Starting an eCommerce Business? What are the Legal Considerations?

Together we are Forbes

Commercial Article

21 February, 2022

When establishing an eCommerce business, there are several factors that ought to be taken into consideration, such as business structure, market research and scalability, brand creation, and domain name registration. However, eCommerce businesses also have legal responsibilities just as much as any other business (arguably more so, given the nature of an online transaction) and it is up to the owner to ensure that such responsibilities are complied with and considered from the offset. This is the case whether you are an established retailer or a new start-up, and this article will explain the most salient legal considerations that should be taken into account when trading online. This article is prepared with specific reference to trading in the United Kingdom, however there are overarching themes that will apply on a cross-jurisdiction basis.

Brand Creation

One of the first questions when starting an eCommerce business is: What is my brand, and how will that brand be associated with my target audience? The answer to this question comes with a whole host of other commercial questions (including, for example, who your competitors will be, what makes your brand different and whether your brand has the potential to be scalable). Ultimately, your brand represents the reputation of your business; studies have shown that consumers purchase products from eCommerce platforms that have a strong brand, supported by high-quality products (which is a prerequisite to any successful business).

We often find that eCommerce start-ups skip what is arguably the most important step associated with brand creation and that step is brand due diligence and protection. Whilst you may think that your brand is new and unique, there is the real possibility that somebody has already thought of it previously. This, from an intellectual property perspective, can present significant issues before your eCommerce platform has even gotten off the ground.

The Trade Marks Act 1994 governs registered trade marks in the UK and, under section 10, there are a series of grounds upon which a registered trade mark may be infringed. The main two grounds upon which infringement claims are often based are where a third party trades under (a) an identical trade mark covering identical goods and/or services, or (b) similar or identical trade mark, covering similar or identical goods and/or services, where (direct or indirect) confusion on the part of the average consumer can be demonstrated. It is also possible that your brand may infringe a registered trade mark that has an enhanced reputation in the UK, or take advantage of goodwill and reputation that a third-party otherwise has in its brand under the tort of passing off.

Where registered trade marks and passing off rights are concerned, innocent misuse is not taken into account by Courts and if an infringement offence is found to have occurred, this could have a series of financial and commercial consequences for the infringing party (with damages/an account for profits often being ordered, alongside an order for destruction/delivery up).

It is strongly recommended that businesses carry out extensive due diligence searches prior to the establishment of any brand and this is a process that our Intellectual Property Solicitors frequently assist clients with on both a national and international basis. This also extends to domain name availability and registration, noting that the majority of traffic to the eCommerce platform will often come from search engine optimisation activities.

Dealings with Consumers

On establishing an eCommerce platform, businesses need to be aware of their obligations to consumers under the Consumer Rights Act 2015 (CRA), The Consumer Contracts (Information, Cancellation and Charges) Regulations 2013 (CCRs) and The Consumer Protection from Unfair Trading Regulations 2008, (CPUTRs).

A person is seen to be a consumer if they are purchasing goods from a trader outside the course of their trade or custom, with an example being an individual that purchases clothes from an online retailer. The CCRs impose stringent pre-contractual information obligations on businesses, which require them to provide consumers of adequate information regarding the products that they are purchasing, who they are purchasing the products from and, arguably most importantly, cancellation rights. Where a consumer contract is for products, a consumer has a statutory right under the CCRs to change their mind within 14 days of delivery; this is a right that they must be informed of pre-contract and, if this does not take place, their right to cancel may be extended.

Whilst cancellation rights are often seen to be a troublesome burden for businesses to provide, the key to a strong brand is having in place a clear, transparent and easy to navigate eCommerce platform. Information requirements under the CCRs are easily overcome by having in place eCommerce Terms and Conditions which set out information regarding the consumer's journey from start to finish. This includes dealing with the consumer's right under the CRA to receive products of satisfactory quality. We often find that businesses with a strong brand identity go above and beyond their statutory obligations under the CCRs and CRA, with a view to ensuring consumer retention.

Businesses also ought to consider their obligations under the CPUTRs, which broadly seek to prevent businesses from misleading consumers, as well as acting in an unfair and aggressive manner. This is alongside separate product liability, regulation and insurance considerations that must be taken into account at the offset of any new venture.

Data Protection

When setting up an eCommerce platform, businesses will also need to consider their obligations under data protection law. As a minimum, an eCommerce platform will collect information such as contact details, e-mail address, billing and delivery addresses, payment details and details of products purchased. This makes eCommerce businesses a 'Controller' for the purposes of data protection law and means that they must comply with the requirements of the UK General Data Protection Regulation, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003. Failure to comply with these requirements can open businesses up to complaints, regulatory action from the Information Commissioner's Office (including fines) and claims for compensation.

The requirements under data protection law are extensive, however, as a minimum, eCommerce businesses should consider the following:

  • Data security - An eCommerce platform will hold personal information of customers, including card payment details. When selecting a provider to host the eCommerce platform businesses must ensure the provider can give sufficient guarantees they will implement appropriate technical and organisational measures to ensure they will meet UK GDPR requirements and protect individuals' data protection rights. This will include reviewing the provider's security accreditations, checking the provider's terms and conditions to ensure they include the necessary 'data processing terms' and considering the location of where the data will be stored. There are different and more complex requirements if the data is being stored outside the UK or the EU.
  • Privacy Policy - The eCommerce platform will be required to display a privacy policy setting out what personal information you will collect, how you will use it, who it will be shared with and how long you will keep the information for. The details of what information needs to be provided in a privacy policy are set out in the UK GDPR and aims to provide individuals with details of their data protection rights.
  • Direct marketing - Generally, you will be required to obtained positive 'opt-in' consent from customers or potential customers before you can send direct marketing to them via email or text message. There is an exemption under the Privacy and Electronic Communications Regulations which permit you to send direct marketing emails/texts to existing customers provided you are marketing similar goods or services to those they have already purchased without having to obtain the positive 'opt-in' consent. However, if you are relying on this exemption, you must ensure that all your correspondence includes the ability to easily opt-out or unsubscribe.
  • Cookies - If an eCommerce platform uses cookies, businesses will need to comply with the requirements under the Privacy and Electronic Communications Regulations. This includes telling individuals if you set cookies, and clearly explain what the cookies do and why. You will be required to obtain consent (e.g. via a Cookie banner) for the use of any cookies which are not strictly necessary. This includes analytical cookies (such as Google Analytics) and third-party cookies (e.g. from advertising networks).
  • Registration with the ICO - Every organisation who uses personal information needs to pay a data protection fee to the Information Commissioner's Office, unless they are exempt. The cost of registration depends on the size of the organisation and starts at £35 per year for small businesses.

These are the minimum considerations businesses will need to consider when setting up an eCommerce platform from a data protection perspective. As the business grows, there will be further requirements which need to complied with and advice should be sought to ensure compliance with data protection law.

Final Comments

Setting up an eCommerce platform can be a stressful and time consuming process, with significant commercial and legal considerations that need to be taken into account from the offset. Our solicitors are experts in drafting the policies that you will require in order to ensure compliance with your legal obligations. We also act for clients on a national and international basis in order to ensure that their brand is protected via trade mark registrations.

For more information on commercial and intellectual property matters, contact Daniel Fletcher via phone on 0333 207 1145. For information on data protection matters, contact Bethany Paliga via phone on 01254 222347. Alternatively send any question through to Forbes Solicitors via our Online Contact Form.

Learn more about our Commercial department here

Going after developers for the cladding crisis - is this enough…

Smart Contracts shall we embrace them or hold off for now?

Contact Us

Get in touch to see how our experts could help you.

Call0800 689 0831

CallRequest a call back

EmailSend us an email

Contacting Us

Monday to Friday:
09:00 to 17:00

Saturday and Sunday:
Closed