GreenNet CSIR Toolkit Briefing no.4

E-Consumer Protection

Buying and carrying out business transactions online

Written by Paul Mobbs for the
GreenNet Civil Society Internet Rights Project, 2002.

There is a framework of legal regulations designed to protect you as a consumer when you shop in your local High Street; it ranges from rules for opening bank accounts to standards for the manufacture and safety of goods. Public bodies, from the local trading standards office through to the regulators of the stock market and banks, ensure that these regulations are applied, and provide complaint procedures for when things go wrong.

At present there is no similar framework that covers all situations when you purchase goods on the Internet. Although the Government has promoted e-commerce aggressively, focusing especially on the delivery of services, legal controls for the online sale of goods have yet to catch up with those for conventional shopping.

Here are some guidelines for buying online with a degree of safety. It is important to realise that, because not all computer systems can be one hundred per cent secure, there is always a degree of risk involved in using the Internet for buying goods.

Jurisdiction is everything

The Internet is a communications medium without geographical or national boundaries. By contrast, consumer protection legislation is based within national and local authority boundaries. The first thing to ensure when you make any kind of purchase on the Internet is that all the parties involved in the financial transactions are based within national boundaries where your local consumer protection laws apply; in other words, that the organisations you are dealing with come under the same legal jurisdiction as you do.

In the UK there are a range of laws that apply to the sale of goods - irrespective of whether that sale is completed in person, by mail order, or via the Internet. Most of these laws are only applicable in the UK, but a growing body of law created through European Directives now provides a framework for trade throughout the European Economic Area (the EEA, which comprises the full member states of the European Union). Internet-based sales are usually treated as being mail order; so if you are buying from companies based in the UK or the EU, UK and EEA regulations for mail order and distance selling apply. Problems can arise if the organisation you are purchasing from, or the intermediary (such as an online auction), is not based in the UK or EEA.

The key legislation in this respect is the EU Distance Selling Directive which was agreed in May 1997. The Directive was due to be enacted into law in each EU state by June 2000; it was enacted in the UK through the Consumer Protection (Distance Selling) Regulations 2000.

The Directive requires that the seller provide the customer with the following information:
  • The main characteristics of the goods supplied;

  • The price of the goods, including any taxes and delivery costs;

  • The proposed arrangements for payment;

  • The guarantees or standards supplied with the goods; and

  • The address to which complaints about the goods should be directed (i.e. that of the seller or the supplier).

Distance selling covers not just Internet sales, but also mail order and telephone sales. As part of the sales agreement the consumer has the following rights:
  • Unless the parties to the sale agree otherwise, the sale and delivery of goods must be completed within 30 days of the customer submitting the order;

  • If the goods ordered are unavailable then the customer is entitled to a refund as soon as possible, and in any case within 30 days;

  • The customer has the right to return goods within seven days of their receipt, and require a refund, although the supplier is entitled to deduct the costs of carriage (although there are exceptions to this rule for perishable goods, custom-made goods, and dated goods such as magazines and periodicals);

  • Where goods are ordered through the unauthorised or fraudulent use of a person's credit or debit card that individual is entitled to cancel the payment.

As noted above, these rights only apply in the EEA. There is some limited protection if you are using a credit card when buying from organisations in states outside the EU:
  • You may be able to claim compensation for fraudulent or substandard goods from your credit card company, but there are usually restrictions on the amount paid. For the purchase of goods between one hundred pounds and thirty thousand pounds sterling, the credit card company is jointly liable for any misrepresentation in the sale of the goods or breach of contract.

  • But - protection against fraud and the failure of goods to arrive only applies to credit cards. Different rules apply to the use of debit cards - you do not receive the same protection.

There is still disagreement regarding the applicability of the Consumer Credit Act outside the UK. The Office of Fair Trading takes the view that it applies to purchases across borders, certainly within the EU. The major UK credit card companies take a different view, and currently only 'voluntarily' meet claims for the liability of cross-border purchases.

Protection for consumers in the EU is likely to improve over the next few years. Proposals for a Directive on e-commerce, covering all aspects of Internet-based services, are under negotiation. A new EU Directive on the sale of consumer goods & associated guarantees, due to be implemented by January 2002, will improve protection of consumer rights for faulty or defective goods.

Finally, if you import goods that cost more than eighteen pounds sterling from another country you will be liable to pay VAT and any duty on the goods (although the rules for purchases within the EU are not clear, because of the interpretation of EU tax rules - check first). This should be included in the purchase price, but if not it will be levied when the goods enter the country. The Post Office collects tax for Customs and Excise, but levy a surcharge for doing so. If it is not included in the price of the goods you will have to pay the tax and the surcharge before the goods are handed over to you.

Good practice for online purchasing

Just because a site has a '.uk' domain name this does not mean that it trades from within the UK, or that the company operating it is registered in the UK. On the other hand, if you purchase goods that do not originate from within the UK, but the company you are contracting with for the sale of goods is based within the UK (such as companies who offer cheap imported goods), you are covered by UK consumer protection law.

Guarantees of good practice

The Government has co-sponsored an accreditation scheme for web traders entitled Trust UK. When you purchase online through a member of the Trust UK scheme you have a guarantee that the company will:
  • Protect your privacy;

  • Ensure that your payments are secure;

  • Let you know what you have agreed to, and how to cancel orders should you need to;

  • Deliver the goods or services ordered within the agreed time period; and

  • Sort out any complaints, wherever you live.

The Which consumer organisation also has its own code of practice for UK-based web traders; this seeks to provide minimum standards of service and security for online consumers.

Key points to bear in mind when buying online

  • If things go wrong you will have more protection if you use a credit card rather than a debit card. Credit card companies are now issuing separate card security codes to protect credit card transactions from fraud. Keeping the credit card number separate from the security code means that even if the card number is disclosed on the Internet it cannot be used for purchases.

  • Only purchases in excess of one hundred pounds sterling, within the UK, are covered by the major credit card companies.

  • If you are purchasing from a site that is not part of a UK-based accreditation scheme, make sure that the company is based within the UK or EEA. If the company is based outside the UK then you not only risk losing your money if the goods do not turn up or if they are defective, but you might also be surcharged for import duty and VAT before they are handed over to you. If the site you are purchasing from does not provide information on the payment of VAT or duty, you should consult Customs and Excise.

  • Never give credit card or personal information as part of any purchase by email, or via a web page that is not encrypted (a secure socket). E-mail addresses can be set up fraudulently, and so sending your details encrypted by email is still no guarantee of security. Sending your details via a web site form provides some extra security because of the more exacting requirements for the registration of Internet sites. You can ensure that the form with your details is sent encrypted if the small padlock in the corner of your browser is locked ().

  • Keep all the details of your purchase (copies of the advertisement, for example, or details of the 'shopping basket' of goods you have collected to buy) by printing out each screen that contains details of your purchase. If you need to complain at a later date these pages will provide the information you need.

Further information

For more information about purchasing online you might like to consult the following sites:

Further work

This briefing has been written in the context of the legal framework currently in force in the UK. If you live outside the UK you will need to make yourself aware of the procedures operating in your own country. Key points you will need to find out are:
  • If you live in an EU member state, how the Distance Selling directive and other recent consumer protection directives have been enacted;

  • Whether the credit card companies that operate in your country have any particular policies on Internet purchasing, and whether they accept liability for cross-border purchases that go wrong; and

  • How the consumer protection laws are enforced in your country, and what procedures are available for making complaints.

You should also contact any consumer protection organisations operating in your country as they are likely to have a lot of the information you need.

The GreenNet Internet Rights Project

GreenNet is the UK member of the Association for Progressive Communications (APC), and is leading the European section of the APC's Civil Society Internet Rights Project. The primary goal of this project is to provide the resources and tools necessary to defend and expand space and opportunities for social campaigning work on the Internet against the emerging threats to civil society's use of the 'Net. This involves developing ways and means of defending threatened material and campaigning, as well as lobbying to ensure a favourable legal situation for free expression on issues of public interest.

Until recently, the social norms of Internet communities, together with a very open architecture based on supporting these norms, regulated the Internet, and was responsible for its openness. The main forces of regulation now, however, are the business sector and government legislation. Corporations and governments are pressing for fundamental changes in legislation and in the architecture of the Internet. Unless challenged, these moves could radically change the nature of the 'Net, making it a place of oppressive controls instead of freedom and openness. It is in this context that APC's Internet Rights project is being developed.

This briefing is one in a series that document different aspects of work and communication across the Internet. Although written from the perspective of the UK, much of its content is applicable to other parts of Europe. There is continuing work on these issues, as part of the European project. If you wish to know more about these briefings, or the European section of the APC Civil Society Internet Rights Project, you should contact GreenNet. You should also check the APC's web site to see if there is already a national APC member in your country who may be able to provide local help, or with whom you may be able to work to develop Internet rights resources for your own country.

Free Documentation License:

Copyright 2001, 2002 GreenNet and Paul Mobbs. Further contributions and editing by Gill Roberts and Karen Banks. The project to develop this series of briefings was managed by GreenNet and funded by the Joseph Rowntree Charitable Trust.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1or any later version (see for a copy of the license).

Please note that the title of the briefing and the 'free documentation license' section are protected as 'invariant sections and should not be modified.

For more information about the Civil Society Internet Rights Project, or if you have questions about the briefings, contact