We asked three experts from Michalsons law firm to share the most important legal considerations for online businesses. Here’s what they had to say.

You’ve come up with your online business idea and planned your product or service offering. Good work! Now it’s time to think about the laws that may affect you.

Despite the boom in online business over the last decade, many people still aren’t comfortable with buying goods or services online. The crucial reason is that consumers find it difficult to trust online businesses because of fears about privacy and security. 

Across the globe, regulators have stepped in to create trust by enacting various laws that protect consumers and regulate online businesses. We believe that building a good online business and brand means considering all the relevant legal aspects.

Types of online businesses

Understanding how you relate to your customers is the crucial first step in building your online business. Before you think about contracts, it’s essential to understand precisely what type of relationship you have – and what responsibilities.  

A clear understanding of the relationship will help you focus on the laws, contracts, and general considerations that are relevant to your business.

There are various different types of online businesses, each with different responsibilities.

  1. An online store may sell physical goods. For instance, Plant Gardening Supplies provides delivery of seedlings to gardeners at home. They deliver the seeds either through couriers from their physical store or directly from the supplier via dropshipping.
  2. An online service might provide bespoke consulting services over the internet. Leaf Gardening Consulting is a business that provides bespoke gardening advice to their users over video conferencing software like Zoom.
  3. An online platform may take the form of a marketplace. Like Lotus Garden Planner, a marketplace that connects gardeners with landscapers.

Legal terms

There is no all-purpose solution for legal terms, primarily because of how unique and intricate your relationships might be. That said, there are a few standard business models that can benefit from the same general kinds of legal terms. You will need to get specific guidance on how to tweak those terms for your use.

The most common legal terms that online businesses use are:

  • Terms of use: the simple terms and conditions that cover people who visit your website, before they become your customer.
  • Terms of service: more complex terms that cover the legal relationship between you and your customer.
  • Orders: a separate document or web form that covers the specific commercial terms relating to a transaction, and that incorporates the terms of service by reference.

Acceptable use

Acceptable use policies are recommended for any online business that has a social component. This component could be a feature of your service (for example, where users can interact with each other), or a community group on a third-party social media platform. This policy describes the way that your customers are (and are not) allowed to engage with your service. It sets clear rules of engagement, preventing unwelcome content like hate speech or discrimination. Describing and enforcing these rules is an important legal consideration.

Privacy

Privacy is the set of obligations that businesses have to protect personal data from unwanted observation or disruption, among other things. The customer’s privacy should be front and centre for online businesses and fully compliant with the privacy laws (the GDPR in the EU and POPIA in South Africa). If South African online businesses are trading internationally and processing the data of EU-resident data subjects, they will have to comply with the GDPR as well as POPIA.

Privacy policy

Even the most simple online store collects a name, email address, and physical address to process an order. This collection includes personal data which the law requires you to protect and process lawfully. A privacy policy lets your customers know that you are protecting their personal data, and legitimises your online business.

Cookie policy

Cookies are small text files that websites put on your device to track you. They’ve been around for a long time, but there has recently been a high-profile law in Europe that regulates how they work in the form of the PECR or ePrivacy Regulation. These laws oblige websites to get consent to put cookies on your customers’ machines. This is usually in the form of a pop-up or a notice letting visitors to your website know that cookies are being collected.

PAIA manual (Promotion of Access to Information Act)

South Africa’s access to information law defines how people can get information from your organisation. Large businesses require a PAIA manual to set out this process and establish the role of the information officer. Smaller businesses do not – find out if you’re exempt here.

Data processing agreements

Data processing agreements are relevant because your organisation is not an island. You are often processing personal data together with other organisations. Data protection law generally requires a data controller to enter into a written agreement with their processors to regulate how they process personal data on their behalf. Precisely what that agreement contains depends on the relevant data protection law. POPIA requires that the processor follow the controller’s instructions and secure the personal data they process on their behalf against unauthorised access.

Security

Security is another critical issue for online businesses. It’s essential to have the necessary safeguards in place to keep your systems and data free from danger, threat or harm. Here are a few do’s and don’ts for password management, and how to prevent your website from being hacked.

Returns and Refunds

A returns policy is most necessary where you are an online store selling physical goods to consumers. The CPA and ECTA give consumers a variety of ways to return goods. A policy acknowledging these helps to build trust with your customers and avoids unnecessary arguments. 

Marketing

Direct marketing includes email newsletters or SMS messages. An important thing to remember is that a business can currently send direct marketing messages to prospects in South Africa, provided that they give them an opportunity to opt-out. This position will change since POPIA has commenced. We now move to an opt-in regime where your business will have one chance to ask someone whether they want to hear about your goods or services and you’re only allowed to market to them if they expressly consent to you doing so.

Now that you understand some of the legal considerations for your online business, you can make any necessary changes to ensure you are doing all you can to empower your small business for success.

About the Authors

Associate David Luyt is a POPI professional, electronic signature expert, and online business aficionado.

Associate Kevin Hoole specialises in creative problem solving, information technology contracts and intellectual property law.

Candidate Attorney, Nathan-Ross Adams is a creative thinker with commercial experience in the software and advertising industries.