Internet And E-Commerce Law

The unstoppable rise of E-Commerce

Let’s face it since the COVID Pandemic came upon us, e-commerce has thrived. As the High Street continues to suffer, billions of pounds of business has moved into the ether of online shopping. If you aren’t already selling online, then you need to be.

The trend is unstoppable with global e-commerce set to hit over $1 trillion in 2022.

Whilst small businesses have been closing, one sector has thrived: on-line eCommerce. During lockdown people have been buying more online and new consumers have been coming online. My friend’s 85 year old mother just started buying on Amazon – that would have been unthinkable in the pre-Pandemic era.

Rarely has human behaviour changed so fast.


According to research by the American Stock Exchange, NASDAQ, by 2040 around 955 of all purchases are expected to be via e-commerce. Based on current trends, there are strong reasons to believe that much of this online commerce will take place through mobile devices.

So if you don’t want to be swimming against the tide, your business needs to grow your online sales presence.

Legal Aspects of Online Trading

If you are selling goods or services online then you are operating in the eCommerce sector and you need to be conversant with the legal aspects of internet trading. This will protect both you and your customers.

Don’t forget that your website can be accessed globally. Yes, this can give you great potential to reach out to a global audience – but with that comes a responsibility to promote your business in a truthful way that is legally compliant and that won’t get you into trouble one day.

If you run any advertising on, say, Facebook, then you have to be aware of Facebook’s Advertising Guidelines, and if your Landing Pages don’t have the correct wording, your account can easily be shut down. You simply have to take care with these very important details.

Website Terms & Conditions

This is an important page for your website, and you need one on display. It’s very important and can protect you in the event of a dispute.

Privacy Policy

You need a legally-compliant Privacy Policy for your website which encompasses all the activities that your website undertakes. It’s not good enough just to blindly copy another site’s Privacy Policy. It just might land you in hot water one day. You need a properly crafted policy that makes sense for your business.

If you plan to monetise your email list one day, and this can be one of the most valuable assets your online business has, then you absolutely must be clear about the terms that people give you their contact details from day one. You cannot expect to treat your list in a cavalier fashion.

Cookie Notice

In-line with the GDPR Data Protection Act 2018, I can prepare a Cookie Notice for your website and advise on how to allow customers to pick cookies. 

Intellectual Property Notice

Your business will need to protect its intellectual property, even if it is just your Copyright. I can prepare an IP Notice to display on your website. This is important even if your business is not registered.  

You might think these matters are rather tedious and nobody really bothers about this kind of thing. But this would be a foolish mistake to make. There are very real legal issues that you need to be aware of.

GDPR (General Data Protection Regulation) & the Data Protection Act 2018

if you collect and store data, then Data Protection laws apply to your business whether you are a bricks and mortar, or online.

The Data Protection Act 2018 sets out the framework for data protection law in the UK. It was amended on 01 January 2021 as a result of Brexit and now sits alongside the UK GDPR.

Since the main marketing strategy of online businesses is to develop an email list, then if you are online, you really do need to pay attention to this.

What is the UK GDPR?

The UK GDPR is the UK General Data Protection Regulation. It is a UK law which came into effect on 01 January 2021. It sets out the key principles, rights and obligations for most processing of personal data in the UK, except for law enforcement and intelligence agencies.

It is based on the EU GDPR (General Data Protection Regulation (EU) 2016/679) which applied in the UK before that date, with some changes to make it work more effectively in a UK context.

If you hold any overseas data collected before 01 January 2021 (referred to as ‘legacy data’), this will be subject to the EU GDPR as it stood on 31 December 2020 (known as ‘frozen GDPR’). In the short term, there is unlikely to be any significant change between the frozen GDPR and the UK GDPR.

Which regime applies?

The legislation has several regimes, and it is important that your business identifies the correct regime that your business falls under. Whilst the overall principles are similar, there are some key differences.

Most businesses and organisations fall under the general processing regime. There is a helpful Guide to Data Protection prepared by the Information Commissioner’s Office, and you can access it by clicking here.

Protection of personal data

By way of general summary, the Data Protection Act refers to the GDPR’s most central provisions for the protection of personal data. These include:

  • Requiring personal data to be processed lawfully and fairly, on the basis of the data subject’s consent or another specified legal basis.
  • Conferring rights on the data subject to obtain information about the processing of personal data and to require inaccurate personal data to be rectified.
  • Conferring functions on the Commissioner, giving the holder of that office responsibility for monitoring and enforcing their provisions.

The Data Protection Act 2018 also adopts the central definitions of the EU GDPR, such as:

  • Personal data meaning “any information relating to an identified or identifiable living individual.”
  • Processing meaning “an operation or set of operations which is performed on information,” such as collection, recording, storage, disclosure, combination etc.
  • Data subject meaning “living individual to whom personal data relates.”
  • Controller and processor meaning the “natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.”


From the perspective of commercial law, you do need to have proper Terms and Conditions, as well as a well crafted Privacy Policy. These are important elements for a successful commercial website. You also need to pay attention to internationally accepted best practice when it comes to common matters such as Testimonials – ensuring that inappropriate claims are not made, and that they are in fact genuine.

Data Protection legislation is very wide-ranging and must be taken very seriously. For your website to be compliant it must ask for and obtain the consent of users before processing their personal data. If your website uses third-party cookies, you need to implement a consent management solution that makes sure that these cookies and trackers are not activated to process personal data before users have given their explicit consent to do so.

Contact me if you need any help to get your website fully compliant and to give you peace of mind, so that you can just get on with running your business.

Have a legal issue? Get in touch:

Tel: 07967 836715