Knowledge Hub
for Growth

What are the legal considerations for launching a website, app or trading online?

If you’re in business, a good website is a must, even if it’s only a holding page for your contact details. And there’s no better way to grow your business than using a website or an app to attract and retain clients.

You may be an indy shop trading in your local community, a freelancer, or be in the process of setting up a platform or app to sell products ­– whatever your business, an online presence is now essential.

This guide to internet law covers everything you needs to know when trading online, from General Data Protection Regulations (GDPR) compliance to IPR infringement. Alternatively, if you have a more specific enquiry, contact one of our expert IT and commercial lawyers.

Brief overview: Online trading

This article looks at the most common issues that crop up for businesses that trade online:

  • Website terms and conditions: These are the terms that govern the use of your website, including website cookies and data privacy. You’ll need separate terms of sale for those who buy from you. These documents should be easily accessible on your site or app.
  • EULAs (End User Licence Agreements): These are terms that apply to end users and will appear on your site or app.
  • Privacy policies, cookies and the GDPR: You need to make sure customers’ data is safe with you.
  • Contracts with web and app developers: Your contracts with designers and developers need to protect your interests.
  • Website hosting contracts: How to understand the terms on which your site is hosted.
  • Intellectual property (IP) and infringement issues: How to register and protect your intellectual property and understand basic rules around copyright, trademark and infringement.

Website terms and conditions

Website terms

Your website terms and conditions (T&Cs) cover access to and use of your website. These include:

  • Information about you, as the website owner, and your right to make changes to the site.
  • Disclaimers for published or linked material.
  • Rules about how content may be used.
  • Unacceptable user behaviour such as hacking, introducing viruses and uploading illegal or defamatory content.

The terms should be clearly marked with appropriate hyperlinks. Ideally, visitors would click to accept these terms (click-wrap) before being able to use the site, although this is not always practicable. Many sites simply state that they are available to consult on the site (browse-wrap).

If you choose the browse-wrap option, it can be tricky to enforce these, as agreement by the user isn’t necessarily explicit. If this issue is crucial to you, for example if you don’t want materials on your site to be copied, then ask your developer to install a click-wrap option.

A disclaimer is very important, since you will not wish to assume liability for inaccurate or out-of-date materials on the site. It’s simply not practicable to guarantee that all your content is up to date. Equally important is your privacy policy, since most sites gather visitor data, and as such, you’ll have an obligation to keep such data secure and tell customers how you will use it.

If visitors can sign up for a newsletter on your site, this is a good opportunity to have them agree to your website terms of use. Make it clear how you’ll use their personal data when signing up. You must also include an opt-in if you want to send them marketing materials and make it easy for them to unsubscribe.

If you use cookies on your site, visitors must agree to their being collected and used.

The UK is set to introduce new rules aimed at protecting users, particularly children, against illegal and harmful content such as terrorism, grooming and porn. The government has committed to introduce an Online Safety Bill in 2022, and it will apply to a wide range of businesses from sales platforms to dating sites and online forums. The regulator will be Ofcom, and it’s planned that there will be fines of up to 10% of a company’s global turnover for any failure of a business’s ‘duty of care’ to users. Ofcom will also have the power to block certain services from being accessed in the UK. The costs of enforcement will be met by those affected by the new rules.

There will be different categories of business affected by the new rules, with a top tier (category 1) only applying to those with “the largest online presences and high-risk features,” which is likely to include Facebook, TikTok, Instagram and Twitter.

Other documents that you should include in your site are an acceptable use policy, a privacy and cookie policy, and your own terms and conditions of sale.

Sale of goods and services

Where you use your site to process orders, your sales terms must be on your site or made available to customers before they pay and they need to reflect current legal requirements. For example, distance selling regulations give a right to a ‘cooling-off’ period for online transactions (14 days from ordering a service or receiving goods).

Within this time, the customer can cancel the contract and receive a refund. If you sell to consumers (B2C) as well as to other businesses (B2B), the rules may be different, so make sure you seek expert legal advice to ensure your business is fully compliant with the law. A cooling off period may not apply to perishable goods, and you may be able to deduct a fee from any reimbursement if your client has ‘excessively handled’ the goods.

Where you offer a mix of goods, services and even digital content, you can choose to use a single set of terms and conditions to keep things simple. Your customers’ remedies in respect to any problems will depend on what’s being supplied.

EULAs (End-user licence agreements)

A EULA is a contract that gives users the right to use the app. The software running your app is automatically protected by copyright law, but you need to spell out your terms of use and include a limit on your liability in case of problems (to the extent that this is legally possible and where your users are consumers).

In consumer sales (i.e. not businesses), the EULA must be written in plain and intelligible language to ensure transparency, and any terms that would be deemed ‘unfair’ are unenforceable. For example, a disclaimer or limit of liability that would be seen as unreasonable cannot be enforced.

Apps are sold via popular app stores like Apple and Google Play, who advertise and distribute them on behalf of sellers. If you intend to place your app on one of these platforms, you can choose to use the proprietary terms and conditions offered instead of developing your own. For example, Apple now requires a privacy policy for apps.

If you are writing your own EULA, you should include copyright and patent notices and encode these within the software.

You won’t be able to hold your users to the EULA unless they accept them before using the app. As with website terms and conditions, this can be problematic. Ideally, a customer would click to agree the terms before payment or downloading the app. Alternatively, you can make the terms prominent within the app, or available post-contract, although you are much less certain to be able to enforce your licence.

Privacy policies, cookies and the GDPR

The principle of transparency contained in the GDPR means that you have to tell your users how you will handle their data by way of a privacy policy. This policy informs users how you collect, use, store, transfer and use their data. You will need this if you collect basic personal data (name and contact details) for sales or marketing purposes, and if you collect information about online behaviour (IP addresses, web log data and so on).

As with your website terms of use, you should include a clearly visible link on every page that identifies the privacy policy. Before launching your website, we advise you to conduct a privacy audit so you understand the roadmap of your customer’s data and keep a record of this in case of challenge. Make sure that, for each stage of the data journey, you use reputable processes and storage methods.

You’ll need to take special care if you are collecting data that is sensitive, such as racial or ethnic origin, health or illness, or if you are collecting data from children.

Generally, you can only use cookies in your site if users have been given clear and comprehensive information about how the cookie is stored and accessed and have given their consent.

This informed consent must be obtained prior to installation of the cookie.

As with website terms and conditions, visitors will ideally need to click to accept your terms concerning cookies, and your cookie terms need to be clearly visible and accessible. If you don’t require users to tick to accept your terms, then you may be able to rely on implied consent, provided the user has to take some action (such as downloading the cookie policy), from which their consent can be inferred.

In summary:

  • Users must consent to the use of cookies in a clear and unambiguous way
  • They must understand how the cookies will be used
  • The consent must be given before the cookies are placed
  • They must be able to opt out
  • You must keep a record of their consent

Contracts with web and app developers

If you choose to build your site using a service like Squarespace or WordPress, the terms of use are embedded in the service, so you’ll sign up when you join.

If you hire a web or app developer to build your online presence, you’ll need to write the specification for the content. As with any contract for design, you’ll need to cover issues such as function and performance, and describe any visual content that the designer will create. You’ll need to make sure that the designer is aware of your legal duties in respect of privacy, cookies and distance selling obligations so that these are incorporated into the design at the outset.

Make sure that your developer understands your requirements in terms of branding, functionality, graphics and so on. The more complex the design, the costlier the site, so have a clear picture of the end result before the designer starts work.

Include a timetable for delivery, with appropriate milestones for testing and launch. Ideally, include a provision for damages in the case of any delay, particularly if you’re counting on potential revenues. Build in plenty of time for acceptance testing and possibly pilot tests to gauge the views of users.

You can choose to make payment on a fixed fee or a time and materials basis. Time and materials contracts can be more expensive overall, particularly if you make design changes along the way.

If your developer will be hosting your site, you need to think about whether visitors can post material on the site, and apportion responsibility for policing and monitoring content, particularly if you have a message board or chat-room functionality. This will be increasingly important once the new online trading law comes into effect. Make sure you’ve a process for reviewing material and take down any offending content.

Finally, and after the site has been delivered, think about who’ll be responsible for maintaining the site and updating content, and make sure you’ve got an agreed procedure for transferring the site to a new provider or host should you need to.

Website hosting contracts

Websites sit on servers that are connected to the internet, and which publish them for use by visitors. If you choose to host your site with a large company that maintains multiple sites, they may run and maintain their own servers. Alternatively, your host will link to your own servers.

If your site is large and/or complex, and you anticipate a large volume of traffic, it may be better to make your own arrangements for hosting and run your own servers.

This is what should be included in a website hosting agreement:

  • What provision is there for security, maintenance and support (is there a help-desk), and what back-up and disaster recovery processes are in place?
  • If your host sub-contracts server space, what technical requirements do you wish them to meet for the server?
  • Do you want to specify speed and quality of response levels? You won’t want your website to load too slowly or be difficult to use at peak times.
  • What minimum level of availability do you want to set? The host will need to take down sites for maintenance, but you’ll want these periods to be short and take place at times of relatively low traffic.
  • You’ll need to include routine requirements on security and incident reporting.
  • As with design contracts, consider issues like a timetable for implementation, and acceptance testing of the hosting arrangement.
  • In terms of liability for offending content, the host will likely try to exclude personal liability for things such as defamation or IP infringement, so make sure you have easy access to the site to remove content if needed.
  • Reporting. Depending on the size of your company and your technical capabilities, you can ask your developer to report on site performance, such as traffic and page hits, and be able to audit their records. You’ll also need to access information about personal data and cookies, and check that your host is aware of and compliant with its obligations under GDPR (if you are not taking a DIY approach to reporting). If you need this service, put it into your contracts with your developer or host.

Intellectual property (IP) and infringement issues

Domain names and trademarks

If you’re a start-up, be careful when you pick your business name. Do plenty of research, as you should avoid any similarity with another business in the same sector. If you’re set on a name, search at the UK Trademark Registry to see whether it is already in use. If your search reveals no problems, the next step will be to search for similar domain names. Even if your trademark search is clear, choose a website name that is not too similar to others, so that your customers can find you easily.

Once you register your business name as a trademark, if you find that a competitor or other business is using a similar trading name or domain name, you can challenge this either in court or via a dispute resolution process. There are two such mechanisms: the international Uniform Domain-Name Dispute Resolution Policy, or the UK-based Dispute Resolution Services process administered by Nominet.

Web content and copyright

When developing your web content, make sure your content is original, whether that be copy or images. If you’d like to use photographs, there are plenty of sites that provide images either royalty-free, in the public domain, or free for reuse under certain licenses. Sometimes you need to credit the author within your site. Similarly, if you find that others have copied your material, you can challenge that use and have the content removed.

There’s no need to use any special symbols to show that copyrights exist although these do serve as a warning to users that you will protect your rights.

When hiring web designers or developers, they’ll own the copyright in the site itself. Your contract with them should either transfer those rights to you or give you an unlimited right to use it. This is important as you may want to transfer the website to a new developer at some point.

Your contract will also need to protect you against copyright infringement, for example, where a designer has used images or clips for which they have not obtained permission. This should be in the form of an indemnity, so that any costs you incur are fully recoverable. In return, your designer may ask for an indemnity from you to cover them if any content you provide is subject to an IP challenge.

Future changes to internet law

Although Brexit has now happened the UK will still be influenced by EU law, as under the Withdrawal Agreement the UK courts can look at this when applying UK rules.

Here are some things to look out for:


Under the Digital Copyright Directive, there will be a new tax on those that publish snippets of content from another site. There are no plans to introduce a similar law in the UK at the moment.

Online liability for content

In line with the EU Digital Service Act, the UK government is planning to introduce an Online Safety law that will prosecute those who host problematic content.

Competition law

New legislation is being proposed that would allow a regulator to supervise the operations of major digital providers, known as the Digital Markets Unit. The aim is to enable smaller businesses to benefit from data collected by large players like Amazon and Facebook. In theory, these larger companies will need to share their data with smaller players.

What next?

If you’d like to know more about internet law, or are planning to trade online, contact our team of expert commercial lawyers. Get in touch on 0800 689 1700, email us at, or fill out the short form below with your enquiry.

Your data will only be used by Harper James Solicitors. We will never sell your data and promise to keep it secure. You can find further information in our Privacy Policy.

Our offices

A national law firm

A national law firm

Our commercial lawyers are based in or close to major cities across the UK, providing expert legal advice to clients both locally and nationally.

We mainly work remotely, so we can work with you wherever you are. But we can arrange face-to-face meeting at our offices or a location of your choosing.

Head Office

Floor 5, Cavendish House, 39-41 Waterloo Street, Birmingham, B2 5PP
Regional Spaces

Stirling House, Cambridge Innovation Park, Denny End Road, Waterbeach, Cambridge, CB25 9QE
13th Floor, Piccadilly Plaza, Manchester, M1 4BT
10 Fitzroy Square, London, W1T 5HP
Harwell Innovation Centre, 173 Curie Avenue, Harwell, Oxfordshire, OX11 0QG
1st Floor, Dearing House, 1 Young St, Sheffield, S1 4UP
White Building Studios, 1-4 Cumberland Place, Southampton, SO15 2NP
A national law firm

Like what you’re reading?

Get new articles delivered to your inbox

Join 8,153 entrepreneurs reading our latest news, guides and insights.


To access legal support from just £145 per hour arrange your no-obligation initial consultation to discuss your business requirements.

Make an enquiry