Millions of online shoppers around the world share their private data with eCommerce websites, in return for a customized and streamlined consumer experience. It is upon the merchants to guard that information and make sure it is not misused.
Unfortunately, high-profile data breaches are a common occurrence, and consumers are demanding tighter protection of personal data. Increasingly strict regulations control the collation, storage, and use of personal data. To succeed, software and SaaS companies are forced to constantly update their best practices to protect their customers and stay compliant with regulatory and industry standards.
In this article, you will learn:
Consumers have the right to know what dealers do with the information they gather. Subsequently, the law requires eCommerce providers to disclose their privacy policies and data processing activities to the public. The consequences of failing to create a privacy policy can include regulatory fines, mailing list invalidation, litigation, and damage to reputation.
How to comply
Under most regulatory frameworks, privacy policies and related documents (see below) should be regularly updated and clearly accessible on your website.
In the USA, a privacy policy should include, at a minimum, what information you collect through your eCommerce store, which information you intend to collect in the future, how you collect, store and share personal data, how you use that data, now and in the future, and which third parties receive your customer’s personal data.
Cookies are small scripts sent by web servers and stored on computer browsers for a variety of reasons, including analytics, integration with social networks, remarketing advertisements, maintaining user sign-in and preferences, and enhancing the user experience.
How to comply
You must have a valid cookie policy and a cookie management solution, which allows users to opt out of cookies if they so desire. Visitors from the European Union have the legal right to be informed as to how and why you make use of cookies. Many third party suppliers, such as Google, Facebook, Apple, and Amazon, also require their clients (advertisers, for example) to adopt cookie policies.
Terms and conditions formalize the relationship between a provider and a user, a merchant and a client. They set forth the manner in which the client must be treated and the manner in which a client may use a service and its corollaries. The document is legally binding, and states that the use of a site serves as a de-facto agreement by the user to the terms.
Terms and conditions not only protect the client; they protect the supplier, as well. For the client, they determine user rights, cancellation policies, and so forth; for the supplier, they are invaluable protection against potential liability.
How to comply
eCommerce websites must have terms of services in place, which should be reviewed by a legal counsel. Misuse of a product can sometimes cause personal, financial, or even physical harm, and responsibilities must be legally defined to minimize risk and liability, while providing reasonable protection for the buyer.
As privacy laws around the world become stricter, it is important to require buyers to tick a box in order to explicitly agree to the terms of service, and not merely assume they agree to the terms by browsing the site (known as a browsewrap agreement).
Terms and conditions should cover, at a minimum:
The European Union’s General Data Protection Regulation (GDPR) requires suppliers to maintain valid records of consent for processing the personal data of their clients. Consent without a valid recording mechanism renders the consent invalid.
How to comply
When collecting personal data using email or newsletter forms, subscriptions, and so on, if your clients are citizens of the European Union, the law requires consent to process this data. Cookies are currently not governed by GDPR, and are governed by the EU’s ePrivacy directive (2002/58/EC, amended by 2009/136/EC).
To be within European law, the GDPR requires valid records of data processed for EU-based clients, especially by eCommerce entities.
How to comply
Entities with 250 or more employees that collect sensitive and/or personal data, whose regular processing activities could impinge upon the rights or freedom of EU citizens, must maintain records of processing activities.
The US Congress added restrictions on shipping vape products to its 2021 omnibus spending bill that provides relief for the coronavirus pandemic. The “Preventing Online Sales of E-Cigarettes to Children Act” requires the US postal service to create regulation to prevent mail deliveries of products containing nicotine or cannabis within 120 days. It also forces those transporting nicotine or cannabis vaping products to adhere to the Prevent All Cigarette Trafficking (PACT) Act, a part of the Jenkins act.
The legislation applies to e-liquid and devices that contain no nicotine, only CBD, or THC oil. Devices are those that deliver, through an aerosolized solution, nicotine, flavor, “or any other substance to the user.”
Under current legislation, retailers must:
Sellers who are in violation may face fines up to $10,000 per violation, and up to three years in prison.
At BlueCheck, we provide the best identity verification infrastructure to grow your business. We move faster to build solutions tailored to the needs of our customers, including PACT Act and eCommerce compliant offerings. Schedule a call with BlueCheck Solutions Advisor today to learn more.