Legalease Home page
Selling and marketing


Electronic Commerce (e-commerce)

In this section:

1. Introduction to e-commerce regulation
2. Information service providers
3. Information society service
4. Information to be provided by providers
5. Commercial communications
6. Trading disclosures
7. Provision of Services Regulations
8. Information tobe provided where contracts are concluded by electronic means

9. Storage of cookies
10. Enforcement: civil; criminal

1. Introduction

1.1 “Electronic commerce” in this context refers to the marketing and selling of goods and services wholly or partly by electronic means, i.e. the internet and email. Due to the special characteristics of electronic commerce (“e-commerce”), chiefly speed, lack of physical presence and anonymity, special regulations have developed.

1.2 Compliance with the law is not made easy because there is a patchwork of regulations which overlap, including:

* Consumer Protection (Distance Selling) Regulations 2000 (“DSR”)

* Electronic Commerce (EC Directive) Regulations 2002 (“ECR”)

* Provision of Services Regulations 2009 (“PSR”)

* Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”)

* Companies Act 2006 disclosure regulations

Broadly, the DSR apply to “distance” (online or off-line) supplies to consumers; the ECR apply to e-commerce sales and commercial communications online to businesses and consumers; and the PSR and Companies Act disclosure regulations apply to business communications (off-line and in certain cases online) both to consumer and business customers.

The PECR in this context deal chiefly with marketing communications, see the section on Marketing and advertising regulation. However, the placing of so-called “cookies” on customers’ computers is also regulated by PECR.

1.3 There are separate sections within the Selling and Marketing law part of this site dealing with the DSR and PSR. However, for completeness relevant parts of these regulations are mentioned in context below.

1.4 If you are selling to consumers using e-commerce means, you will need to comply with the DSR – see the separate section Sales to consumers: distance and online.
The issue of adding extra charges to the price for debit and credit card transactions and other practices is particularly relevant to e-commerce; see Advertising to consumer regulations and unfair commercial practices.

1.5 Suppliers should also bear in mind the general law about the sale of goods and supply of services, and marketing laws. With regard to terms and conditions of sale, suppliers using e-commerce methods need to be particularly careful about the process used to lead to a binding contract, in order to avoid problems such as pricing errors.

1.6 Help and guidance: how do companies and unincorporated businesses comply with all these overlapping regulations as well as the general law? Contact Legaleze for advice on e-commerce and website compliance.

Further reading:

Distance selling generally: Business Companion

Regulation of cookies: ICO guidance

What's new

06/04/2018 ICO fines Royal Mail Group for sending marketing emails

The Information Commissioner’s Office (ICO) has fined the Royal Mail Group Ltd £12,000 after sending emails to over 320,000 people, despite those people opting out of receiving direct marketing and not consenting to those emails being sent.

Royal Mail Group stated that its emails were detailing a price drop for parcels and were concerning a service, but ICO found that the emails constituted marketing, which breaches regulation 22 of the Privacy and Electric Communications Regulations. ICO has published guidance for companies carrying out marketing, which outlines the circumstances in which companies may market over the phone, by text, by email, by fax or through the post.

2. The Electric Commerce Regulations and Information service providers

2.1 The Electronic Commerce (EC Directive) Regulations 2002 (SI 2002 No. 2013) (“ECR”) came into force on 21 August 2002 (regulation 16 on 23 October 2002). The regulations implement the EU Directive on electronic commerce (Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market) (“the E-commerce Directive”).

Read more> E-commerce directive background

2.2 B2B and B2C: the ECR apply to supplies to businesses and consumers.

2.3 Who must comply?: The regulations apply to any provider of an 'information society service' (see 3. below) established in the United Kingdom irrespective of whether that information society service is provided in the United Kingdom or another member State.

2.4 Non-UK providers: if they have a fixed establishment in the UK, non-UK providers are subject to the same laws and regulations as are applicable to UK based providers, whether general or specific to the particular service. This does not apply to laws and regulations applicable to goods or to services not provided by electronic means.

2.5 The ECR do not apply to any law made after 30 July 2002 unless specifically stated in any amendment to the regulations. To date, certain copyright laws have been applied and the Tobacco Advertising and Promotion Act 2002.

3. Definition of an Information society service

3.1 The ECR apply to a person providing an “information society service”. This is defined in the Directive as:
“ any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service”
Legaleze comment: the extent of this definition is not immediately obvious. The E-commerce Directive states that information society services “span a wide range of economic activities which take place on-line”. Examples given in the Directive include:
* Selling goods on-line [even though the definition refers to “services”]
* Services which are not remunerated by those who receive them, such as those offering on-line information or commercial communications, or those providing tools allowing for search, access and retrieval of data
*  Services consisting of the transmission of information via a communication network, in providing access to a communication network or in hosting information provided by a recipient of the service [online newspapers are included
*  Services which are transmitted point to point, such as video-on-demand or the provision of commercial communications by electronic mail

3.2 The following services are excluded from the Directive’s definition of information society services:
* Delivery of goods as such or the provision of services off-line
* Television broadcasting within the meaning of Directive EEC/89/552 and radio broadcasting are not information society services because they are not provided at individual request
* The use of electronic mail or equivalent individual communications for instance by natural persons acting outside their trade, business or profession including their use for the conclusion of contracts between such persons
* The contractual relationship between an employee and his employer
* Activities which by their very nature cannot be carried out at a distance and by electronic means, such as the statutory auditing
* Activities of a public notary or equivalent professions to the extent that they involve a direct and specific connection with the exercise of public authority
* Representation of a client and defence of his interests before the courts
* Betting, gaming or lotteries which involve wagering a stake with monetary value

4. Information to be provided by an information society services provider

A person providing an information society service must make available to the recipients of the service (and any relevant enforcement authority) in a form and manner which is easily, directly and permanently accessible, the following information:

4.1 The name of the service provider.
[Note:  see also Disclosure of by companies and unincorporated businesses in 5.1 and 5.2 below].

4.2 The geographic address at which the service provider is established
Note: the PSR require service providers in addition to provide their “official address” i.e. an address, such as the registered office of a registered company, which the business must maintain by law in order to receive notices and other communications.

4.3 The details of the service provider, including his electronic mail address, which make it possible to contact him rapidly and communicate with him in a direct and effective manner
[Note: the PSR in addition require service providers to give a telephone number, as well as a postal address, fax number or email; address, to which a recipient of the service may send a complaint or request for information].

4.4 Where the service provider is registered in a trade or similar register available to the public, details of the register in which the service provider is entered and his registration number, or equivalent means of identification in that register
Legaleze comment: the concept of a “trade register” comes from the commercial register in which some European jurisdictions require businesses engaged in commerce to register. If probably refers to an official register rather than yellow pages or other trade directory.

4.5 Where the provision of the service is subject to an authorisation scheme, the particulars of the relevant supervisory authority.

4.6 Where the service provider exercises a regulated profession:
(i) the details of any professional body or similar institution with which the service provider is registered;
(ii) his professional title and the member state where that title has been granted; and
(iii) a reference to the professional rules applicable to the service provider in the member state of establishment and the means to access them.

4.7 Where the service provider undertakes an activity that is subject to value added tax, the relevant identification number.

4.8 Prices: where a person providing an information society service refers to prices, these must be indicated clearly and unambiguously and, in particular, must indicate whether they are inclusive of tax and delivery costs
[Note: under the PSR, a service provider must in addition inform a recipient of the service of the price of the service if it is pre-determined.]

5. Commercial communications

5.1 Commercial communications must contain certain information set out in the Ecommerce Regulations. A “commercial communication” means a communication, in any form, designed to promote, directly or indirectly, the goods, services or image of an information society service provider [e.g. “spam” email].

5.2 Exceptions: excluded from the requirements are communications:
(a) consisting only of a geographic address, a domain name or an electronic mail address; or
(b) relating to the goods, services or image of the service provider provided that the communication has been prepared independently.

5.3 A service provider must ensure that any commercial communication provided by him as part of an information society service must:
(a) be clearly identifiable as a commercial communication;
(b) clearly identify the person on whose behalf the commercial communication is made;
(c) clearly identify as such any promotional offer (including any discount, premium or gift) and ensure that any conditions which must be met to qualify for it are easily accessible, and presented clearly and unambiguously; and
(d) clearly identify as such any promotional competition or game and ensure that any conditions for participation are easily accessible and presented clearly and unambiguously.

5.4 Unsolicited commercial communications: a service provider must ensure that any unsolicited commercial communication sent by him by electronic mail is clearly and unambiguously identifiable as such as soon as it is received.

6. Trading disclosures

6.1 Disclosures by companies: under separate regulations, every UK registered company (and limited liability partnerships) should list on its business letters, order forms and website its:
* name;
* company registration number;
* place of registration; and
* registered office address.

(The Companies (Trading Disclosures) Regulations 2008 regs. 6-7 & the Limited Liability Partnerships (Application of Companies Act 2006) Regulations 2009 reg. 14)

6.2  Disclosures by sole traders and partnerships: sole traders and partnerships who carry on a business in the UK under a business name different from the surnames of the trader/partners (with or without first names or initials) must also state on business letters, written orders for goods or services to be supplied to the business, invoices and receipts issued in the course of the business, and written demands for payment of debts arising in the course of the business [websites are not mentioned specifically in this context]:
*  in the case of a sole trader, the individual’s name
* in the case of a partnership, the name of each member of the partnership

Note: the PSR require service providers to inform recipients of their “legal status and form”. Legaleze comment: in the context of UK law, it is this could be “sole trader” or “partnership”

6.3 In either case, in relation to each person named, an address in the UK at which service of any document relating in any way to the business will be effective.

6.4 Large partnerships exemption: a partnership of more than 20 persons is exempt subject to certain conditions as follows:
*  the document states in legible characters the address of the partnership's principal place of business and that the list of the partners' names is open to inspection there
* it maintains the list of partners’ names at its principal place of business a list of the names of all the partners
* any person may inspect the list during office hours
(Companies Act 2006 ss.1200-1206)

7. Provision of Services Regulations

7.1 The PSR require most providers of services (with some exceptions) to provide recipients of services with certain information before the service is provided, and to provide additional information on request (see the section on the Provision of Services Regulations). This requirement is not confined to e-commerce but to all forms of delivery of the service.

7.2 Dispute resolution procedure: another PSR requirement applies if a service provider is subject to a code of conduct or trade/professional body which provides for a dispute resolution procedure (e.g. arbitration or mediation) outside the normal court process. In this case, the service provider must inform recipients of the service of this fact and how to access detailed information about that procedure.

7.3 Other relevant PSR requirements are mentioned above in context in 5.2 above and 7.2 below.

8 Information to be provided where contracts are concluded by electronic means

8.1 The Ecommerce regulations require the service provider to give certain information when the supply contract is to be made by “electronic means” [in practice this means by internet because contracts concluded exclusively by exchange of electronic mail or by equivalent individual communications are excluded].

8.2 Prior to an order being placed by the recipient of a service:  the provider must provide to that recipient in a clear, comprehensible and unambiguous manner the following information:
* the different technical steps to follow to conclude the contract;
* whether or not the concluded contract will be filed by the service provider and whether it will be accessible;
* the technical means for identifying and correcting input errors prior to the placing of the order;
* the languages offered for the conclusion of the contract;
* which relevant codes of conduct he subscribes to and give information on how those codes can be consulted electronically;
* allow the recipient a means to store and reproduce any terms and conditions of the contract.
[Note: the Provision of Services Regulations require a service provider in addition to inform recipients of the service of any contractual terms concerning the competent courts or the law applicable to the contract, and any after-sales guarantee offered in addition to legal rights.
[Legaleze comment: although the terms and conditions will normally include this information, it is advisable to provide this information as a separate item].

8.3 On receipt of an order from the recipient:  a service provider must:
* acknowledge receipt of the order to the recipient of the service without undue delay and by electronic means; the provision of the service is itself a sufficient acknowledgement
* make available to the recipient of the service appropriate, effective and accessible technical means allowing him to identify and correct input errors prior to the placing of the order.

8.4 Business to business supplies: it is possible to exclude the above requirements by agreement in the case of supplies to non-consumers.

9. Storage of information on customers’ computers/”Cookies”

8.1 The Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”) were amended in 2011 to introduce a requirement to obtain customers’ informed consent  in order to store or access information on the customers’ computers. This is commonly done by the placing of small text files (so-called "cookies") on the computers of website users in order to facilitate or speed up functionality of online communication (see regulation 6 of PECR as amended).

9.2 The change was introduced into UK law following changes to the “parent” EU legislation.
(Articles 2 and 3 of Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation  etc.) .

9.3 Information may not be stored or accessed on customers’ computers unless the customer::
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent].

9.4   The consent may be signified by a customer who amends or sets controls on the internet browser which he uses or by using another application or programme to signify consent

9.5 Note that the customer must be given “clear and comprehensive information about the purposes of the storage of, or access to” the information, otherwise the consent will not be effective.

9.6 Advice on how UK businesses can comply with the new regulations on the use of cookies technology has been published by the Information Commissioner’s Office

10. Enforcement:

10.1 Civil enforcement:

10.1.1 The duties to give information as set out in 7.2 and 7.3 may be enforced by the recipient by a legal action against the service provider for damages for breach of statutory duty.

10.1.2 If the service provider fails to allow the recipient a means to store and reproduce any terms and conditions of the contract (see 7.2), the recipient may obtain a court order requiring compliance.

10.1.3 If a recipient entered into a contract to buy, but the service provider failed to make available to the recipient of the service appropriate, effective and accessible technical means allowing him to identify and correct input errors prior to the placing of the order (see 7.2), the recipient may ask the court to rescind (cancel) the contract unless the court decides it would not be appropriate.

10.1.4 If he feels that the “collective interests of consumers” may be harmed by an infringement of the ECR or PSR, the Director General of Fair Trading may apply to the court for a “Stop Now” order against a service provider to stop further infringement.

10.1.5 If a supplier tries to enforce a contract made at a time when it had failed to make the required disclosures on business documents (see 5), the defendant may have a defence to the claim in certain circumstances, if he shows that:
(a) he has a claim against the claimant arising out of the contract that he has been unable to pursue by reason of the latter's breach of the disclosure requirements; or
(b) he has suffered some financial loss in connection with the contract by reason of the claimant's breach of those requirements;
unless the court is satisfied that it is just and equitable to permit the claimant’s action to continue.

10.1.6 A customer or any person who can prove damage caused by a breach of the PERC regulation requiring consent to use of cookies etc. (see 8 above) has the right to claim compensation. However, there is a defence to such a claim if the seller or person who broke the regulation can prove he took such care as was reasonably required to comply in all the circumstances.

10.1.7 The Information Commissioner may serve an enforcement notice requiring compliance with PERC.

10.1.8 The Information Commissioner may impose a monetary penalty on a person in breach of PERC in a serious case in the same way as a breach of the Data Protection Act (see section on Data Protection)

10.2 Criminal enforcement:

10.2.1 There are no criminal penalties for infringement of the ECR or PSR.

10.2.2 Failure by a company or unincorporated business to comply with the trading disclosure regulations (see 5) is an offence punishable on summary conviction to a fine not exceeding level 3 on the standard scale; and  for continued contravention, a daily default fine not exceeding one-tenth of level 3 on the standard scale. This offence carries Director’s criminal liability.
(The Companies (Trading Disclosures) Regulations 2008 regs. 6-7 and Companies Act 2006 s.1205)

10.2.3 Failure to comply with an enforcement notice from the Information Commissioner (see 9.1.7) is an offence punishable by a (unlimited) fine. There is a defence  if the accused can prove that he exercised all due diligence to comply with the notice in question. This offence carries Director’s criminal liability.

[Page updated: 10/04/2018]


<Back tto Selling and marketing

More information>

The basics: contract for sale
Legal tender
Limitation and exclusion clauses
Sale of goods
Supply of services
Inertia selling to businesses
Sales to consumers
Unfair terms
Sales to consumers, distance selling
Doorstep selling
Marketing and advertising regulation    introduction
Advertising Codes
Advertising to businesses and    comparative advertising
Advertising to consumer regulations
Approved trader schemes
Direct marketing by telephone, email,    text message, fax and post
Data protection in relation to marketing