GreenNet CSIR Toolkit Briefing no.4
Buying and carrying out business transactions online
Written by Paul Mobbs for the
GreenNet Civil Society Internet Rights Project, 2002.
There is a framework of legal regulations designed to protect you as a consumer when you shop
in your local High Street; it ranges from rules for opening bank accounts to standards for the
manufacture and safety of goods. Public bodies, from the local trading standards office
through to the regulators of the stock market and banks, ensure that these regulations are
applied, and provide complaint procedures for when things go wrong.
At present there is no similar framework that covers all situations when you purchase goods on
the Internet. Although the Government has promoted e-commerce aggressively, focusing especially
on the delivery of services, legal controls for the online sale of goods have yet to catch up
with those for conventional shopping.
Here are some guidelines for buying online with a degree of safety. It is important to realise
that, because not all computer systems can be one hundred per cent secure, there is always a
degree of risk involved in using the Internet for buying goods.
Jurisdiction is everything
The Internet is a communications medium without geographical or national boundaries. By contrast,
consumer protection legislation is based within national and local authority boundaries. The
first thing to ensure when you make any kind of purchase on the Internet is that all the parties
involved in the financial transactions are based within national boundaries where your local
consumer protection laws apply; in other words, that the organisations you are dealing with come
under the same legal jurisdiction as you do.
In the UK there are a range of laws that apply to the sale of goods - irrespective of whether
that sale is completed in person, by mail order, or via the Internet. Most of these laws are only
applicable in the UK, but a growing body of law created through European Directives now provides
a framework for trade throughout the European Economic Area (the EEA, which comprises the full
member states of the European Union). Internet-based sales are usually treated as being mail
order; so if you are buying from companies based in the UK or the EU, UK and EEA regulations for
mail order and distance selling apply. Problems can arise if the organisation you are purchasing
from, or the intermediary (such as an online auction), is not based in the UK or EEA.
The key legislation in this respect is the
EU Distance Selling Directive
which was agreed in May 1997. The Directive was due to be enacted into law in each EU state
by June 2000; it was enacted in the UK through the
Consumer Protection (Distance Selling) Regulations 2000.
The Directive requires that the seller provide the customer with the following information:
Distance selling covers not just Internet sales, but also mail order and telephone sales.
As part of the sales agreement the consumer has the following rights:
- The main characteristics of the goods supplied;
- The price of the goods, including any taxes and delivery costs;
- The proposed arrangements for payment;
- The guarantees or standards supplied with the goods; and
- The address to which complaints about the goods should be directed (i.e. that of the seller
or the supplier).
As noted above, these rights only apply in the EEA.
There is some limited protection if you are using a credit card when buying from organisations
in states outside the EU:
- Unless the parties to the sale agree otherwise, the sale and delivery of goods must be
completed within 30 days of the customer submitting the order;
- If the goods ordered are unavailable then the customer is entitled to a refund as soon
as possible, and in any case within 30 days;
- The customer has the right to return goods within seven days of their receipt, and
require a refund, although the supplier is entitled to deduct the costs of carriage (although
there are exceptions to this rule for perishable goods, custom-made goods, and dated goods
such as magazines and periodicals);
- Where goods are ordered through the unauthorised or fraudulent use of a person's credit
or debit card that individual is entitled to cancel the payment.
There is still disagreement regarding the applicability of the Consumer Credit Act outside
the UK. The Office of Fair Trading takes the view that it applies to purchases across borders,
certainly within the EU. The major UK credit card companies take a different view, and
currently only 'voluntarily' meet claims for the liability of cross-border purchases.
- You may be able to claim compensation for fraudulent or substandard goods from your
credit card company, but there are usually restrictions on the amount paid. For the purchase
of goods between one hundred pounds and thirty thousand pounds sterling, the credit card
company is jointly liable for any misrepresentation in the sale of the goods or breach of
- But - protection against fraud and the failure of goods to arrive only applies to
credit cards. Different rules apply to the use of debit cards - you do not receive the same
Protection for consumers in the EU is likely to improve over the next few years. Proposals for
on e-commerce, covering all aspects of Internet-based services, are under negotiation. A new EU
on the sale of consumer goods & associated guarantees,
due to be implemented by January 2002, will improve protection of consumer rights for faulty or
Finally, if you import goods that cost more than eighteen pounds sterling from another
country you will be liable to pay VAT and any duty on the goods (although the rules for
purchases within the EU are not clear, because of the interpretation of EU tax rules -
check first). This should be included in the purchase price, but if not it will be levied
when the goods enter the country. The Post Office collects tax for Customs and Excise, but
levy a surcharge for doing so. If it is not included in the price of the goods you will
have to pay the tax and the surcharge before the goods are handed over to you.
Good practice for online purchasing
Just because a site has a '.uk' domain name this does not mean that it trades from within the
UK, or that the company operating it is registered in the UK. On the other hand, if you
purchase goods that do not originate from within the UK, but the company you are contracting
with for the sale of goods is based within the UK (such as companies who offer cheap imported
goods), you are covered by UK consumer protection law.
Guarantees of good practice
The Government has co-sponsored an accreditation scheme for web traders entitled
Trust UK. When you
purchase online through a member of the Trust UK scheme you have a guarantee that the company
The Which consumer organisation also has its
own code of practice
for UK-based web traders;
this seeks to provide minimum standards of service and security for online consumers.
- Protect your privacy;
- Ensure that your payments are secure;
- Let you know what you have agreed to, and how to cancel orders should you need to;
- Deliver the goods or services ordered within the agreed time period; and
- Sort out any complaints, wherever you live.
Key points to bear in mind when buying online
- If things go wrong you will have more protection if you use a credit card rather than a
debit card. Credit card companies are now issuing separate card security codes to protect
credit card transactions from fraud. Keeping the credit card number separate from the security
code means that even if the card number is disclosed on the Internet it cannot be used for
- Only purchases in excess of one hundred pounds sterling, within the UK, are covered by
the major credit card companies.
- If you are purchasing from a site that is not part of a UK-based accreditation scheme,
make sure that the company is based within the UK or EEA. If the company is based outside
the UK then you not only risk losing your money if the goods do not turn up or if they are
defective, but you might also be surcharged for import duty and VAT before they are handed
over to you. If the site you are purchasing from does not provide information on the payment
of VAT or duty, you should consult
- Never give credit card or personal information as part of any purchase by email, or via
a web page that is not encrypted (a secure socket).
E-mail addresses can be set up fraudulently, and so sending your details
encrypted by email is still no
guarantee of security. Sending your details via a web site form provides some extra security
because of the more exacting requirements for the registration of Internet sites. You can
ensure that the form with your details is sent encrypted if the small padlock in the corner
of your browser is locked ().
- Keep all the details of your purchase (copies of the advertisement, for example, or
details of the 'shopping basket' of goods you have collected to buy) by printing out each
screen that contains details of your purchase. If you need to complain at a later date these
pages will provide the information you need.
For more information about purchasing online you might like to consult the following
This briefing has been written in the context of the legal framework currently in force in the UK.
If you live outside the UK you will need to make yourself aware of the procedures operating in your
own country. Key points you will need to find out are:
You should also contact any consumer protection organisations operating in your country as they are
likely to have a lot of the information you need.
- If you live in an EU member state, how the Distance Selling directive and other recent consumer
protection directives have been enacted;
- Whether the credit card companies that operate in your country have any particular policies on
Internet purchasing, and whether they accept liability for cross-border purchases that go wrong; and
- How the consumer protection laws are enforced in your country, and what procedures are available
for making complaints.
The GreenNet Internet Rights Project
GreenNet is the UK member of the
Association for Progressive Communications
(APC), and is leading the European section of the APC's
Civil Society Internet Rights Project.
The primary goal of this project is to provide the resources and tools necessary to defend and expand
space and opportunities for social campaigning work on the Internet against the emerging threats to
civil society's use of the 'Net. This involves developing ways and means of defending threatened material
and campaigning, as well as lobbying to ensure a favourable legal situation for free expression on issues
of public interest.
Until recently, the social norms of Internet communities, together with a very open architecture based
on supporting these norms, regulated the Internet, and was responsible for its openness. The main
forces of regulation now, however, are the business sector and government legislation. Corporations and
governments are pressing for fundamental changes in legislation and in the architecture of the Internet.
Unless challenged, these moves could radically change the nature of the 'Net, making it a place of
oppressive controls instead of freedom and openness. It is in this context that APC's Internet Rights
project is being developed.
This briefing is one in a series
that document different aspects of work and communication across the Internet. Although written from
the perspective of the UK, much of its content is applicable to other parts of Europe. There is
continuing work on these issues, as part of the European project. If you wish to know more about
these briefings, or the European section of the APC Civil Society Internet Rights Project, you should
contact GreenNet. You should also check the APC's web site to see if there is already a national APC
member in your country who may be able to provide local help, or with whom you may be able to work to
develop Internet rights resources for your own country.