Is your business selling products online? Did you know that your customers have the right to return the product within seven days no questions asked? Or that you need to clearly display all the terms and conditions associated with the transaction at the time of purchase? Or that even though the EU is attempting to harmonise consumer legislation specific laws from other European countries could apply to the transaction?
Evidence presented at a recent seminar organised by legal firm Matheson Ormsby Prentice suggests many sites are not meeting the minimum requirements of e-commerce legislation and even information-only sites are failing to provide the right level of data protection. In one report from the Office of Consumer Affairs, a study of 55 websites found that of the 48 involved in e-commerce, only two had no breaches of the relevant regulations.
“It can be quite hard to get people to focus their attention on this and a lot of the regulations go by unnoticed,” says Don McAleese (pictured), head of the IT Law Group with Matheson Ormsby Prentice. “Partly that’s because they are not introduced as primary legislation but rather statutory instruments. Because they are not fully debated in the Dáil they wouldn’t get the same attention.”
McAleese sees four main areas that website operators need to concern themselves with in order to avoiding falling foul of the law — privacy statements, long-distance selling, data protection and terms and conditions.
While the Data Protection Commissioner’s office has published guidance on website privacy statements on its own website (]BOLD[www.dataprivacy.ie]BOLD[) McAleese says a good statement needs to cover the four Ws — Who, What, Why and Where.
“The who identifies the entity collecting the information,” says McAleese. “The what should cover the data being collected and should make a distinction between the obvious — where you fill out a form — and where the user may not be aware, for example through the use of cookies. Why is the purpose the information is being collected for and should protect against non-obvious users. The where should explain where the information is going and if it is going to be disclosed to other entities.”
While designers and user-interface experts may prefer that a privacy statement or terms and conditions are placed at the bottom of the page, the legal eagles stress they need to be visible and not just on the homepage of the site.
“The same applies to e-commerce,” says McAleese. “If the legal terms and conditions have not been brought to your attention they can affect your enforceability.”
E-commerce falls into the category of distance selling, ie the customer is not present at your premises when the purchase is made and so it has it’s own specific set of legal rules. This includes a seven-day cooling-off period during which time the purchaser has the right to return the goods in original condition for a full refund.
“The EU has been trying to harmonise the laws that apply,” says McAleese. “As an Irish company selling out of Ireland if you comply with Irish legislation that is by and large sufficient. But there are reservations in the directives that reserves the rights to member states so certain features could for example be subject to German law.”
By John Collins