A website is a good marketing tool for companies. Therefore, you undoubtedly want your website to look top-notch. However, appearance is not everything. Your website must also be legally compliant. The latter is apparently often overlooked. Ignorance? Nonchalance? Or a conscious choice?
The team of theJurists has been working on an “e-compliance” audit for the past few months. Approximately 500 websites were subjected to a basic inspection. Maybe your company received an email from us with an audit report. Spoiler alert! The results of the audit are disappointing: a vast majority of websites are still not legally compliant!
Why is this important? And what is required? And what are the findings of the study? We summarise it for you.
3 reasons to get your website legally in order
- Don’t let the FPS Economy block your webshop
Do you sell to consumers?
At its own initiative or following a complaint: the FPS Economy is very active in checking webshops. Infringements can lead to an official report and financial sanctions. In case of serious violations, you may even have to close down your webshop!
Therefore, make sure that you have properly applied all the obligations of the Code of Economic Law!
- Avoid negative publicity of privacy infringements
Placing cookies without explicit permission? No privacy statement or one that has been copied from the internet and therefore is not tailored to your situation in detail?
The GDPR’s playtime is long over. People are aware of their rights, and the regulator is cracking down.
You don’t want fines for something you can easily avoid, do you?
- Create trustwith your customers
Many of your customers are concerned about their privacy. Or they are coming into contact with your company for the first time via the internet. So they are a little on the wary side.
And just as you, as a business owner, aim for quality products or excellent services, you must also remember to handle these concerns with care.
Moreover, transparent legal documents provide a clear framework between you and your customers. This radiates professionalism and thus contributes to the trust in your company!
Which legal documents do you need?
In the e-commerce sphere, we traditionally focus on 4 sections. Each section stands for a certain type of document. And each document has its own purpose. For webshops, these are: a disclaimer, general terms and conditions of sale, a privacy statement and a cookie statement.
What exactly are these documents, and why do you need them?
As an entrepreneur, you must clearly identifyyourself. Your (business) name, address, company number, (contact) data, etc. Your customers and visitors must be able to consult these details easily. It is therefore best to bundle them in a disclaimer.
However, the use of a disclaimer is not limited to the identification and the mandatory information that goes with it. You can also use the disclaimer to regulate other, additional matters. Such as your liability for any mistakes on your website. Or the intellectual property of the pictures, texts and information that can be found on it.
General terms and conditions
General terms and conditions are written (standard) agreements that you make as a company without negotiating with the other party. The intention is that these conditions apply as a contractual framework for the execution of services or the delivery of products to your customers.
As an entrepreneur, you use them to strengthen your contractual position. However, you should avoid using unlawful clauses. In both B2C and B2B, certain disproportionate clauses are illegal or even null and void.
In a B2C relationship, you also have to take into account the rules of ” distance selling” when sales are made via the Internet (these are sales via webshops).
Individuals are becoming more concerned about their privacy and more aware of their rights. Why should this be different for your customers and visitors? When you start collecting personal datathrough your website, privacy, and more specifically the GDPR, is just around the corner!
Data. Isn’t that what every entrepreneur wants? Through a contact form. By subscribing to a newsletter. Through the form for a download of an e-book. And certainly when you ask for an address for the delivery of an order. As soon as you do any of these things, you need a privacy statement.
By the way, did you know that your visitors and customers do not have to agree to a privacy statement at all? It just has to be communicated to them.
A website without cookies? It is possible in theory, but in practice it rarely happens. For cookies, therefore, you have to take two things into account.
First of all, you can only place cookies when the visitor has given – correct – permission for this (with an exception for the strictly necessary cookies). This is done by means of a cookie banner or cookie pop-up.
Secondly, you must transparently provide the necessary explanation: which cookies you use, the purpose of these cookies and their retention period. You can use a cookie statement for this.
e-Compliance audit: e-Commerce obtains disappointing results
It is in our DNA: detecting legal business risks. And every time we come into contact with websites with our team, we see the same imperfections cropping up again and again. So it is time to take a structural approach and to document all of this.
Over the past few months, we have looked at 500 websites to see how they did with their legal foundations. Do they identify themselves in a transparent way? If they sell things, is it easy to find the terms of sale? And if they do have them, and they are selling to consumers, is the right of withdrawal properly regulated? Or the Online Dispute Resolution? And is it clear to the visitor how the company handles the collected personal data? And what about cookies?
We already mentioned it: our Belgian websites are not doing well. They often pay a large sum for a fantastic look-and-feel of the website, but the legal part is forgotten. Yet, it is at least as important!
What exactly are the faults or shortcomings we found in our audit?
Of course, the most obvious shortcoming is that your website does not have the documents listed above. Or that these documents cannot be found in a direct, easily accessible way.
However, just because your website has these documents doesn’t mean you’re OK. After all, the quality of those documents must also be considered.
In terms of substance, we did not make an in-depth study of this, but were nevertheless able to identify quite a few problems “at first glance”.
All in all, there were hardly any websites that we had no reservations about. And that is very worrying.
Lack of, or unclear general terms & conditions
Do you sell products or services through your webshop? And you don’t have any terms of sale? Not even when you sell to consumers? Unfortunately, from time to time we have come across this ….
But it is more complex than that. The provisions in your general terms and conditions may also be ambiguous.
This will be the case, for example, when they containcontradictions. This may be within the general terms and conditions, for example, when the clause on ‘distance selling’ contains different information from that on ‘right of withdrawal’. Sometimes the information is also contradictory between the general terms and conditions and the FAQ section on the website.
References to old legislation that no longer exists should also be avoided. Unfortunately, it happens all too often that we read: the Belgian law of 8 December 1992 on the protection of privacy in relation to the processing of personal data (Privacy Act). And a reference to theLaw on Market Practices and Consumer Protection of 2010 also dares to pop up once in a while.
Disregard of the right of withdrawal
When you sell to consumers, you are obliged to inform them correctly about the right of withdrawal.
However, phrases in the general terms and conditions such as “You have 14 days from the time of ordering to withdraw from the contract“, “You have 7 days from the time of receipt to return your order” or “Goods in sales cannot be returned” are completely wrong!
The failure to provide a model withdrawal form is also a violation of the rules of consumer law.
No Online Dispute Resolution (ODR)
If your web shop is aimed at consumers, it has been mandatory since 2016 to include a link to the European ODR platform.
ODR is an abbreviation for Online Dispute Resolution It is an Internet platform established by the European Commission with the aim of resolving disputes arising from e-commerce out of court.
Disregard of the legal guarantee
Recently, we wrote a blog about the reform and extension of the legal guarantee. As this legislation will only come into force on 1 June 2022, most general terms and conditions have not yet been adapted to it during the period of our research.
However, when do you make a mistake? For example, by saying the following: “There is an one-month guarantee“, “Complaints concerning a defective product must be made within 7 working days“, or also “In order to invoke the guarantee, the consumer must return the goods at his own expense“.
Privacy statement is absent or too vague
Sometimes there is simply no privacy statement.
But a privacy statement without mentioning the rights of the data subjects? Or without describing the legal basis of the processing or the processing purposes? That, of course, is inadequate.
Moreover, a privacy statement drafted around 2018 (the time of the GDPR’s entry into force) will today no longer comply with what is required by the Data Protection Authority (DPA).
Placing cookies without correct permission
The most frequent violations are currently related to cookies Almost all websites violate the basic rules for correctly obtaining consent!
For example, a website/webshop that does not give you a choice: “By surfing the website you agree to the placement of cookies“. Another problem is that consent for all categories of cookies is automatically checked. Or that the rejection button for cookies is much less obvious in the cookie banner than that of acceptance. The latter we call nudging.
What about the copycats?
Something we did not mention yet, but which also happens: copycats. If legal texts are already available, then we sometimes see the same texts pop up, with the same imperfections or errors…
However, there is no such thing as “one size fits all”. A copy/paste of an existing text therefore creates the risk of being completely beside the point. Just as your website is personalised in terms of content and reflects your preferences, this should also be the case for its legal framework. In addition, using specific documents and not copying them blindly is a sign of professionalism.
The webshop owner is obviously not (yet) losing any sleep over the lack of, or poor legal documents. A website that is fully legally in order seems to be a rarity.
Yet the impact is real, and the risk not merely theoretical. And yet you can do this for a relatively low cost. In doing so, you gain the trust of your customers, and you give yourself the peace of mind of knowing that you are not exposed to any sanctions from the FPS Economy or the DPA.
Does your company need such documents, or do you want us to update your existing documents with the most recent legal evolutions and obligations? Both in consumer law (B2C) and in general contract law (B2B) many new obligations and strictures have been added in the last year! And privacy law is also constantly changing! Contact us without obligation at firstname.lastname@example.org our experts will be happy to assist you!
Written by Chloë Vanderstraeten, Legal Adviser theJurists, and Kris Seyen, Partner theJurists