If you would like to learn more about upcoming regulations, you may want to visit our digital regulatory center.
This checklist is designed to make you aware of some of the most important aspects to consider when running an e-commerce site for UK consumers.
Important company information
Your online business is legally required to disclose details such as its registered name, business address, company number, country of registration and VAT number. It is also good industry practice to provide details of any regulators that have jurisdiction over your business (such as the Financial Conduct Authority). Additional information may be required depending on the nature and structure of your business. The information can be included as text or hyperlinks in the landing page footer so that it is visible to visitors anywhere on the website.
Data protection
If you operate an e-commerce site, you collect and process personal data of individual customers and must create and publish a privacy policy. The policy should set out what data is processed, why, the legal basis for the processing, who has access to the data and how long it is stored. It should also list the rights of the data subject – for example, the right to withdraw previously given consent and to lodge a complaint with the ICO.
If your website is likely to be accessed by children, you must comply with the ICO’s Children’s Code. More information can be found here.
Although a notice generally appears on a company’s website, this does not mean that it should be limited to processing related to the use of the website. In a privacy notice, you should explain all the processing operations that the company carries out. The notice should therefore also cover other processing operations, such as processing related to visitors to physical stores (e.g. use of video surveillance), processing related to suppliers and any processing related to online advertising and ancillary activities such as competitions and promotions.
Direct marketing
If you plan to send electronic marketing messages to your retail customers (e.g. via email or SMS), you should consider whether and how you need to obtain their consent to such marketing messages. In most cases, you will need to obtain the customer’s consent, but depending on the circumstances, it may also be possible to rely on what is known as soft opt-in. This is essentially when a person has recently bought something from you, given you their details and has not opted out of receiving marketing messages. This means that the person is likely to be happy to receive marketing messages from you about similar products or services, even if they have not explicitly consented. However, you must have given the person a clear opportunity to opt out – both when you first collected their details and in each message you send.
This portal uses cookies to optimize browser functionality. Find out how we use cookies and how you can change your settings.
Cookies can help you collect important data points to tailor the customer experience and increase revenue. However, to collect data for purposes other than those essential to providing the online service, you need the visitor’s consent. For this consent to be valid, it must be freely given, specific and informed (cue annoying cookie pop-up banners). It must also be “given” by the visitor through a clear, affirmative action. The ICO has now advised that the grace period for cookie compliance has expired (read our article on this here). Businesses should make it as easy to refuse all non-essential cookies as it is to accept them, which generally means including a “reject all” option in the consent banner.
accessibility
Under the Equality Act 2010, online businesses that sell directly to the public have a duty to make reasonable adjustments to ensure that their websites cater for all users, including those with additional accessibility needs. Businesses should discuss with their website design teams the measures that may be needed to make the terms and conditions easier for visually impaired people to read. This could be done by providing text or audio descriptions of any graphics or animations, or by providing a text-only or non-Flash multimedia version. It is important to consider how a website will work with accessibility tools such as screen readers used by visually impaired people.
Statement on modern slavery
If your business has an annual turnover of £36 million, operates in the UK and provides goods or services, it should publish a statement setting out the steps it has taken over the past year to manage the risks of modern slavery in its supply chains. Find out if this applies to you in Gov.uk’s guidance here.
Sales to consumers
UK consumer protection laws protect consumers very well and there are a number of laws and regulations that online businesses must be aware of and comply with when selling to consumers. The rules that apply will depend on what you are selling (e.g. goods, services or digital content) but broadly speaking, merchants must give consumers certain key information about the contract at certain points in the sales process and provide certain cancellation (or termination) rights. The consequences of getting things wrong can be very serious – if certain information is not given at the right time, the right to cancel can be extended by up to a year or mean that the consumer is not bound by the contract. The online sales process and applicable terms of sale must be carefully designed to meet the requirements of consumer protection laws.
In addition, the new Digital Markets, Competition and Consumer Act 2024 contains a whole series of new rules for subscription contracts that are the focus of regulators. The new subscription rules are expected to come into force in spring 2026.
For more detailed information on these topics, see our article.
Defective products
Consumers have certain rights in relation to faulty or misdescribed products and services. UK consumer law imply certain terms in consumer contracts, such as that goods will be of satisfactory quality and fit for purpose and that services will be carried out with reasonable care and skill. It is not possible to exclude these rights and where goods and services do not meet these quality standards the consumer may be entitled to a refund, a repair or replacement, or a discount.
When a consumer makes a complaint, you must attempt to resolve the complaint through your complaint handling process. If you have exhausted your complaint handling process and have not been able to resolve the complaint, you must provide the consumer with certain written information about the availability of alternative dispute resolution, where disputes can be resolved without resorting to court. Some businesses that are regulated or bound by the rules of a trade organization are required to participate in alternative dispute resolution, in which case the information about alternative dispute resolution must also be included in the online terms and conditions.
Reviews
If your website allows customers to leave reviews, you should consider what steps you should take to ensure those reviews are genuine. The new Digital Markets, Competition and Consumer Act 2024 imposes specific obligations on merchants to prevent the publication of fake reviews. When the relevant provisions of the Act come into force (expected in late 2024 or early 2025), merchants who publish reviews on their websites will likely be subject to even greater regulatory scrutiny.
User-generated content
If you operate a website or platform that allows users to access content created, uploaded or shared by other users, you must consider whether your service constitutes a user-to-user service for the purposes of the Online Safety Act, which requires covered businesses to conduct risk assessments and put in place certain systems and processes to improve the safety of website users. More information on the Online Safety Act can be found here.
There is a lot to consider when running an e-commerce site, but keep in mind that the applicability of the various rules and regulations will vary depending on the size of your business, the functionality of your site, and the product offerings. Please contact us if you have any questions.
