Online Law

Online Law

Online Law

Here’s a general overview of regulations that can affect online spaces and the laws that all website and social media updaters should be aware of.

blog_square_3ASA: Website copy and advertising regulations.
Since 2011 the ASA’s (Advertising Standards Authority) remit has covered websites as well as traditional marketing practises of broadcast and print. This remit also includes 3rd party space under the control of a business owner such as Facebook and Linked In.

The ASA expects all online advertising and copy to be legal, decent, honest and truthful.

Any claims you make as to products or services you provide are subject to the same rules as other forms of advertising and marketing and must not be misleading, harmful or offensive under the CAP code.
To read more about the code visit this link,

You could end up with a large damages bill. The rules also apply to re-tweets so think before you tweet, always!!

“Think before you tweet, always!”

EU law: Cookies and data gathering

The law now requires all website owners to comply with regulations governing cookies and data gathering.

Firstly let’s clarify what a cookie actually is. A cookie (Can also be known as HTTP cookie, web cookie, or browser cookie) is a small piece of data sent from a website and stored in a user’s web browser while a user is browsing a website, this includes products you buy, articles that you click on or simply the language preference you select. When you visit the same website again, the data stored in the cookie can be retrieved by the website to notify the website of the user’s previous activity.
There are a range of cookie types which have various purposes (session, secure, persistent, 3rd party etc…) but as a website owner what you have to be aware of is the law regarding privacy and security for your visitors.

Most cookies are used to find out more about users activity and habits as well as providing a better quality of user experience such as not having to fill in a form repeatedly or setting language preferences only once.

Website owners must now get permission from visitors to use cookies and must inform them how they use these cookies and the information they provide.

There are exceptions to the cookie regulations where cookies are deemed to be only for the sites functionality and are not used by any 3rd parties.

If you are not using the following cookies for additional purposes these tasks are exempt:

Keeping track of user input when filling online forms or as a shopping card – (session-ID)
Multi-media player sessions and user interface sessions (i.e. user language preference)
First party analytics not likely to create a privacy risk.
If your site is using cookies outside of the exemptions then you need to inform visitors and seek permission.

If you want advice on cookies or other web compliance matters contact us or go to:

Selling Online? Then check you are meeting the regulations.

If you sell online you should find out if you are meeting PCI DSS standards. PCI DSS stands for Payment Card Industry Data Security Standard and was created by Visa and Mastercard) to increase protection for both customers and merchants.
If your site security is compromised and customer card details are stolen you could face not only stiff financial penalties you will also have to cope with the fallout of a security breach like this affecting your online reputation and ultimately sales.

If you plan to sell online make sure you get good advice on the process involved. Understand the requirements, costs associated and timelines (for setting up a merchant account if you need it etc…) and don’t cut corners on areas such as secure hosting.

If you choose an existing pre-packaged, hosted payments page (the cheapest and quickest option) you will probably find yourself outside the scope of PCI DSS as responsibility would most likely fall to the provider that you choose – always check!
The pros of going with an option like this are that you aren’t handling any sensitive data so you can focus on other important areas of your business.
The cons? You won’t have anywhere near the same amount of options and flexibility that a more advanced solution will give.

As your business grows you will want a much more flexible, fluid and bespoke experience for your visitors with as few barriers to purchase as possible, but with that you will need to take on more responsibility for processing sensitive data.

Fully integrated ecommerce solutions are the highest level and come with a huge range of considerations. Unless you are likely to be processing over £1 million+ in payments you won’t need to consider this option.

Have a chat to an experienced web developer and find out what may be the best option for you.

Outside of your website – social media

Communication with customers outside the walls of your website such as newsletters, social media and advertising must follow ASA regulations (see above)

But of course there are also separate civil and criminal laws concerned with libel and defamation which have been highlighted via a recent spate of high profile social media cases.
As a website owner these laws can affect you if you have social media spaces (sometimes termed as borrowed media) as well as comments sections on your blog or news feed.

Social media

According to the BBC 653 people faced criminal charges in England and Wales last year in connection with comments on Twitter or Facebook.


The law concerning Twitter and other social media sites is clear – if you make a defamatory allegation about someone you can be sued for libel. It is viewed the same as publishing a false and damaging report in a newspaper.
A tweet is potentially libellous in England and Wales if it damages someone’s reputation “in the estimation of right thinking members of society”. It can do this by exposing them to “hatred, ridicule or contempt”.
You could end up with a large damages bill. The rules also apply to re-tweets so think before you tweet, always!!

There are changes coming though. Under the Defamation Bill, due to become law later this year, litigants in England and Wales will have to show that the words they are complaining about caused “substantial harm” rather than simply “harm” to their reputations.
Website operators may also be forced to remove potentially libellous comments by anonymous “trolls” or hand over their names and addresses to the authorities.

Trolls and offensive comments

The right to be rude about someone in print is protected in English law. “Vulgar abuse” is not considered defamatory. Article 10 of the European Convention on Human Rights also protects free speech. Crown Prosecution Guidelines state Tweeters can avoid prosecution if they rapidly withdraw a grossly offensive comment, express “genuine remorse” for it, or if the comment was not intended to be widely distributed in the first place.

Stop and think before you post anything publically and if your activity is relating to your business, or your employers business, firm guidelines should be in place to avoid issues.