Legal Obligations for eCommerce Shops Selling to International Clients

eCommerce stores selling to international clients must know that their business will also be subject to the laws of the other jurisdictions their products reach. Therefore, overseas customers could sue the online seller in their country of residence.

However, an international seller based in the U.S. must also know all the federal, state, and other jurisdictional laws and regulations that apply to the business for selling to consumers out of their home state.

eCommerce Businesses and U.S. Federal Laws

Every business in the U.S., including web-based ones, must comply with U.S. federal law, no matter where their clients live. Likewise, non-U.S. companies selling to people in America must also comply with federal regulations.

Some examples of the laws that businesses should comply with include:

  • The CAN-SPAM Act requires the firm to label unwanted emails and prohibits the use of deceptive subject lines and false headers
  • The Children’s Online Privacy Protection Act applies to websites directed to children under age 13 and requires specific privacy notices, parental consent, and several other precautions
  • The Gramm-Leach-Bliley Act specifies how to deal with web-based financial services
  • E-sign concerns the use of electronic signatures

eCommerce – State and International Laws

Like a brick-and-mortar store, every eCommerce business must follow the state’s laws. In addition, the company must also follow the regulations of the state its customers reside in, including those concerned with data collection.

One example is if the business sells to customers in California, it must be aware of the anti-SPAM law effective since 2004 and the privacy law requiring all commercial websites or online services to comply with the state’s privacy policy. The same applies to international clients – companies must identify the information they collect and who they share it with by clearly posting a privacy policy online according to the country’s regulations.

Privacy Directives for the European Union

Since late 2002, the European Union adopted its privacy directives governing the distribution of unsolicited emails and the transfer of personally identifiable customer data. In addition, some European countries apply similar laws on a local level.

Privacy Laws in Canada

Federal and provincial law in Canada is strict regarding collecting, using, and disclosing personal information for commercial services. For example, the country’s laws define all information as personal, except for business contact details and other publicly available information, as confidential. In addition, any business selling goods or services to Canadian citizens must get client consent before collecting, using, and disclosing personal information.

Therefore, under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), organizations must have a privacy officer and post a privacy policy that also covers their service providers. In addition, the country requires built-in consent and easy-to-spot opt-out processes in privacy policies.

When is a Business Subject to the Laws and Regulations of Other Jurisdictions?

Many factors determine which laws govern an online business’s operation, including its procedures, where it ships products, the marketing of the products, and the target audience of the eCommerce site.

Any sale of goods in another jurisdiction is subject to court decisions based on the area’s laws and regulations, regardless of where the business has a physical presence. In the U.S., this has become a common practice between states and is known as the “long-arm” jurisdiction statute when any business transaction occurs.

Can a Business Choose the Law and Courts Preferred?

Websites sometimes include a “choice of law” clause stating which jurisdiction applies if disputes relating to their terms and conditions arise. Sometimes these are easier to uphold than others, depending on the context of the dispute. For instance, a French court refused to enforce such a provision in the public policy of a U.S. internet services provider because it circumvented the local mandatory consumer protection laws.

Therefore, in theory, an eCommerce business needs to comply with the laws of the country its consumers reside. In addition, companies may need to ensure a specially-tailored website to meet local advertising needs, promotions, and specialized privacy policies.

When deciding to conduct business outside of a local jurisdiction, companies need to adhere to the following principles if they want to avoid placing their business at risk:

  • They should limit the interactive features on their website, avoiding collecting some sensitive information from residents that could lead to lawsuits.
  • They should prefer to moderate sales to international jurisdictions to reduce the risk of falling foul of the laws and regulations there.
  • They shouldn’t promote their website to residents of a particular jurisdiction in local or regional publications or websites.
  • They should avoid creating a foreign-language version of their website or utilizing a country-specific top-level domain (TLD), e.g., .ca for Canada or .gr for Greece, etc.

International Safeguards

International online business has become common, but customers worldwide need to feel safe when making transactions. Therefore, the international Organization for Economic Cooperation and Development has developed guidelines to help safeguard eCommerce and its customers:

  1. eCommerce enterprises should always include their business information on their websites. By including their address, email address, and telephone number, international buyers know who they are doing business with and how to contact them.
  2. Businesses must clearly state that the price of goods increases for international transactions, and customers may waive certain consumer rights like returns, guarantees, and warranties because of their location.
  3. They must always take security and privacy seriously, including when collecting financial information. A Privacy Policy is the best way to tell consumers about the information and data collected and distributed.

Final Take

eCommerce store legal agreements don’t fit in a one-size-fits-all category. Besides the laws of each country governing privacy policies and advertising, internet sellers also need to consider things like shipping, returns, payments, and an arbitration clause (which may hold or not).