site support navigationpage contentuseful information navigation
Lloyds TSB
Business banking > Guidance > Business guides > Legal > An introduction to Internet Law 

An introduction to Internet Law

This guide serves as an introduction to some of the key legal issues that apply to the Internet. However, many aspects of the law, particularly in relation to e-commerce, are still being developed and are subject to change. In most cases, you will need some legal understanding to help your online venture be successful. 

What are the risks?

Even if you’re only using a website to display your wares or collect data on your customers, there are legal implications. If you intend to trade on your website, and many companies with an online presence take up this opportunity, then the legal implications increase.

E-commerce is just like any other form of commercial activity and is largely bound by the same regulations and legal principles. This means it also carries the same penalties, if you break the law.

Just because the Internet is difficult to police, don’t assume it won’t be noticed if you flaunt the rules – where loopholes do currently exist, you can be sure there are people working to rectify the oversights.

Many Internet regulations exist to protect the rights of your customers. You ignore these at your peril because an Internet customer has great power at his or her fingertips. A poor experience on your website can quickly be publicised (e.g. through blogs) and materially damage your reputation.

It is vital that you:

  • Give one person in your company responsibility for complying with the legal requirements of having a website.
  • Don’t start trading online without seeking legal advice about your terms and conditions (discussed below).

Finally, the laws that govern the Internet are not international and you must at least abide by the laws of the country where your registered office is. You should also consider taking advice regarding any conflicting laws with other jurisdictions if any of your business comes from abroad.

What are the regulations?

Regulation of the Internet falls into two categories:

  1. Established laws – the rules of which can be applied to online activities.
  2. New laws specifically created to address Internet issues.

The laws that are most relevant to the Internet are:

The Data Protection Act 1998

This Act provides rules that apply to the processing of personal data. The term ‘processing’ in the Act has a very broad meaning and includes obtaining, recording and holding data which relates to or may identify a living individual, as well as organising, altering or disclosing such information.

The Act exists to protect the interests and wishes of the individual. The growth of e-commerce raises a threat to the ‘right to privacy’ of an individual because of the ease of data flow on the web. It is recognised that some data is usually considered more private than the rest and requires special protection. In practice, almost every business needs to register, including those that only deal in a business-to-business (B2B) environment. The other key principle is to ensure individuals consent to all the use you intend to make of their personal data.

The Consumer Protection (Distance Selling) Regulations 2000

These Regulations (derived from a European Directive) protect consumers against some of the risks involved in distance selling. The Directive aims to encourage and increase confidence among consumers and attempts to harmonise laws in the European member states. The Regulations cover any contract where the supplier and consumer don’t come face to face, which obviously includes telephone sales and mail order as well as e-commerce.

The Regulations specify that, prior to the conclusion of any contract, the buyer should be provided with certain information. This includes, for example, the identity and postal address of the supplier. You also need to provide a set of terms and conditions and clearly inform consumers of their rights under these Regulations, in particular the existence of a cooling-off period in respect of most contracts which allows the consumer to cancel the contract, return the goods and get his or her money back.

The Electronic Commerce (EC Directive) Regulations 2002

These Regulations (derived from a European Directive) apply to anyone providing goods or services electronically, particularly via a website. These Regulations apply both in respect of business-to-business (B2B) transactions as well as business-to-consumer (B2C) transactions.

The Regulations require that suppliers provide the customer with certain information (similar to the Distance Selling Regulations referred to above) but in addition, suppliers must inform customers of the steps needed to form a contract. Suppliers must also give customers an opportunity to amend any input errors prior to the placing of the order and provide the terms and conditions applicable to the contract in a downloadable form.

Some of the requirements of the Regulations may be contracted out of when dealing in B2B transactions, which is another reason why any business (whether dealing electronically or not) should have an up-to-date set of terms and conditions of business which apply to its contracts.

The Electronic Communications Act 2000

This Act gave legal validity to digital signatures and created a voluntary framework for providing encryption services.

The Privacy and Electronic Communications (EC Directive) Regulations 2003

These Regulations came into force in December 2003 and come under a European Directive of the same name. The Directive, among other things, has introduced new rules relating to the use of email and SMS messages for marketing purposes. It also regulates the use of devices used by websites to track users, eg cookies. The regulations in the Directive must now be taken into account when planning and designing a website.

How do I comply with the Acts?

The Data Protection Act 1998

Every data controller must notify the Information Commissioner and comply with the Act. Notification requires you to supply:

  • Your name and registered business address.
  • The name and address of a nominated company representative.
  • A description of the personal data being processed.
  • A description of the purpose(s) for which the data is being processed.
  • A description of the recipients the data will be disclosed to.
  • The names of countries that data will be transferred to that are outside the European Economic Area.

The Data Protection Act requires you to abide by eight principles. These insist that:

  • You process data fairly and lawfully with the express consent of the individual.
  • You obtain data only for specified and lawful purposes.
  • Data must be adequate, relevant and not excessive relative to your purposes.
  • You must not keep data for longer than is necessary.
  • You process data in accordance with the rights of the data subjects.
  • You take appropriate technical and organisational methods to protect the security of personal data.
  • You transfer data outside the European Economic Area only to countries with an adequate level of data protection.

Any business collecting personal data should be aware that the people they collect information about have greater protection under this Act than its predecessor. This protection includes:

  • The right to consent in advance to how any data about them is to be used (‘fair obtaining’).
  • The right to be informed whether a company holds data on him/her, what this data comprises and to see the data held.
  • The right to object to data being processed for direct marketing purposes.
  • Additional rights for sensitive personal data, e.g. data referring to racial/ethnic origin, political stance or religious belief.
  • The right to ensure that no significant decisions are taken based solely on the automated processing of data.
  • The right to destroy, erase or rectify inaccurate data.
  • The right to claim damages where loss is suffered as a result of any breach of the Act.

One way many businesses trading online ensure they are fulfilling the Data Protection Act’s requirement to obtain customer consent is to have a privacy policy published on their website. It is also a good way of getting customers and potential customers to view the company in a positive light by telling them how you are using and protecting their data, and what rights they have. A typical policy will include:

  • What categories of information you are collecting (e.g. name, email address, telephone numbers).
  • Why you want the information (e.g. for invoicing, delivery or marketing).
  • The way you will (and will not) use the information (e.g. to share information with contractors, not to sell to third parties).
  • The security measures you are taking to protect their data.
  • Your customers’ rights (e.g. to correct data).
  • Your company’s contact details.

The Consumer Protection (Distance Selling) Regulations 2000

These Regulations (again derived from an EU Directive) specify that prior, to the conclusion of any contract, the consumer must be provided with the following information:

  • The identity and postal address of the supplier.
  • A description of the main characteristics of the goods/services.
  • The price of the goods/services including all taxes.
  • Delivery costs and payment terms.
  • The existence of a right of cancellation (normally seven working days).
  • Statement about how long the offer price remains valid.
  • Information on complaints and after-sales services.

In addition, you should always state for your own protection that a binding contract is subject to confirmation and availability of goods. Many companies send an email to confirm the contract once they have checked availability.

The information your customers require should be included in your terms and conditions. There are a number of ways of informing your customers of your terms and conditions, but each carries different weight in legal terms and this needs to be balanced with the effect on the attractiveness of your site.

A simple reference statement that the contract is subject to your terms and conditions, hyperlinked to a page that displays them, is a popular choice because it doesn’t disrupt the website. However, a court might decide that the link does not do enough to draw the attention of the customer to the terms and conditions, and that, therefore, the terms and conditions are of no effect.

Placing all of the terms and conditions on the order page carries more legal weight but can look unattractive. In addition, the user remains passive as the site hasn’t actively demonstrated that he/she has read the terms and conditions.

A more effective legal method is to create a dialogue box. Here the customer is forced to review the terms and agree them through positive action (eg by clicking ‘I agree’). You would not need to prove that the customer actually read the terms and conditions but rather that, as part of the order process, the customer was required to, and was given a clear opportunity to review the terms and conditions, and this was actually confirmed by the customer. This method calls for the use of available website design methods to protect your commercial interests more effectively, without compromising the attractiveness of your website. Perhaps only first-time customers should be required to perform the full ‘review and click’ process as you can argue for subsequent visits that they are familiar with your terms and conditions. This really is a question each business must view individually in light of all the relevant circumstances to balance commercial viability with legal protection.

The Electronic Commerce (EC Directive) Regulations 2002

You should review the Regulations and ensure that the required information (most of which is required also under other legislation mentioned above) is provided to your customers in the required form, and that the necessary procedures (such as order amendment and downloadable terms and conditions) are complied with. It may be useful to review websites of reputable online traders to get a flavour for the impact these (and the other) Regulations have on websites.

The Electronic Communications Act 2000

You will need to seek professional help to allow your customers to benefit from the convenience of digital signatures. Many financial products including mortgages, loans and insurance policies can now be signed and sealed online.

Digital signatures require encrypted strings of information that can securely identify the sender of a message.

Other legal considerations

Intellectual property issues

  1. Copyright

    Existing English copyright laws apply on the Internet. If you are generating your own site content, copyright arises automatically without the need for any registration, but notifying your website visitors of your reserved rights will help you in any dispute (e.g. © Your Company 2005). Any content your employees create should already be covered by their contract of employment – which should transfer all intellectual property rights to the employer.

    If someone is designing your website for you, the intellectual property rights will usually remain with the designer. You should contract with your designer to pass those rights to you – or you may find you can no longer use your site if you terminate the contract with the designer. Similarly, software copyright is usually held by the supplier who simply licenses you to use it. If you have bespoke software made, ensure the rights are formally transferred to you.

    You must be careful not to breach anyone else’s copyright by using their material. This can even apply to sites to which you create a hyperlink – so make sure you get permission.

    If you are happy, or even keen, for your visitors to use, reproduce or adapt anything on your website, then make their rights clear by stating this.
  2. Domain names, trademarks and passing-off

    When you select your domain name, take care not to infringe someone else’s registered trademark by carrying out a trademark search. Register your own domain name as a trademark to stop others infringing your rights.

    The much-publicised practice of cybersquatting – registering a well-known trade name as a domain name then holding a company to ransom for it – is now illegal in many countries. In Britain judges have not viewed the practice very kindly and it is becoming a lot less common. 

    If your trademark isn’t registered, then you have to rely on the law of passing-off, where you can sue anyone taking advantage of the reputation you have built up by pretending to be you. It is much safer to register your trademark, because passing-off is very hard to prove.

    Finally, ensure any site visitors are aware of your registered trademarks. This should help deter people from infringing your rights.

Internet Advertising

All UK advertising is governed by industry self-regulation set out by the Advertising Standards Authority (ASA), which also covers Internet advertising. The ASA’s Code of Practice insists adverts must be legal, decent, honest and truthful.

There is also a good deal of relevant legislation for Internet advertising. Again, it mirrors that for traditional media and includes the Trades Descriptions Act and the Price Making Order. You must assume that any legal rules applying to printed material will also apply to your website, though it may not always be easy to apply them directly.

A major pitfall of Internet advertising is the many jurisdictions that can apply according to who will see your website. In general there should not be a problem unless you are directing your site or sales to people abroad. You must take legal advice on this subject, and may find you need to run a disclaimer saying an offer is only available to UK residents. Advertising laws are more stringent in some countries, e.g. in Denmark where no advertising is allowed to target children. You may also find that the sale you make to consumers abroad is subject to their local law, even if your terms and conditions apply to English law.

Links and Information

Websites

View the Acts of Parliament: www.opsi.gov.uk/acts.htm

Website for The Information Commissioner: www.ico.gov.uk

New Media Knowledge, a publicly funded business and management resource for companies and individuals working in new digital media: www.nmk.co.uk

 

Our service promise
We aim to provide the highest level of customer service possible. However, if you experience a problem we will always seek to resolve this as quickly and efficiently as possible. You can request a copy of our ‘How to voice your concerns’ leaflet from your business team or any branch. Our complaint procedures can also be found on our Contact us page.

While all reasonable care has been taken to ensure that the information in this business guide is accurate, no liability is accepted by Lloyds TSB for any loss or damage caused to any person relying on any statement or omission in this business guide. This business guide is provided for information only and should not be relied on as offering advice for any set of circumstances and specific advice should always be sought in each instance.

When using these services your agreement will be with the relevant third party and their terms and conditions will apply. Lloyds TSB shall not be responsible or liable to you for any failure by the third party to provide these services or in relation to use by the third party of any confidential information supplied to them by you.

Please contact your business team or branch if you’d like this in Braille, large print or on audio tape.

We accept calls made through RNID Typetalk.

Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.

Lloyds TSB Bank plc Registered office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 2065. Telephone: 020 7626 1500.

Lloyds TSB Scotland plc Registered office: Henry Duncan House, 120 George Street, Edinburgh EH2 4LH. Registered in Scotland no. 95237.
Telephone: 0131 225 4555.

Authorised and regulated by the Financial Services Authority and signatories to the Banking Codes.