DISCLAIMER: These guides are for informational purposes only and do not constitute professional legal advice. Please consult independent legal advice for information specific to your country and circumstances. Shopify is not liable to you in any way for your use or reliance on these guides.
It’s almost always a good time to start an ecommerce business. The internet has connected the world and tools like Shopify make it possible for anyone to get started, regardless of technical skill.
But selling online comes with some complex legal issues. Each country and state has different laws, so knowing which ones apply to you is critical. Plus, ecommerce laws are fluid and subject to change. In order to reap the rewards of a successful online store, you need to stay informed to be able to protect yourself and your business.
Why it’s so important to understand ecommerce laws
Being aware of and obeying the rules that apply to you as an online business owner is an important aspect of running your shop. Knowing ecommerce laws is essential for protecting your brand and assets, as well as maintaining positive customer relationships.
Protect your customers
Ecommerce laws are ideally created to protect customers and businesses alike. Some laws help prevent identity theft, mitigate fraud cases, and generally keep customer data private.
And sometimes these laws are put in place to protect customers from businesses. For example, there are laws that prevent misleading and inaccurate advertising practices, as well as advertising to and collecting data from children. There are even laws that prevent businesses from processing unauthorized transactions, even if they have the consumer’s payment information.
Just like it’s important to protect your customers, you want to take safeguards for your business as well. There are many laws that protect a business’s right to do business in an honest way. For example, trademark, patent, and copyright laws exist to protect intellectual property and ideas.
Knowing the tax laws—including sales tax, import duties, and annual filings—protects your assets. And an understanding of employment and labor laws will help you avoid blowback for violation, not to mention ensure you’re treating your workers fairly.
Protecting your customers
Ecommerce laws to protect your customers typically touch the areas of personal data privacy, financial data security, and misleading business and advertising practices.
Keep personal data private and secure
As mentioned before, ecommerce laws are always changing, and this is especially so when it comes to data privacy. In many cases, legislation is still catching up with technology. But most state laws are tightening up their regulations and addressing consumer privacy concerns, as you can see in this graph:
We operate in a data-driven industry, so it’s important to make sure you’re collecting and managing data within legal bounds. Some key areas to keep in mind:
- Website tracking: While there’s no federal law mandating US online retailers to track website user data in a certain way, there are such laws in some states. California, for example, has one of the strictest policies: the California Consumer Privacy Act (CCPA). This law requires sellers to give shoppers the right to know what information is being collected and how it’s being used, delete their information, opt out of their information being shared or sold, and face non-discrimination when exercising these rights. Check your state(s) to see which laws apply. If you sell internationally, check out the European Union’s General Data Protection Regulation (GDPR).
- Email marketing: The Federal Trade Commission (FTC) passed the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) to cut down on unsolicited and spam emails. The law requires businesses to be honest and transparent in their emails, avoid deception, provide the business address, give recipients an option to opt out—and honor those requests, and monitor any email marketing activity provided by third parties.
Additionally, the FTC’s Children’s Online Privacy Protection Act (COPPA) prohibits businesses from tracking data from or about, and deceptively advertising to, children under the age of 13 years. Merchants selling children’s products will want to pay extra attention to this.
E-tailers in the health and wellness industry may also want to get to know the Health Breach Notification Rule. If you have any customer data pertaining to their health, you may be required to alert them if you fall victim to a data breach.
Additionally, the Red Flags Rule states businesses must provide a written Identity Theft Prevention Program to outline the steps to take to identify and handle suspected cases of identity theft.
Securely handle customer financial data
Financial data is right up there with personal data, and it’s extremely important to abide by any applicable laws. Security and payment breaches are a real threat. And about half of businesses are taking measures to protect themselves and their customers through cybersecurity plans.
While it’s not legally required to take such measures, a cybersecurity plan can help you prevent potential legal violations, not to mention financial loss and damaged customer trust.
One applicable ecommerce law is the Federal Deposit Insurance Corporation (FDIC)’s Electronic Signatures in Global and National Commerce Act (the E-Sign Act). It basically states businesses may use e-signatures if and only if the consumer agrees to it.
But ecommerce businesses should take it a few steps further than simply abiding by the E-Sign Act. It’s always best to take your fraud prevention measures.
One area to think about is your payment gateway and ecommerce payment processing provider. Though not technically a law, the Payment Card Industry (PCI) has a set of recommended security standards for businesses and financial institutions to follow. These standards are meant to encourage the development and “adoption of data security standards and resources for safe payments worldwide.”
You don’t need to worry about what those standards are, though. As an ecommerce entrepreneur, you can look for payment processors that are PCI compliant, so you know they know and abide by the regulations. For example, all Shopify stores are fully PCI compliant by default, helping you keep payment info and business data safe.
Provide quality products and service
Ecommerce laws don’t protect just customer data. They also protect consumers from falling victim to misleading or unethical business practices.
The FTC Act, for example, prohibits deceptive, misleading, and untruthful business and advertising practices. It also requires businesses to pay for any harm or damage caused by their products.
The FTC’s Consumer Review Fairness Act essentially ensures all customer reviews are honest and that businesses don’t prevent customers from leaving reviews if they choose. And the agency’s Mail, Internet, or Telephone Order Merchandise Rule requires merchants that sell via these channels to ship all orders within the advertised time frame, or 30 days if there’s no specified shipping time.
Protecting your business
Just like you need to protect your customers, you also need to safeguard your business from potential pitfalls due to misunderstanding the law.
See if you need to form a business entity
While registering your business isn’t necessarily required by law, it’s certainly a good step to take to protect your business. If you don’t incorporate, you’ll operate as a sole proprietorship by default.
A sole proprietorship is different from an LLC and other business structures in that it’s less formal, puts your personal assets at risk, and has different limitations when it comes to business growth. For example, once you partner with someone or make your first hire, you’ll have different tax obligations—and may need to register as a different business type. It’s always best to consult qualified legal counsel in your state(s) to find out which laws apply to you.
In some cases, you may also need a business license to legally operate. This mainly applies to specific industries, such as alcohol or agriculture. You may also require a special license if you’re starting a reseller business.
Ensure you’re collecting the proper taxes
Most states, and many local jurisdictions, have specific sales tax laws that apply to ecommerce businesses. If you sell internationally, you’ll also be required to account for import duties and taxes. The International Trade Administration has an FTA Tariff Tool to help you estimate your obligations.
It’s important to know the relevant laws so you understand when and how you can legally pass taxes on to customers—and when it’s a financial burden of your own. Understanding these laws helps you price products so you still earn a profit on each sale.
You’ll also want to stay apprised of business tax deadlines. Business taxes work differently than personal taxes, so you’ll need to understand your obligations. Many states, for example, require quarterly tax payments from businesses.
Register trademarks and patents
You may consider filing for a trademark or patent for your business, products, and any associated creative property. Trademarks and patents protect your ideas from being copied by competing businesses. It’s a great way to protect your brand identity in a competitive landscape.
Understand restrictions around the products you sell
Some products have strict legal requirements around shipping, particularly when exporting goods. If you’re shipping internationally, pay extra attention to these laws. Alcoholic beverages, nail polish, perfumes, and CBD products are just a few examples of items with specific legal restrictions when it comes to shipping, both domestically and overseas.
Though not legal requirements, per se, you’ll also want to check with your shipper to see what additional restrictions they have.
Find out if you need business insurance
Business insurance is another area where the legal bounds get a bit blurry. However, if you have employees, you’ll likely need to invest in workers’ compensation, unemployment, and disability insurance. These are all meant to protect your staff—and your business—in case of emergencies such as on-the-job injuries.
While insurance isn’t always required—especially if you don’t have staff—it’s often a good idea. Many ecommerce businesses purchase insurance policies for property damage and liability claims by choice.
Property damage policies will protect warehouses, physical products, office spaces, and any other physical property owned by your business. This extends to your retail store, if you have one. Liability insurance policies will help with any potential legal fees for any lawsuits your business may face.
Always seek professional ecommerce legal advice
Remember, this post isn’t meant to be official legal advice. No two businesses are the same, and as laws change and borders are crossed, it becomes more complex to navigate yourself. It’s always recommended you seek guidance from a trained, licensed professional who can help you ensure all your bases are covered for your unique situation.
Shopify’s platform makes it easy to securely manage payments, customer data, and other important information relating to your business.
Ecommerce laws FAQ
Do I need to start an LLC for my ecommerce business?
No, you don’t need to start an LLC for your ecommerce business. It’s a good idea to familiarize yourself with the different business types and then file as the one that makes most sense for your unique business.
Which laws and regulations might affect your ecommerce business?
- CAN-SPAM Act
- FTC Act
- Consumer Review Fairness Act
- Sales tax laws
What do ecommerce businesses need to know about consumer protection laws?T
Ecommerce businesses need to know about consumer data privacy laws and regulations around handling customers’ financial information.
Why is privacy important in ecommerce?
Privacy is important in ecommerce to protect consumers and businesses alike from potential fraud, identity theft, and more.
What actions should ecommerce managers take to safeguard consumer privacy and security?
Ecommerce managers should understand and follow consumer data privacy laws, as well as use PCI-compliant technology and tools like Shopify.