Compliance with European Law by Online Businesses Not only national laws, you have to follow European laws as well.
Opinions expressed by Entrepreneur contributors are their own.
You're reading Entrepreneur Europe, an international franchise of Entrepreneur Media.
Online business or electronic commerce (e-commerce) is a reality in our daily life and therefore an interesting option to start or expand one business. But just as in a regular business, where its owner must follow the local legislation regarding taxes to pay, labor rights and so on, in the online environment one also has many rules to comply with.
The European market is one of the biggest markets worldwide with more than half a billion potential consumers. But it has a peculiarity. To start an online business in a country that is a member of the European Union, not only the national laws are to be observed, but also the European Law.
The European Law is made of Regulations and Directives that are applicable in all its member states. And some of these legislations are specific to online business, especially the E-Commerce Directive (Directive 2000/31/EC) and the GDPR- General Data Protection Regulation (Directive 2016/679).
E-commerce Directive:
The basic principle observed in these directives is that consumers must be well informed about the details and functioning of the online business in question. The E-Commerce Directive establishes that it must be clear to users the name, the geographic address and the email of the service provider, besides other information that can be specific from every different business (for example, if it concerns regulated professions, the institution where it is registered).
GDPR:
The GDPR is applicable when there is the processing or controlling of personal data. For example, when the service provider has the register of the user, and therefore his name and e-mail address- and his payment details. In cases as such, it is important to the e-commerce to have a privacy policy, containing the identity and contact details of the data controller (and of the data protection officer, if the company has one), where the processing of such data is based and the purpose of the process.
Of course, the online business must not only have a privacy policy but also must adopt the right measures to protect the privacy and data of its consumers. In case of a data breach, the fine can be high (up to 10 million euros). Therefore, it is important to invest in the security of the business, regarding its user's data.
Consumer Rights Directive:
As we can see so far, the European Law is very much concerned with the consumers. Thus, there is also the Consumer Rights Directive (Directive 2011/83/EU), which has specific provisions on distance and off-premises contracts, or contracts in the online environment.
The mentioned Directive establishes the information that must be present in these contracts and also the formal requirements of them. As each business is different, those requirements change from business to business. Therefore, it is important to draw the contract for each specific business.
In conclusion, the European Union has laws that apply to online business in all member states. These laws create obligations not only regarding legal aspects, such as contracts formalities and privacy policies but also regarding technical measures, as what must be informed to users and measures regarding cybersecurity.
Therefore, to have a functioning online business in Europe, that complies with the Union rules, it is important to consult professionals of the areas mentioned, so they can check if the business complies with the legislation in question and make the necessary measures to adjust it to the European standard.
Collaborated with Estela Schmidt who is a Brazilian lawyer, with a masters degree in European and Transnational Law of Intellectual Property and Information Technology by the University of Göttingen, Germany.