E-Commerce Sales Law: Legal Rules Every Online Business Must Follow

The formation of a legally enforceable online sales contract requires the seller to demonstrate that the buyer received adequate notice of the terms and conditions governing the transaction and affirmatively assented to those terms before completing the purchase, and the click-wrap agreement, which requires the buyer to check a box or click a button expressly confirming acceptance before the transaction can be completed, is consistently enforced by the courts as a valid contract, while the browse-wrap agreement, which purports to bind the buyer merely by virtue of website use, is much more vulnerable to legal challenge and is frequently not enforced when the buyer can demonstrate insufficient notice of the terms. Ecommerce-regulations and electronic-commercial-transactions counsel can evaluate whether the online seller's click-wrap or browse-wrap agreement satisfies the legal requirements for an enforceable contract, assess whether the agreement's provisions comply with applicable consumer protection statutes, and advise on the specific drafting changes required to maximize the enforceability of the agreement.

The FTC Act's prohibition on unfair or deceptive acts or practices applies to all online advertising, and the FTC has issued extensive guidance on the specific requirements applicable to online marketing, including the requirement that all material connections between an endorser and a seller be clearly and conspicuously disclosed, the requirement that testimonials and endorsements reflect typical rather than exceptional results, and the requirement that any claim about a product's performance be supported by competent and reliable scientific evidence before the claim is made. Consumer-protection-law and consumer-protection-disputes counsel can advise on the specific FTC Act Section 5 standards applicable to the online seller's advertising and marketing practices, assess whether any specific claim, testimonial, endorsement, or pricing representation satisfies the FTC's substantiation requirement, and develop the compliance strategy for bringing the seller's marketing practices into conformance with the applicable standards.

The table below identifies the four principal compliance areas of e-commerce sales law, the governing federal or state law for each area, the key legal requirement that the online seller must satisfy, and the law firm's strategic focus for each compliance area.

E-commerce-business-sale and business-compliance counsel can advise on the specific sales tax nexus standards applicable to the online seller's business in each state where the seller has established nexus, assess whether the seller's sales volume or transaction count in a given state satisfies the state's economic nexus threshold, and develop the multi-state compliance strategy for collecting, reporting, and remitting the applicable sales tax.

The FTC's Mail or Telephone Order Rule requires the seller to ship ordered goods within the time period stated in the solicitation or, if no time period is stated, within thirty days after receiving a properly completed order, and the seller who cannot ship within the required time must notify the buyer of the delay, give the buyer the option to cancel the order and receive a prompt refund, and ship within any agreed extended period or cancel the order and issue the refund. Ftc and consumer-protection counsel can advise on the specific requirements of the FTC's Mail or Telephone Order Rule as applied to online transactions, assess whether the seller's current shipping, cancellation, and refund practices comply with the Rule's timing and notification requirements, and develop the compliance program for satisfying all applicable federal and state refund and shipping disclosure obligations.

The online seller's shipping terms should address the specific allocation of risk of loss between the seller and the buyer for goods damaged or lost during shipment, should specify the carrier to be used, should clearly state the estimated shipping time frame without creating a legally binding promise the seller cannot meet, and should specify the seller's procedures for handling shipping claims, including the time period within which the buyer must report a problem and the remedies the seller will provide. Shipping-dispute and international-shipping counsel can advise on the specific liability allocation provisions that should be included in the online seller's terms of sale to address shipping delays, lost shipments, and damaged goods, assess whether the seller's current terms adequately limit the seller's liability for shipping problems outside the seller's control, and develop the contractual and operational strategy for managing shipping disputes.

The California Consumer Privacy Act and the California Privacy Rights Act give California consumers the right to know what personal information the seller collects, the right to request deletion of that information, the right to opt out of the sale or sharing of that information with third parties, and the right to non-discrimination for exercising these rights, and the online seller who has annual gross revenues exceeding twenty-five million dollars, who buys or sells personal information on fifty thousand or more consumers annually, or who derives fifty percent or more of annual revenues from selling personal information must comply with these requirements. Consumer-data-protection and data-privacy-litigation counsel can advise on the specific privacy policy disclosure requirements applicable to the online seller under the CCPA, COPPA, and other applicable privacy statutes, assess whether the seller's current privacy policy satisfies all applicable disclosure requirements, and develop the policy updates and operational procedures required to achieve full compliance.

The online seller's data security obligations arise from a combination of the FTC's broad authority to take action against companies that fail to provide reasonable data security for consumer information, the data breach notification laws of all fifty states that require notification to affected consumers and government agencies when a breach occurs, and sector-specific requirements such as the Payment Card Industry Data Security Standard that applies to sellers who accept credit card payments. Data-breach and data-security counsel can advise on the specific technical and administrative security measures required to satisfy the applicable state data security law and the FTC's data security standards, assess whether the seller's current data security program is adequate to protect consumer personal information against unauthorized access, and develop the incident response plan for managing the legal consequences of a data breach.

The online seller's terms of service should include a carefully drafted arbitration clause that requires all disputes to be resolved through binding individual arbitration rather than litigation in court, and a class action waiver that prevents buyers from bringing or participating in any class action against the seller, and the enforceability of these provisions has been consistently upheld by the courts when the arbitration clause provides a fair and accessible arbitration process and the buyer had adequate notice of and affirmatively assented to the terms. Global-consumer-protection-lawsuit and breach-of-contract counsel can advise on the specific choice of law and forum selection provisions that should be included in the online seller's terms of service, assess whether the seller's current terms contain an enforceable arbitration clause and class action waiver, and develop the dispute resolution framework that most effectively protects the seller's litigation interests.