With technology scaling rapidly and changing lifestyles, e-commerce is booming globally. Australia is no exception with revenue from e-commerce expected to reach around US $45.54 billion in 2022.
If your business in Australia engages in any electronic transactions, you need to know what legislation applies to your business and what federal and state legislation requires compliance.
We have compiled a legislation guide to help you understand these regulations and whether and how they apply to you.
Electronic Transactions Act
The Electronic Transactions Act (Cth Act) ensures that any transactions valid under the commonwealth law will not be considered invalid if they are conducted electronically or through electronic communication.
Wherever you are required to provide written information or handwritten signature, produce a document or record information, the ETA allows you to do so electronically. It can be said that this law serves as the foundation for e-commerce in the country.
While the act allows for these provisions, it does not specifically mention any technologies to be used for these purposes. Hence, you are free to use any software or technology that enables you to prepare these documents. The Act applies to all Commonwealth laws unless they are exempted under the Electronic Transactions Regulations 2000.
While the Cth Act applies, some territories have their own ETA Acts like NSW, Queensland, Victoria and Western Australia. It is advisable to refer to your relevant territory law, as well as the Cth Act which will apply where the territory act will not.
Australian Consumer Law
The Australian Consumer Law (ACL) comes under the Competition and Consumer Act 2010. This legislation applies to all businesses in Australia, including foreign businesses that operate in the country.
Since the ACL applies to almost all businesses offering goods or services, it is an extensive piece of legislation and a business lawyer can help you understand what parts apply to your business.
For e-commerce businesses, the rules are similar to those for regular businesses. You are obligated to offer consumer guarantees – refunds or replacement. These are rights automatically transferred to the purchaser when they buy goods or services.
Under the guarantee, consumers have the right to a refund or replacement in case the product does not perform what it is meant to do, is broken, is not what was described, or the quality is not what was promised.
In July 2021, changes in the ACL required businesses to offer guarantees for products and services they offer for under $100,000. The threshold has been increased from the previous figure of $40,000.
This guarantee is a significant one and must be provided apart from any other warranties the business may offer to the customer. The guarantees do not only apply to the sale or offer of goods but also those of services.
Spam Act 2003
Many businesses today use email marketing. While it is one of the best ways of getting your customer’s attention and promoting your business, it is also closely regulated. Before you launch your email marketing campaign, you must know of the Spam Act.
The Spam Act 2003 requires the business to get the consent of the receiver before sending any electronic communication via email, SMS, multimedia messages or instant messaging. Any messages sent are referred to as ‘spam’.
The Act does not strictly prohibit the sending of spam messages but does regulate what makes these messages valid. Before sending spam, a business must identify itself as the sender and add its contact details, seek permission from the receiver and make it easy to unsubscribe.
Permission
When seeking permission from the recipients of your commercial messages, two types can be obtained: express, or inferred.
- Express permission is given when consumers willingly sign up to receive any commercial or promotional messages from your business. You can obtain this consent by including the following options on the website or any communications you are opting for: ticking a box, filling in contact details or through phone calls. Businesses should have a record of having received this consent as part of their obligations.
- Inferred permission is given when the relevant recipient has offered their contact details to the business directly. In this case, customers do expect that they might be receiving some sort of promotional and marketing content.
Identifying Yourself
Any electronic communication sent should be from the business and should be authorised by it even if the employees are handling communications. You should use your registered business name and include the ABN (Australian Business Number) of your business for identification. Any changes in the business name should be communicated to the customers so they can identify you.
Easy to Unsubscribe
All communication should include an unsubscribe option. You should include the unsubscribe option, without charging any additional fee and the link should be valid for at least 30 days after the communication has taken place.
Privacy Act 1988
The Privacy Act 1988 seeks to protect the personal information that customers give to businesses. All businesses with an annual turnover of $3 billion have to comply with the Privacy Act. All businesses with health information need to comply regardless of the annual turnover figure.
If you have the personal data of your customers or clients, you need to have a comprehensive Privacy Policy in place. This policy varies depending on the nature of your business, and the type of information and is best crafted with expert legal counsel. The policy is more important for e-commerce businesses as electronic transactions and operations inevitably have an increased transfer and flow of information.
The Privacy Act also mandates reporting of Notifiable Data Breaches (NDB). An NDB is a breach that can have serious consequences and harm to an individual as a consequence. Such breaches have to be reported following due procedure. There should be policies in place which outline the process to follow when an NDB occurs, and all employees must be well-versed with the protocols.
Cyber Security Protocols
E-commerce businesses are always exposed to cyber risks. To ensure safety, you should have effective cyber security systems and protocols in place. Additionally, you will also need to have relevant policies in place for cookies, terms and conditions, operational policies and payment gateways and options.
Key Takeaways
- E-commerce businesses are booming, and technologies are changing at a rapid pace. This dynamic environment needs to be secured to prevent consumer exploitation through legislative policies.
- The Electronic Transactions Act and the Australian Consumer Law are critical pieces of legislation that form the foundation of e-commerce.
- Laws and policies such as the Spam Act, Data Privacy Act, and cyber security protocols safeguard consumers from misuse of their data.
- Compliance with regulations and legislation also offers protection to businesses and enables the smooth operations of e-commerce ventures.
The legislative framework for e-commerce operations is expansive and can be difficult to navigate. It is critical for businesses to understand what laws apply to them and how they should be complied with. As a business, you need to have legal policies in place.
If you are navigating the legal aspects of your e-commerce business, reach out to our business lawyers today. The specialist legal experts at Lazarus Legal can help you craft policies and navigate the several different legal aspects of your business in line with your goals and strategies.
You may also like
Mark Lazarus
Mark Lazarus, the visionary behind the business and the fresh blood of the Lazarus Legal team, Mark (or Laz as he is often known) owes much of his success to his past experiences. And he’s made it his personal goal to bring that wisdom and formula to the firm.
