So, you want to start an online business? It is easy, isn’t it – you get a domain, buy a hosting, setup a web site and, voila, you are cashing in 24/7. Right? Wrooong! You forgot the lawyers. There are tons of them and they can make your life hell. If you don’t want this to happen, you need to figure out some crucial stuff in the “Big L”-area. Spell it with me: L-E-G-A-L-S-T-U-F-F.

E-commerce offers endless opportunities with the unlimited number of potential worldwide customers, the ease of purchasing a product from each location, the optimization of business processes. However anyone engaged in it should keep in mind that laws and rules exist online as much as they do offline.

Knowing the legal aspect of e-commerce turns out to be one of the key factors about online business success. Since it is a wide topic and a professional legal advice is needed in each particular case, this post will only sketch the applicable legal requirements.

B2B online relations differ from B2C ones, mainly in the more rigorous standard to ensure safety and consumer protection in B2C web businesses, but in order to summarize, these are the main legal aspects of e-commerce, particularly in the EU.


Light Bulb One: Protect Your Most Precious Asset

One of the very first steps to be taken is the domain name registration and its protection. It is important due to the fact that the domain name contract, which is basically a service agreement, protects the domain name in the relation between the parties to this agreement, but it could not automatically offer protection of the domain name against infringements by third parties.

This situation could be resolved by a registration of the domain as a trademark (e.g. if the domain is, the part of it “chicoverdose” would be entitled for registration).

It could be done at a national level with the national trademark office, to the entire EU at the OHIM, Spain or internationally using the Madrid System at WIPO (World Intellectual Property Organization).

Once the domain name is registered as a trademark, its protection from unauthorized use will be more complete.


Light Bulb Two: Lock It Down With an Online Contract

Most of the times you click “I agree” or similar online, you are basically concluding a contract. There are certain transactions where the agreements could only be done offline, such as buying or selling a real estate, prenuptial agreements, etc., but generally contracts concluded by electronic means are officially allowed for most transactions.

Moreover, the customers concluding online contract, should be informed about the technical steps to follow to conclude the contract, e.g. by clicking or doing what the agreement is considered concluded, the languages offered for its conclusion, whether the contract will be filed with the provider and about the technical means to identify and correct errors in ordering.

All these aspects are usually dealt with by the General Terms of the particular online business. In the best case, the Terms would include identifiable information about the provider, details about the consumer protection rights of the customer, privacy and data protection information, including specifics about the website use of cookies, intellectual property of the provider, limitation of liability, etc. Last but not least, the Terms should be drafted for the specific case and not just copy/pasted from another website, as the risk of them being of low quality, outdated or just not applicable to the case is considerable.

Light Bulb Three: Show It, Baby

In my practice I have seen many online businesses whose managers did not even know that according to the applicable EU directives, certain amount of information must be provided to the customers of an online business.

It is needed to identify the provider, its goods or services, their prices and other shipment details and include: name and address of the provider, e-mail, trade or other public register registration, registration with any professional body, etc.

Light Bulb Four: Protect Thy Customer

In B2C relations (with consumers being only natural persons), the providers are required to follow additional rules that require further protection to the consumers. They include, among others:

  • Provision of complete information before the purchase – e.g. again name and address, main characteristics of the goods or services, prices incl. all taxes, shipment costs, payment and delivery method, period of offer validity, etc. and written confirmation of that information;
  • Right of Withdrawal of the consumer – i.e. the consumer has the right to cancel the contract within a minimum of 7 working days without penalty and without giving any reason. It is a legal obligation of the provider to inform the consumer about this right.


Light Bulb Five: Don’t Mess With the Personal Data

Personal data includes any information relating to an identified or identifiable natural person, e.g. name, address, phone number, place of birth, other ID data, family status, professional experience, health status, sexual orientation, ethnicity, political, religious or philosophical views, financial standing, etc.

It should only be processed fairly and lawfully and could be collected either with the consent of the individual or in other exceptional cases for explicit purposes as described in the applicable laws. The data controller should provide identifiable information about their identity, the purpose of the processing, etc. and grant the right of access to the individual to its own data.

The best way to comply is by drafting a Privacy Policy as a part of the Terms, which explains the way personal data is collected and processed in the specific case.

Light Bulb Six: They Hate Spam. Period.

Spam by itself is not illegal but there are laws regulating it. Different legal systems have different approaches to spam. In some cases, Opt-In regime is applicable, e.g. in some countries you should have previously obtained a person`s consent to be legally allowed to send them unsolicited commercial messages. In the EU, registers of persons who do not wish to receive spam exist and they should be checked before sending messages to legal or natural persons.

The EU e-Commerce Directive furthermore requires a spam message to be identifiable clearly and unambiguously as such as soon as it is received by the recipient, which is usually done by including a disclaimer text at the bottom of the message.

The US CAN-SPAM Act sets some minor requirements regarding those messages, e.g. a truthful subject line, no false information in the technical headers or sender address, “conspicuous” display of the postal address of the sender and others.

In most jurisdictions however, an unsolicited commercial message must contain an Opt-out option to be legal.


Light Bulb Seven: If You Don’t Protect It, They (Copycats) Will Come

Intellectual Property on the internet is usually protected by copyrights. Copyright in the EU is recognized automatically in a completed work (article, picture, design, source code, etc.) without the need of any registration.

Certain jurisdictions provide an option for registration, such as the Copyright Office in the USA, however registering copyrights on works is not very popular in the EU.

However, in order to prove the authorship and the initial moment of creation of a work, which is the point in case of a dispute, drafting proper documents (i.e. contracts) with an exact date is recommended.

When it comes to an online business, it is a good idea to start with signing an agreement for the development of the website or the software needed for the business operations. It is needed in order to set the rights to the website or software in the most favorable for the provider way and the same applies to other copyrighted works obtained for the business, such as texts, pictures, logo, etc.

In many jurisdictions if any of the above works are created by employees of the provider or are in any way considered work made for hire, the rights will be mostly owned by the provider (with some exceptions regarding software), so no further documentation is needed.

However, for the sake of proof of ownership, written documents are recommended in each specific case.

As a result, spending a little time in advance on legal work and protection may help any online business avoid numerous legal complications and pitfalls.

Doing business is a hard thing. People are involved. Money is involved. And when you are doing it online it is not getting prettier, just faster and wider. So, please, put your legal stuff right. Do it from the very beginning.