- Small business owners can't afford to run afoul of online business laws that are in place to protect consumers. Penalties run in the thousands of dollars.
- Collecting sales tax is a big area of concern for online merchants. The rules vary by state, making it cumbersome to manage without the help of software.
- Business owners must be careful when marketing to new and existing customers. If marketing emails violate provisions in the CAN-SPAM Act, you may be fined by the Federal Trade Commission.
- This article is for entrepreneurs who want to launch an online store or are in the process of starting an e-commerce business.
E-commerce platforms and online marketplaces make it easy to sell online, but e-commerce is more than uploading product pictures and accepting payments. There are laws and regulations you must follow, and if you run afoul of any of them, you could face serious legal and financial consequences.
What are online business laws?
E-commerce, or the buying and selling of products over the internet, has exploded in recent years as people across the globe become more familiar with this type of commerce and feel comfortable using it. That opportunity hasn't been lost on business owners who are increasingly selling their goods online with the help of e-commerce platforms and marketplaces.
Online shopping is regulated to protect customers, with safeguards in place to prevent consumers from deceptive marketing practices and data breaches. These legal rules are known as online business laws.
Though the laws about how your business engages in commerce online vary from state to state, there are also national laws and international regulations. The laws cover everything from taxes to privacy. Further, because of constant advances in technology, e-commerce laws are a work in progress.
Key takeaway: Online business laws govern how a business owner conducts business on the internet. These laws cover marketing, taxes, security and are ever-changing as technology evolves.
5 types of online business laws to be aware of
There are some e-commerce business laws that all online business owners must know. Here are the most important five:
1. Collecting sales tax
Death and taxes are life's two certainties. For online merchants, the latter gets extremely complicated when it comes to collecting sales tax.
"The No. 1 thing to think about is sales tax," said Lisa Lewis, a certified public accountant and the TurboTax blog editor. "It used to be you collect sales tax where your business has a physical presence. Now, states have the right to sales tax no matter if you have a physical presence in the state or not." States also get to set the rules on what to tax and when.
To prevent costly mistakes, Lewis said business owners must look at state sales tax on a state-by-state basis. One state may not expect sales tax unless the merchant exceeds a certain amount of sales, while another will expect it for even a single, small-dollar sale.
"It's extremely cumbersome. We're hoping the government streamlines it and has all 50 states change to a flat tax," said Mike Nunez, chief communications officer at Incfile. "You may have state, city and even county taxes. That's three levels of taxes you have to calculate."
The good news, however, is that software, POS systems and e-commerce platforms take the guesswork out of calculating sales tax. It's important for online merchants to take advantage of the software, since ignorance isn't a defense. When the Supreme Court issued its ruling in June 2018, Associate Justice (Ret.) Anthony Kennedy noted there is software available to help small businesses navigate the hurdles of collecting sales tax.
2. Privacy and data security
Protecting customers' personal information and ensuring your e-commerce site is secure is paramount. One data breach or hack is all it takes to destroy a small business. According to a National Cyber Security Alliance (NCSA) survey, 10% of small businesses that suffered a data breach went out of business.
E-commerce companies request and retain a lot of key customer data, including credit card numbers, personal contact information, bank account, and Social Security numbers, and, as such, should protect the privacy and security of the data.
While the U.S. doesn't have a federal privacy rule, such as Europe's General Data Protection Regulation, some states, including California, Maine, and Nevada, have passed laws. It's important that you adhere to best practices. One way to do that is to follow the FTC's "privacy by design" recommendations, which include the following:
- Privacy and security should be built into products and services from the beginning.
- Companies should only collect data they need for the business purpose and dispose of it once the transaction is complete.
- E-commerce sites should have reasonable security in place to protect consumer data.
- Data management personnel, procedures and controls should be implemented to protect customers' privacy.
3. Marketing infringement
The internet provides ample opportunities for businesses to market their products online, but certain rules must be followed. Online merchants, no matter how small, are subject to federal regulations when selling their products over the internet. Businesses can't make false claims about products and services, and they must disclose paid endorsements.
Passed in 2009 by the Federal Trade Commission, the act states that business owners may be subject to penalties of up $43,280 for each separate email violation. Under the CAN-SPAM Act, online merchants may be fined for the following:
- The email contains a deceptive subject line.
- The email contains false or misleading headers.
- Your email doesn't disclose that the message is an advertisement.
- The business doesn't divulge its location to e-mail recipients.
- The email doesn't instruct recipients how to opt out of receiving future emails.
- Your company doesn't honor opt-out requests within 10 business days.
- You fail to monitor the actions of an email marketing service your company has hired. (According to the FTC, "both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.")
In addition, online merchants must not infringe on trademarks or patents. "It's too easy for a small business owner to search for product images, download them, and use them on the website, but if that's copyrighted or trademarked now, you're in the violation of the law," said Nunez. "You can't use celebrities' likenesses, you can't use other people's trademarks or copyright. You have to be really careful to avoid that."
Further, added Nunez, if your business sells products that are geared toward children, you must take care not to violate the Children's Online Privacy Protection Act.
"You can't advertise to children, you can't try to convince children to buy something. You have to be careful targeting children," said Nunez. [Looking for tips to help you market your business online? Check out our marketing guide.]
4. PCI compliance
Implemented in the early 2000s by credit card issuers Visa, MasterCard, Discover, and American Express, the Payment Card Industry Data Security Standard (PCI DSS) is designed to protect consumers' payment data: An online merchant who accepts credit card payments must meet PCI standards when storing, processing and transmitting credit card data. The penalties for noncompliance include steep fines, and your merchant account agreement can be terminated.
5. Terms and conditions
An online store needs ground rules for its e-commerce site that are legally enforceable – that's where terms and conditions come in. They explain your policies for everything from your returns to shipping policies, and as such, may reduce your legal liability if there is a disagreement with a customer. The terms and conditions should include pricing and payment terms, as well as your company's policies for shipping, exchanges, returns, and order cancellations. It should explain the process for resolving a dispute. (You'll want to list your jurisdiction and liability limitations in the terms and conditions as well.)
Key takeaway: When selling online, your business must ensure it's collecting the right amount of sales tax for each state; emails must comply with FTC regulations, including the CAN-SPAM Act and, if applicable, the Children's Online Privacy Protection Act; you must be PCI compliant; and your website should contain terms and conditions that detail multiple policies and processes, including the dispute resolution process, for your business.