By Mason Birbeck

Even for the savviest online business owners, eCommerce law can be a confusing labyrinth of bureaucracy. Some of the laws are new, some of the laws are commonly misinterpreted and there are some eCommerce laws which most online businesses aren’t even aware of. No one is expecting you to be an absolute expert in law, but to be an expert in online business, there are a few things you absolutely should know about eCommerce law.

1. The Internet Is Global, But Law Is National

You might feel like you live and work in an international community thanks to the wonders of the Internet, but the law does not share your lofty ideas of global citizenship. You are bound by the eCommerce laws of the country you are doing business in and these laws can vary.

As a result, you don’t want to learn about eCommerce laws “through the grapevine,” as it were. Instead, go straight to the source. The government website of your particular country should give you a general overview of which eCommerce laws apply to you, as well as more specific information.

2. Most eCommerce Laws Are Very New

In the UK, the two most important eCommerce laws were both written in the last 20 years: the Data Protection Act 1998 and the Electronic Commerce (EC Directive) Regulations 2002. In the EU, the Directive on Consumer Rights came into force as recently as 2014.

The internet is a relatively new place to sell things and so, as a result, the legal ground is still shifting beneath the feet of businesses. With all types of commerce, it’s important to be aware of changes in the law. However, with eCommerce, it’s particularly important because of how frequently the laws can change and how recently the laws have changed.

3. eCommerce Is Not Radically Different from Offline Commerce…

Most eCommerce laws follow the same basic principals of commerce law: false advertising is a no, copyright infringement is a no, and if you can’t sell it in a physical shop in your country, then you can’t sell it online either. It’s important to learn the details, but most of the basics are pretty simple.

4. …But The “Privacy” of a Privacy Policy Is Not Black and White

Privacy policies, however, are the exception to this rule. When you buy something offline, you don’t need to give much (or any) information to the retailer. If you pay by card, your details are only read by a machine. If you pay by cash, nobody can read anything.

Online, however, information is currency. An eCommerce business can’t sell your card information to other people; that much is obvious. However, what about all the other information eCommerce businesses get given, such as your location and internet history? Do eCommerce businesses have legal access to that? Can eCommerce businesses legally use this information?

If it’s mentioned in the privacy policy, then yes they do and yes they can. eCommerce businesses are legally obliged to adhere to their privacy policies but, if their privacy policy is a lax one, they don’t exactly have to adhere to much. In return, customers don’t have to accept an eCommerce businesses privacy policy and, as such, they can go elsewhere.

5. The Customer Is Always Right

So yes, if you got your customers to agree to a privacy policy which included your desire to sell their information to the highest bidder, then you could. However, will any customer who knew what that privacy policy entailed agree to it? Probably not.

Facebook, Google, YouTube, Twitter, Gmail: all of these companies have been criticized for their pretty lax privacy policies — though, despite what you may have heard, Facebook cannot sell your photos. However, it does have access to a lot of your private information and it can and does use your information to direct adverts at you. This isn’t some crazy conspiracy; it’s all outlined in its privacy policy.

Users may complain but, by and large, they accept all this because it means access to a free service. Customers are much less likely to stomach the same thing from an eCommerce business, because when you are paying for something, you can bargain for a better deal.

When a customer feels like their data is being violated, it doesn’t matter if what you’re doing is legal. If customers are rejecting a privacy policy then, clearly, it isn’t private enough. With privacy policies (and eCommerce law in general), there’s no harm in simply copying your competitors.