Terms, along with a Delivery and Returns Policy are all required as part of the Consumer Protection (Distance Selling) Regulations and Electronic Commerce Regulations (EC Directive). These terms must state:
    • Identity of the supplier and address
    • A description of the service
    • The contract price inclusive of taxes
    • Delivery costs (if applicable)
    • Payment and delivery arrangement
    • Notification of the right of cancellation
    • The cost of the means of communication by which the contract is to be concluded (e.g. premium rate telephone numbers)
    • The period for which the terms are available
    • Minimum duration of the contract, where it is not of one-off performance
  • EU Anti Spam Laws: To conform to EU Anti Spam Laws, ensure that email lists are only of ‘opt-in’ email addresses, and always include an ‘opt-out’ instruction on all marketing emails.

What are the risks of not complying?

If a website fails to comply with some or all of the rules listed above, it could generate two kinds of legal liability: civil liability and criminal liability. Civil liability may lead to injunctions and damages payments; criminal liability could mean a fine and a criminal record, and possibly worse.

In relation to websites, civil liability is more prevalent, although not necessarily less serious. For example, companies need to take care when copying text, images and other material from third parties – failure to do so could lead to a copyright infringement lawsuit. You should also check that your domain name and other branding elements do not infringe another party’s trademark rights.

Another significant risk is libel. Any derogatory comments posted on a website – by the website owner or a third party – could give rise to a defamation claim. Website owners must vigorously monitor their content, including blog comments, to ensure that they are not subjected to libel action.

There is also a substantial volume of additional legislation designed to protect consumers which places special obligations upon website owners, breach of which can result in criminal liability. These include breach of data protection laws, obscenity, racial hatred and the laws of contempt of court.

This article is only a basic guide to the legal requirements placed upon UK website owners. To ensure your website is fully compliant, we recommend that you contact a legal expert.