E-commerce continues to be a booming business. If you are selling goods or services online, you are likely engaging in e-commerce. As such, you should be aware of the many and varied legal rules that apply to online businesses. There is a wide variety of federal, state, and international laws as well as industry-specific regulations. Failure to comply with these rules can result in substantial liability and damage to your business. An experienced online business attorney can help and advise you to navigate these rules and how your business operations can stay compliant.

Setting Up Your Website

Of course, for starters, any online business needs a website.  That usually means finding and registering your domain to create the website.  You may develop the website yourself through a service such as Squarespace or hire web design developer as an independent contractor on a work-for-hire basis.  If you use a service, you must pay close attention to the company’s terms and conditions to ensure you understand your rights and responsibilities.  Similarly, if you hire a web developer, you will need to carefully draft the agreement to protect your intellectual property rights and specify the obligations of the developer.

Your website will also need to be hosted, specifically through a website hosting company.  The hosting company sets forth its scope of services and any obligations to you, which should be reviewed carefully.

Your website will also need to put in place the Privacy Policy and Terms and Conditions before fully engaging in any business.  Terms and Conditions, also known as Terms of Service or Terms of Use, provides what a user must agree to before accessing and using a website.  A thorough Terms and Conditions page is generally a legally binding contract that sets out what types of uses of a website’s information is allowed, how users might misuse the product or services, what payment terms with the website are, and how any disputes are handled if they arise.

Privacy policies disclose the types of personal information that will be collected on a website and how the data will be stored, shared, and protected. Federal, state, and international laws are likely to apply to your business and vary depending on your industry and the type of data you collect. These policies must also be published on your website, so visitors or users know how exactly what data your website collects and how it uses that data. A privacy policy should be tailored to your business practices. Most importantly, your business must adhere to that policy. Failure to follow the policy, or misleading users about a practice, can be a liability risk. As a result, a lawyer should draft and/or review both policies to ensure legal compliance.

Trademarks and Domain Names

Trademark law may protect the name, logo, and other marks associated with your business, including your domain name.  However, the requirements can be difficult to establish.  If you do meet the qualifications, there are benefits to registering your trademarks with the United States Patent and Trademark Office (“USPTO”).  Registration is not required but it helps make a stronger enforcement of your rights against infringers.  For example, if you register your domain name as a trademark and someone is using a domain name that is similar to yours and the similarity would likely cause confusion, you may be able to sue for infringement or pursue a remedy under the Anti-Cybersquatting Consumer Protection Act.

Domain names can also be registered with an organization called the Internet Corporation for Assigned Names and Numbers (“ICANN”).  Domain name registrants also typically agree to dispute resolution through the Uniform Domain Dispute Resolution Policy (“UDRP”) when they register a domain.  This does not give you trademark rights.  This is another way to show both the public and the USPTO that your domain name is distinctive and used to identify your particular goods or services so you can protect your trademark rights.  If a competitor registers a confusingly similar domain name to your own, domain holders can use the UDRP to bring the dispute to arbitration.  Notably, however, resolution under the UDRP is limited to transferring the domain back to the rightful holder, rather than awarding damages to the victorious party.

Industry-Specific Regulations

There are regulations specific to certain types of goods or services or industries. It is important to consult an attorney regarding whether your business must comply with any industry rules. For example, the financial services and healthcare industries are highly regulated. Some industries, including the advertising, mobile marketing, and payment card industries also self-regulate.

How Can You Legally Market Your Business?

Before moving forward with any marketing, it is important to consult an attorney to ensure that your business complies with any and all applicable laws related to marketing in that industry. Federal and state laws may affect various aspects of your marketing. For instance, the Federal Trade Commission (FTC) has the authority to bring an action against a company for deceptive trade practices. The FTC also has specific rules about certain types of advertising, such as native advertising and sweepstakes and promotions. Some products may not be advertised online at all. The CAN-SPAM Act is another federal law that imposes requirements on email advertising and text messaging.

Online businesses also frequently do business outside of the United States. Those business should be aware that the EU has its own regulations on online marketing and advertising. Those businesses should further be aware of when those regulations apply to them to avoid liability. For example, advertisements must be clearly directed to a recipient, clearly identify the advertiser, and identify the promotion and make sure that promotion’s terms or conditions are easily accessible and presented clearly. EU’s regulations, including the General Data Protection Regulation (GDPR) and consumer protection laws, apply to any service operating for profit as well as those advertising within the EU.

Other countries have similar laws prohibiting certain types of conduct or requiring disclosure when engaging in specific types of marketing. These include regulations regarding misrepresenting pricing, publishing fake reviews and endorsements, disclosing the methodology of ranking and search results, and other online marketing.

What Data Privacy Laws Apply to Your Business?

Data Privacy Laws in the US

In the U.S., there is no federal privacy law with general applicability, although some industries such as financial services and healthcare are regulated as noted previously.  However, more and more states have enacted or are moving towards enacting data privacy laws, most of which differ from one another.  Among the most comprehensive state laws are California’s and New York’s statutes.  Both laws require businesses that collect personal information to meet certain privacy and security standards.  California also mandates that businesses honor requests by state residents to access, delete and opt out of sharing or selling of their private information.

Data Privacy Laws in the E.U.

The GDPR provides EU residents the right to know what information an entity has about them, request to have their information deleted, and opt out of having their private information shared or sold to third parties. Entities also must meet certain privacy and security standards and provide notification of data breaches.

Other countries also have various data privacy laws that your business may need to comply with if you are collecting information on residents of those countries through your website.

What Jurisdiction’s Laws Apply to Your Business?

Within the US, e-commerce businesses are subject to the laws of states in which they “transact business.” Each state has a “longarm statute” which sets out the standard by which individuals and businesses outside of that state can be brought into that state’s courts. Generally speaking, the U.S. Supreme Court has stated that there must be “minimum contacts” with a state in order for a state to exercise jurisdiction over a defendant – meaning some sort of real connection between that out of state person or business and that state, which makes it fair for that state to bring that person or business into court. This analysis can be complicated in the case of e-commerce businesses.

Some courts apply a sliding scale test. Essentially, the more interactive the site is, the more likely jurisdiction will be allowed. Therefore, there would be jurisdiction if the site is an online store where customers order and pay for goods or enter into online contracts exclusively through the site. However, if the site is more informational with little e-commerce functionality, there may not be jurisdiction.

In the case of contract disputes across state lines, the parties’ agreement may contain a forum selection clause that sets forth which state’s law is to be applied to the dispute and where the case should be heard. Generally, such clauses are enforceable when the dispute arises out of a related transaction. However, there may be an exception if enforcing the provision would violate public policy.


Because of the unique space online businesses exist in, those businesses frequently need guidance on a wide variety of different laws, including technology, contracts, intellectual property, privacy, advertising rules, and industry-specific regulation.  Importantly, since an online business can sell anywhere, it can be complicated to determine which federal, state, and international laws apply to the business.  An experienced business lawyer can help your business plan for and address the diverse issues that can arise, minimize possible liability, and operate successfully.

Looking for other Business Law services?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.