News & Events

Website legal requirements it's time for an audit!

15 October 2006

Nearly every business has a website, whether just for information purposes or for selling goods or services. Yet, how many businesses are aware of the legislation which applies to websites and e-commerce transactions? For example, is your website designed to comply with WEEE, e-commerce, equality and data protection legislation?

A survey by the Irish Data Protection Commissioner of public sector websites in 2004 found that only 22% had adequate privacy statements compliant with the Data Protection Acts and the Electronic Communications Regulations.  A majority of websites (56%) had no privacy statement at all.  It is likely that similar if not higher figures apply to private sector websites.  Similarly, a survey by the Office of the Director of Consumer Affairs in 2005 found that only 14% of the websites surveyed were fully compliant with the E-Commerce and Distance Selling Regulations. 

It is a criminal offence not to comply with some of this legislation.  The way in which you commission and design your website can also have significant implications for your business.

We have set out below some important questions which online businesses need to consider.

Do you own your website?

If you paid someone outside your company to design your website, you may not own the intellectual property in the website (such as the design) unless you have a written agreement with the designer transferring the intellectual property to you.

Does your website bind you?

Depending on the design of your website, you may be bound to fulfil orders for goods which are out of stock or to provide the goods or services at a misquoted price.

Through the design of your website and careful drafting of the applicable terms and conditions, the online order process can be designed so that its completion amounts to an offer by the browser which the business may accept or reject.  In this way, the business can decline an offer if, for example, the product in question is out of stock or the price is misquoted. 

Do you perform online consumer contracts within 30 days?

The Distance Selling Regulations require an online seller to perform its obligations under an online consumer contract within 30 days after the consumer’s order.  This timeline can be varied in certain instances by careful drafting.

Did you know consumers can cancel online contracts without cause or cost?

The Distance Selling Regulations enable consumers who purchased goods or services online to cancel the contract within seven days without having to give any reason.  In such an event, the supplier is required to give a full refund to the consumer. 

The consumer is not obliged to arrange for the return of the goods unless this is specifically addressed in the applicable terms and conditions.  This highlights the importance of carefully drafted terms and conditions.

There are similar regulations which apply in relation to the conclusion of online financial services contracts.  However, in this case, the cancellation period is extended.

Are prices quoted on your website compliant with pricing legislation?

There is specific legislation governing the publication of the price of goods which must be complied with if you sell goods to consumers.

Does your website contain the minimum prescribed information and conditions?

The E-Commerce Regulations prescribe certain minimum information which is required to be provided on a website in a manner which is easily, directly and permanently accessible.  This information must be made prominently available on the website.  In addition, the E-Commerce Regulations set out a number of minimum conditions which a website must comply with. 

In addition, if you sell to consumers, the Distance Selling Regulations require you, in good time prior to the conclusion of any online contract, to provide a consumer with certain prescribed information in a clear and comprehensible manner.  Written confirmation (or confirmation in another durable form accessible to the consumer) of this information must be provided.

An online seller who purportedly enters into an online contract with a consumer and who fails to supply the relevant prescribed information in accordance with the Distance Selling Regulations may not be able to enforce the contract against the consumer. 

Does your website comply with the minimum prescribed procedural requirements?

The E-Commerce Regulations set out procedural requirements which must be adhered to once an order has been placed via the website.  For instance, upon receipt of an electronic order, the receipt of the order must be acknowledged without undue delay and by electronic means. 

Do you sell electrical and electronic equipment online?  If so, does your website comply with the WEEE Regulations?

The WEEE Regulations apply generally to distributors, retailers and producers of electrical and electronic equipment, including those who sell online.  If you sell electrical or electronic equipment online, your website must set out certain prescribed information to comply with the WEEE Regulations.  In addition, you must register as a distance seller with the national WEEE registration body.

The WEEE Regulations also impose obligations on online (and other) sellers in relation to the collection of waste electrical and electronic equipment from purchasers of new electrical and electronic equipment.

Is your website accessible to persons with disabilities?

Equality legislation requires service providers to do all that is reasonable to accommodate the needs of a person with a disability by providing special treatment or facilities, if, without such special treatment or facilities, it would be impossible or unduly difficult for the person to avail himself or herself of the service.  This can include making your website accessible to person with disabilities.  For example, is all information expressed on your website with colour also available without colour? Does content on your websiteblink or move?

Is your website factually accurate?

The publication of misleading advertising is prohibited by law.  Further, it is a criminal offence to publish false or misleading statements as to services or false or misleading indications of prices or charges.  Accordingly, you should be confident that the content of your website is factually accurate and not misleading.

Do you have a privacy statement?

In order to comply with the Data Protection Acts, your website must contain a privacy statement if you collect personal data (for instance, do visitors fill in web forms, feedback forms, submit orders etc.), use cookies or web beacons or covertly collect personal data (for example, IP addresses, e-mail addresses).

A privacy statement should be placed in an obvious position and may not be placed within another document on a website, such as terms and conditions of use or a disclaimer notice. 

The privacy statement should set out how your business applies the data protection principles to data processed on your website and should be specific to your website.  Statements to the effect that personal data will be processed in compliance with the Data Protection Acts are not sufficient on their own.  They need to be accompanied by an explanation of how, in practical terms, the website complies with its obligations.

Does your website use cookies?

The Electronic Communications Regulations set down specific rules in relation to the use of cookies. In particular, the Electronic Communications Regulations provide that a user must be offered the right to refuse the use of cookies and also require certain information in relation to any cookies used to be prominently displayed and easily accessible. 

Do you have a web hosting agreement?

If your company engages a web hosting company to store or operate a website which contains or collects personal information, you are required under the Data Protection Acts to enter into a data processing agreement with the web hosting company.  A data processing agreement contains certain prescribed content. 

It is also important from a commercial perspective to have a web hosting agreement in place to protect your interests.  For example, what happens if your website server goes down?  Is there a disaster recovery process in place? 

Have you checked the reliability of your web hoster?

The Data Protection Acts require businesses to ensure that any web hosting company it engages provides sufficient security guarantees in respect of its technical security measures and organisational measures governing the processing of personal data.  You must also take reasonable steps to ensure compliance with those measures.

Is your website server located outside the EEA?

If the website server is located outside of the European Economic Area and is hosted or operated by a third party, you may need to enter into a data transfer agreement in order to comply with the Data Protection Acts.  A data transfer agreement is based upon model clauses approved by the European Commission.  Similarly to a data processing agreement, a data transfer agreement can be subsumed within a more general web hosting agreement.

Are your terms and conditions of sale binding?

As the terms and conditions of sale or engagement are an important document, it is imperative that online purchasers are bound by them.  Simply making terms and conditions available by hyperlink may not be sufficient to incorporate the terms and conditions of sale into the purchase arrangements without more.  

It is generally recommended that purchasers should be required to scroll through the terms and conditions of sale and click an “I Accept” icon before proceeding to checkout and purchase.  This mechanism is intended to ensure that the terms and conditions of sale are fully incorporated into the agreement with purchasers as, under Irish contract law, all the terms and conditions and, in particular, any exclusions of liability must be brought to the attention of purchasers.

Alternatively, the terms and conditions of sale may be included in a hyperlink to which the purchaser is referred along with an icon stating that the purchaser has read and understand them and which icon purchasers must click before purchase.  Whilst there appears to be no case law in Ireland on this point, it seems from general Irish contract law that this mechanism may not be as effective to incorporate all terms under Irish contract law as the mechanism described above.

Are your terms and conditions unfair?

If you sell goods or services to a consumer, you should consider whether your terms and conditions are “unfair” as the Unfair Consumer Terms Regulations provide that unfair terms will not be binding on a consumer.

Do you need website terms of use?

Website terms of use are a separate document to a privacy statement or terms and conditions of sale.  They set out the terms governing the use of the website by browsers.  Website terms of use are important for a number of reasons.  In particular, they contain important provisions protecting the design of the website and other intellectual property accessible via the website.  In addition, website terms of use limit a business’ liability if, for example, use or cessation of the website causes damage or loss to a browser. 

Have you contracted out of your legislative obligations?

It is a criminal offence not to comply with some of the above obligations.  However, it is also possible to contract out of some of these obligations if the user is not a consumer.  This can be done through the website terms of use or sale.

Do you engage in direct marketing?

The Data Protection Acts regulate how you may use peoples’ personal information.  This includes using their information for the purposes of direct marketing.  In addition, the Electronic Communications Regulations set out certain rules in relation to the use of electronic communications for direct marketing purposes.  Significantly, a fine of up to €3,000 can be levied for each individual marketing message sent in breach of the Electronic Communications Regulations.  The first prosecution was recently brought under these regulations.

Conclusion

The e-commerce boom of the last decade has brought with it many benefits to society.  Quick and easy access to information and the ability to transact business online has benefited consumers and businesses alike.  However, there is a significant volume of legislation which regulates e-commerce activities.  It is a criminal offence not to comply with some of this legislation.  It is therefore important that all organisations ensure that their websites and online business arrangements are regularly reviewed to ensure that they are legally compliant.  Also, you need to be certain that you have addressed the other issues which are associated with trading online.  Failure to do so may lead to unnecessary business losses and, in extreme cases, may also lead to prosecution.

Attribute to Robert McDonagh, Solicitor, Mason Hayes & Curran.

Robert McDonagh is a solicitor in the commercial department of Mason Hayes & Curran. For more information, please contact Robert at rmcdonagh@mhc.ie or + 353 1 614 5000. The content of this article is provided for information purposes only and does not constitute legal or other advice. Mason Hayes & Curran (www.mhc.ie) is a leading business law firm with offices in Dublin, London and New York.

© Copyright Mason Hayes & Curran 2006. All rights reserved..