The legalities of owning a website

on 18th March 2013

(Last updated 9th February 2016)

Whilst having your own website is easy, few site owners are aware that there are actually quite a few rules and regulations that they need to abide by if they are not going to get themselves into trouble.

To avoid the potential of legal prosecution, here are 8 steps to keeping your website compliant with EU law (from the UK perspective). While this is not an exhaustive list, these are the major areas to adhere to and remain compliant with.

1. Company information

Normally found within a websites ‘about us’ section - all websites should display:

  • Business name
  • Place of registration
  • Registration number
  • Registered office address – not just a PO Box number
  • If the company is in the process of being wound up - liquidation

Don’t forget! Where an email is used to replace what would have been its paper equivalent, the mail should be presented in the same way – legal company name, logo, address and contact information.

2. E-Commerce

If your website also acts as an e-commerce shop, you must also adhere to the consumer protection regulations just as any real world shop would. You should have the following in place:

  • Terms and Conditions, Delivery information and Returns Policy clearly displayed.
  • If processing credit card and debit card payments – conform to the requirements of Payment Card Industry Data Security Standards
  • Where email databases of customers are kept – ensure you adhere to the EU Anti Spam laws.
  • Contact information such as phone number and email address.
  • VAT number if you are VAT registered.
  • Refer to trade or professional recognition schemes, with registration number, if applicable.
  • Provide clear information on price, tax and delivery.
  • Show clear Terms and Conditions and acknowledge orders

3. Web Accessibility

This is primarily about disabled users. Accessibility of the web means ensuring all who use your services aren’t unduly discriminated against. While not strictly part of statute, the UK Government has advised adhering to a set of priority checkpoints provided by The World Wide Web Consortium (W3C) who have produced a series of guides/recommendations on disabled Internet access.

The main principle remains the same as in the real world – just because your business’s shop happens to be online doesn’t mean you don’t have to provide disabled access to your virtual door and reasonable adjustments to the premises for disabled shoppers inside.

Examples of reasonable adjustments (or checkpoint priorities) can be found below:

  • Providing text equivalents for non-text elements like images, video, graphics, maps and symbols for the blind using braille screen readers or subtitles for the deaf and hard of hearing.
  • Provide an auditory description of the important information of the visual track of a multimedia presentation.
  • Organise documents so they may be read without style sheets. For example, when an HTML document is rendered without associated style sheets, it must still be possible to read the document.
  • Use clear simple language appropriate for the content.
  • A more extensive list of checkpoints is provided by W3C.

Whilst prosecutions for lack of accessibility are unlikely, a well built accessible website is good practice and many of the techniques are good solid SEO techniques, so worth applying.

4. Data Protection

Everyone in the UK has the right to know what information you are collecting about them as individuals and that the information is secure and handled sensitively. By simply collecting data from a form that asks for name, email or phone number, a Privacy Policy will be required to explain how the data is stored, processed, disclosed and destroyed inline with the legislation.

The Privacy Policy is usually found in the footer of the website alongside Terms and Conditions and sometimes incorporated into or alongside the websites Cookie Policy.

5. EU Cookie Law

Part of a websites data protection requirement includes gaining consent from the users to store ‘cookies’ on their web browsers.

A cookie is usually a small piece of data sent from a website and stored in a user's web browser while a user is browsing a website. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user's previous activity. For instance remembering which buttons you’ve pressed previously, login information and a shopping basket of items a user selected from an e-commerce site.

Cookies are also used to track users browsing behaviour from one site to another. These tracking and third party cookies are generally considered obtrusive to a user’s personal privacy and can compile large databases of very specific information about an individual user. For this reason, you must now:

  • gain consent from any user coming to your website before launching cookies (normally achieved by a consent checker)
  • update or add to your Privacy Policy to describe exactly what cookies are used on the website, what information is collected, stored and for how long.

The key requirement being that the information given is “clear and comprehensive information”

6. EU Anti-Spam Laws

The E-Privacy Directive prohibits the sending of unsolicited commercial communications by any electronic means such as email, fax, SMS and MMS unless the receiver has given their prior consent.

Compliance with the directive is reliant on having an opt-in and opt-out system. Meaning the user must give their consent by agreeing to accept emails/electronic communication from your organisation (by freely giving their contact details for instance) and thus opt-in. In return the organisation gives the user the option to opt-out of the correspondence at any point. This could be a link in an email to halt any further contact or simply providing contact details. 

7. Online Defamation

One of the more recent legal developments has been regarding online defamation. Until recent years there was an unfounded assumption that what’s written about you on the Internet didn’t matter. A culture of begrudging acceptance and endurance perpetuated with many simply stating “well… that’s the internet for you”.  Indeed the volumes of users who seek out and seem to enjoy upsetting others in such online discussion environments (forums, comments, social media) became so prolific to even produce a term for them; ‘internet trolls’.

In 2011 however the amount of defamation cases online doubled on previous years and demonstrates the extent of the cultural shift from the Internet’s infancy to now. This is hardly surprising with so many new ways to browse the Internet, its open to more eyes than ever before. Social Media advancements have created an environment where everything can be shared with millions instantly and (as is human nature) it doesn’t tend to be the nicest of comments that attract the attention.

As a Commenter

In the last few years the courts have seen case precedent set in online defamation cases that have resulted in the CPS producing a series of guidelines. It’s worth understanding what is considered to be a libellous comment, as quite a few people have over stepped the mark and got themselves into trouble.

Any communication that:

  • may constitute credible threats of violence
  • may constitute harassment or stalking
  • may amount to a breach of a court order

That it was more than:

  • offensive, shocking or disturbing; or
  • satirical, iconoclastic or rude comment; or
  • the expression of unpopular or unfashionable opinion about serious or trivial matters, or banter or humour, even if distasteful to some or painful to those subjected to it.

Or to put it another way – if you wouldn’t say it to your mother, you shouldn’t say it at all.

As a Website Owner

Most websites using commenting either in a forum or made active on individual articles/news items will usually mean the website owner controls what comments are allowed to show.

Commonly a user will submit a comment that’s then quarantined until the website owner sets it live on the website. In this circumstance where the website owner is actively monitoring and reviewing, they are considered to be a publisher. As such they are deemed liable (as any other publisher would) for allowing any libellous material to be published. The importance for the website owner is to be proactive and react to requests quickly.

A website owner will have a defence where:

  • he was not the author, editor or publisher of the statement complained of,
  • he took reasonable care in relation to its publication, and
  • he did not know, and had no reason to believe, that what he did caused or contributed to the publication of a defamatory statement.

Case Law

8. Fake Commenting

When it comes to buying online - other people’s opinions matter. The majority of sites that sell products and services online will have customer reviews of the product and the company themselves.

With such an open system it’s unsurprising that unscrupulous companies either pay others or post false positive comments in order to increase sales and reputation.

The EU Directive on Unfair Commercial Practices creates new protection for consumers against the practices of businesses and introduces a "general duty to trade fairly" for the first time in the UK. This makes any ‘faking’ of comments illegal and while difficult to regulate, individuals who make comments could be identified via their IP address and they and the site owner can be held responsible.

Hopefully this brief guide will ensure that you as a site owner do not fall foul of rules and regulations that govern what you are allowed to say, what you are not allowed to say and how you must conduct yourself as a website owner.