If you’re in business, a good website is a must, even if it’s only a holding page for your contact details. And there’s no better way to grow your business than using a website or an app to attract and retain clients.
You may be an indy shop trading in your local community, a freelancer, or be in the process of setting up a platform or app to sell products – whatever your business, an online presence is now essential.
This guide to internet law covers everything you needs to know when trading online, from General Data Protection Regulations (GDPR) compliance to IPR infringement. Alternatively, if you have a more specific enquiry, contact one of our expert IT and commercial lawyers.
- Brief overview: Online trading
- Website terms and conditions
- EULAs (End-user licence agreements)
- Privacy policies, cookies and the GDPR
- Contracts with web and app developers
- Website hosting contracts
- Intellectual property (IP) and infringement issues
- Future changes to internet law
Brief overview: Online trading
This article looks at the most common issues that crop up for businesses that trade online:
- Website terms and conditions: These are the terms that govern the use of your website, including website cookies and data privacy. You’ll need separate terms of sale for those who buy from you. These documents should be easily accessible on your site or app.
- EULAs (End User Licence Agreements): These are terms that apply to end users and will appear on your site or app.
- Privacy policies, cookies and the GDPR: You need to make sure customers’ data is safe with you.
- Contracts with web and app developers: Your contracts with designers and developers need to protect your interests.
- Website hosting contracts: How to understand the terms on which your site is hosted.
- Intellectual property (IP) and infringement issues: How to register and protect your intellectual property and understand basic rules around copyright, trademark and infringement.
Website terms and conditions
Your website terms and conditions (T&Cs) cover access to and use of your website. These include:
- Information about you, as the website owner, and your right to make changes to the site.
- Disclaimers for published or linked material.
- Rules about how content may be used.
- Unacceptable user behaviour such as hacking, introducing viruses and uploading illegal or defamatory content.
The terms should be clearly marked with appropriate hyperlinks. Ideally, visitors would click to accept these terms (click-wrap) before being able to use the site, although this is not always practicable. Many sites simply state that they are available to consult on the site (browse-wrap).
If you choose the browse-wrap option, it can be tricky to enforce these, as agreement by the user isn’t necessarily explicit. If this issue is crucial to you, for example if you don’t want materials on your site to be copied, then ask your developer to install a click-wrap option.
The UK is set to introduce new rules aimed at protecting users, particularly children, against illegal and harmful content such as terrorism, grooming and porn. The government has committed to introduce an Online Safety Bill in 2022, and it will apply to a wide range of businesses from sales platforms to dating sites and online forums. The regulator will be Ofcom, and it’s planned that there will be fines of up to 10% of a company’s global turnover for any failure of a business’s ‘duty of care’ to users. Ofcom will also have the power to block certain services from being accessed in the UK. The costs of enforcement will be met by those affected by the new rules.
There will be different categories of business affected by the new rules, with a top tier (category 1) only applying to those with “the largest online presences and high-risk features,” which is likely to include Facebook, TikTok, Instagram and Twitter.
Sale of goods and services
Where you use your site to process orders, your sales terms must be on your site or made available to customers before they pay and they need to reflect current legal requirements. For example, distance selling regulations give a right to a ‘cooling-off’ period for online transactions (14 days from ordering a service or receiving goods).
Within this time, the customer can cancel the contract and receive a refund. If you sell to consumers (B2C) as well as to other businesses (B2B), the rules may be different, so make sure you seek expert legal advice to ensure your business is fully compliant with the law. A cooling off period may not apply to perishable goods, and you may be able to deduct a fee from any reimbursement if your client has ‘excessively handled’ the goods.
Where you offer a mix of goods, services and even digital content, you can choose to use a single set of terms and conditions to keep things simple. Your customers’ remedies in respect to any problems will depend on what’s being supplied.
EULAs (End-user licence agreements)
In consumer sales (i.e. not businesses), the EULA must be written in plain and intelligible language to ensure transparency, and any terms that would be deemed ‘unfair’ are unenforceable. For example, a disclaimer or limit of liability that would be seen as unreasonable cannot be enforced.
If you are writing your own EULA, you should include copyright and patent notices and encode these within the software.
You won’t be able to hold your users to the EULA unless they accept them before using the app. As with website terms and conditions, this can be problematic. Ideally, a customer would click to agree the terms before payment or downloading the app. Alternatively, you can make the terms prominent within the app, or available post-contract, although you are much less certain to be able to enforce your licence.
Privacy policies, cookies and the GDPR
You’ll need to take special care if you are collecting data that is sensitive, such as racial or ethnic origin, health or illness, or if you are collecting data from children.
This informed consent must be obtained prior to installation of the cookie.
- They must understand how the cookies will be used
- The consent must be given before the cookies are placed
- They must be able to opt out
- You must keep a record of their consent
Contracts with web and app developers
If you hire a web or app developer to build your online presence, you’ll need to write the specification for the content. As with any contract for design, you’ll need to cover issues such as function and performance, and describe any visual content that the designer will create. You’ll need to make sure that the designer is aware of your legal duties in respect of privacy, cookies and distance selling obligations so that these are incorporated into the design at the outset.
Make sure that your developer understands your requirements in terms of branding, functionality, graphics and so on. The more complex the design, the costlier the site, so have a clear picture of the end result before the designer starts work.
Include a timetable for delivery, with appropriate milestones for testing and launch. Ideally, include a provision for damages in the case of any delay, particularly if you’re counting on potential revenues. Build in plenty of time for acceptance testing and possibly pilot tests to gauge the views of users.
You can choose to make payment on a fixed fee or a time and materials basis. Time and materials contracts can be more expensive overall, particularly if you make design changes along the way.
If your developer will be hosting your site, you need to think about whether visitors can post material on the site, and apportion responsibility for policing and monitoring content, particularly if you have a message board or chat-room functionality. This will be increasingly important once the new online trading law comes into effect. Make sure you’ve a process for reviewing material and take down any offending content.
Finally, and after the site has been delivered, think about who’ll be responsible for maintaining the site and updating content, and make sure you’ve got an agreed procedure for transferring the site to a new provider or host should you need to.
Website hosting contracts
Websites sit on servers that are connected to the internet, and which publish them for use by visitors. If you choose to host your site with a large company that maintains multiple sites, they may run and maintain their own servers. Alternatively, your host will link to your own servers.
If your site is large and/or complex, and you anticipate a large volume of traffic, it may be better to make your own arrangements for hosting and run your own servers.
This is what should be included in a website hosting agreement:
- What provision is there for security, maintenance and support (is there a help-desk), and what back-up and disaster recovery processes are in place?
- If your host sub-contracts server space, what technical requirements do you wish them to meet for the server?
- Do you want to specify speed and quality of response levels? You won’t want your website to load too slowly or be difficult to use at peak times.
- What minimum level of availability do you want to set? The host will need to take down sites for maintenance, but you’ll want these periods to be short and take place at times of relatively low traffic.
- You’ll need to include routine requirements on security and incident reporting.
- As with design contracts, consider issues like a timetable for implementation, and acceptance testing of the hosting arrangement.
- In terms of liability for offending content, the host will likely try to exclude personal liability for things such as defamation or IP infringement, so make sure you have easy access to the site to remove content if needed.
- Reporting. Depending on the size of your company and your technical capabilities, you can ask your developer to report on site performance, such as traffic and page hits, and be able to audit their records. You’ll also need to access information about personal data and cookies, and check that your host is aware of and compliant with its obligations under GDPR (if you are not taking a DIY approach to reporting). If you need this service, put it into your contracts with your developer or host.
Intellectual property (IP) and infringement issues
Domain names and trademarks
If you’re a start-up, be careful when you pick your business name. Do plenty of research, as you should avoid any similarity with another business in the same sector. If you’re set on a name, search at the UK Trademark Registry to see whether it is already in use. If your search reveals no problems, the next step will be to search for similar domain names. Even if your trademark search is clear, choose a website name that is not too similar to others, so that your customers can find you easily.
Once you register your business name as a trademark, if you find that a competitor or other business is using a similar trading name or domain name, you can challenge this either in court or via a dispute resolution process. There are two such mechanisms: the international Uniform Domain-Name Dispute Resolution Policy, or the UK-based Dispute Resolution Services process administered by Nominet.
Web content and copyright
When developing your web content, make sure your content is original, whether that be copy or images. If you’d like to use photographs, there are plenty of sites that provide images either royalty-free, in the public domain, or free for reuse under certain licenses. Sometimes you need to credit the author within your site. Similarly, if you find that others have copied your material, you can challenge that use and have the content removed.
There’s no need to use any special symbols to show that copyrights exist although these do serve as a warning to users that you will protect your rights.
When hiring web designers or developers, they’ll own the copyright in the site itself. Your contract with them should either transfer those rights to you or give you an unlimited right to use it. This is important as you may want to transfer the website to a new developer at some point.
Your contract will also need to protect you against copyright infringement, for example, where a designer has used images or clips for which they have not obtained permission. This should be in the form of an indemnity, so that any costs you incur are fully recoverable. In return, your designer may ask for an indemnity from you to cover them if any content you provide is subject to an IP challenge.
Future changes to internet law
Although Brexit has now happened the UK will still be influenced by EU law, as under the Withdrawal Agreement the UK courts can look at this when applying UK rules.
Here are some things to look out for:
Under the Digital Copyright Directive, there will be a new tax on those that publish snippets of content from another site. There are no plans to introduce a similar law in the UK at the moment.
Online liability for content
In line with the EU Digital Service Act, the UK government is planning to introduce an Online Safety law that will prosecute those who host problematic content.
New legislation is being proposed that would allow a regulator to supervise the operations of major digital providers, known as the Digital Markets Unit. The aim is to enable smaller businesses to benefit from data collected by large players like Amazon and Facebook. In theory, these larger companies will need to share their data with smaller players.