3 min read

Share this Blog

Rate this Post

5 Key Things to Know Before Starting an E-commerce Store

Jelena Đukanović

Attorney at Law


With the dizzying progress of technology and changes in the way people around the world shop, e-commerce stores have become an integral part of modern commerce. In recent years, e-commerce has experienced a significant increase in popularity, partly due to the impact of the COVID-19 pandemic, but also due to the broader acceptance of digital commerce. This trend is increasingly present both worldwide and in Serbia, and we can conclude that the ones who have quickly recognized the advantages of online trading are the ones who have benefited the most from it. 

If you are convinced that this is only a fleeting positive effect, better think twice. After customers have experienced all the great benefits of online shopping, such as a wide range of available goods, shopping at any given time, day or night, payment by card or cash on delivery, as well as the home delivery, they will be willing to return to the traditional brick and mortar shopping experience? 

If these global trends have taught you this important lesson, or the e-commerce store is something you have planned in your backlog, we have prepared a list of key legal aspects for you to consider. 

Do I Need E-Commerce Terms of Use?

One of the key findings in relation to the e-commerce business is that everything that applies to brick and mortar sales applies to online sales as well. The fact that the customer cannot physically walk through your store and check the products does not mean that they cannot do the same while looking at the product offered from the convenience of their home. 

Hence, the same game rules apply to e-commerce stores! 

As a seller (retailer), you are required to guarantee the buyers the same rights and opportunities as in traditional business, whilst you have to comply with all the obligations as you would otherwise, when selling goods at a boutique, department, or convenience store . 

Besides that, there are additional obligations for e-commerce retailers. 

In order to act in accordance with your duties, you need to provide all the necessary information about your store, products, and how the customers, ie, consumers, can exercise their rights . 

In that sense, your first step should be to draft detailed Terms of Service based on which each customer can be informed about their rights, as well as obligations towards you. For example: how the purchase can be made, whether VAT and delivery costs are included in the price, how to file a complaint or exchange the purchased product, liability for defects and proper functioning of the item, (non)existence of warranty, etc. The more comprehensive your Terms of Services are, the less risk you face of eventual litigation or inspection. 

How important the Terms of Services are to e-commerce retailers, we can learn from the lawsuit against Amazon.com. In short, a customer filed a lawsuit against Amazon [1] for injuries received from a faulty coffee machine, which the customer had purchased through that e-commerce platform. As someone who enabled the sale of a faulty device, the questions of responsibility for the goods sold and the proper functioning were raised. Thus, if you have not prescribed the court jurisdiction and the application of substantive law in the Terms of Services, you are at risk of being subject to the law of the country where the injury has occurred, as well as running the proceedings in that country , which may be significantly less favorable to you. 

For a giant like Amazon.com, the potential payout of USD 2 million and court costs could be perceived as pocket money. Still, ask yourself if your e-commerce startup would survive such a financial blow and negative publicity. 

Make All Necessary Notices Available to Buyers

The practice has shown that many e-commerce stores and platforms fail to indicate who is behind them, ie, their background and real ownership structure. 

Apart from the fact that such behavior fosters distrust in customers, it is also illegal, and can ultimately result in fines. 

According to the Consumer Protection Law, you are obliged to inform the consumer clearly and understandably, among other things, of your business name, company identification number, registered address, and telephone number, all before entering into a contract for the sale of goods. 

Whatsmore, the Law on Electronic Trade obliges you to give notices of the procedure that applies to the conclusion of the agreement, contractual provisions, Terms of Services, if they are an integral part of the agreement, and the language versions in which the agreement can be concluded, etc. 

If you fail to provide consumers with all necessary information, you are at risk of penalties, which for legal entities range from RSD 300,000.00 to 2,000,000.00. 

Interestingly, the issue of leaving a phone number for consumers has also been raised at the European Union level. Again, Amazon.com electronic was “accused”, but according to the EU authorities, without any merit. 

Specifically, the German Consumer Federation [2] appealed to the European Court of Justice, claiming that Amazon did not honor its legal obligations by failing to provide consumers with effective means of communication, that is, by not informing consumers clearly and understandably about their telephone and fax numbers. 

The European Court of Justice ruled[3] in favor of Amazon, saying that Amazon was not obliged to always provide consumers with telephone contact before entering into a contractual relationship, provided that simple communication was enabled in another direct and effective manner. 

Why are Website Terms of Use Important?

In addition to the Terms of Service, which, as their name implies, represent the general conditions under which your company operates, it is necessary to define the Website Terms of Use . 

The most common misconception retailers have is that the website Terms of Use have absolutely no function, as well as that nobody reads them. 

However, consumer awareness has been raised to a much higher level in recent years, and competent inspection authorities are increasingly controlling businesses and their operations. 

Therefore, if you are offering goods and/or services online, there is a very likely possibility that you are subject to the Law on Electronic Trade and the Law on Advertising. These regulations introduce a series of obligations for owners of the platforms and e-commerce businesses (“IT service providers”), thus, in order to provide all the necessary notices, you are required to publish the appropriate Terms of Use on the website . 

In the Terms of Use, you should define for whom is the website or the platform intended, what are the rules of behavior of the website users, what are the third-party advertising conditions, how the sending of commercial messages is regulated, and much more other information. 

Violation of these regulations can result in the imposition of fines on legal entities of RSD 100,000 to even 2,000,000. 

So, if you thought the Terms of Use were unnecessary, think twice. 

Privacy Policy and Cookie Policy

You have certainly noticed that almost every website you click on displays information on cookies, privacy policy, and personal data protection. Undoubtedly, you got bored of clicking and giving a bunch of various consent without even knowing what you are consenting to. 

Unfortunately, the Privacy Policy along with the Cookies Policy and Terms of Use has become a crucial element of any website and is especially important if you are in the e-commerce business. 

The Law on Personal Data Protection has introduced many obligations for companies (which we wrote about in the blog onBasic Concepts Of The Law On Personal Data Protection In Serbia  ), and one of them is to notify data subjects. This is achieved precisely through the Privacy Policy and the Cookie Policy. 

To keep your business in line with the new legal regulation, you should start by creating a clear and comprehensible Privacy Policy that will contain all the necessary elements required by the new Law. In addition, you need to inform all users transparently about the cookies you use, for what purposes are the cookies used, and how they can be adjusted, ie, blocked. This notice shall be available not only to the buyers but to all the visitors of the website. Also, the links which are leading to these Policies shall also be available and visible on the website itself. Also, the links to these Policies should be easily accessible and visible on your website. 

In addition, if you use the services of a third party for sending the newsletters, as well as any other service that processes data collected by you through the website, it means that you have engaged a personal data processor, and you are obliged to regulate your contractual relationship with them. Finally, you should also keep in mind the rules regarding international data transfer (which we explained in more detail in our blog: Transferring Data Across Oceans without Fear of the GDPR 4+ million fines). 

Security Related to Electronic Transactions

What will differentiate your business from the competitors is offering the possibility of online payment to your customers. 

However, the introduction of electronic payment options raises many questions and requires you to ensure the security of the transactions. 

In addition to the essential crypto protection, as well as the SSL certificates, you will have to delve deeper into this issue in order to prevent or at least reduce the risk of fraud. 

Another way to increase the security of electronic transactions is to comply with the PCI standards [4] . These standards are important for all retailers who accept credit card payments and provide data security both during the transaction and during storage and verification. 

It is enough to leak the data of only one of your customers and you are already on the way to losing the trust of the consumers that you have been building for years. You should take into consideration that no one will want to buy and leave their data if there is the slightest chance that the data will end up in the wrong hands, especially if the data includes valuable information such as card numbers or checking accounts. 

However, if a leak occurs, you must notify the person whose data was breached, and in some cases, even the general public. Also, under the Law on Personal Data Protection , you are required to notify the Commissioner for Personal Data Protection about the data breach, within 72 hours of becoming aware of the breach. 

In addition to the risk of losing clients, there is also the risk of being punished for a personal data breach. Penalties under the Law on Personal Data Protection go up to 2 million dinars, and according to the General Data Protection Regulation (GDPR), which may apply to domestic business entities in certain cases, up to 20 million euros or 4% of the annual company turnover, whichever is higher. Meta, Google and H&M are just some of the companies that have experienced these multi-million fines. 

It is important to emphasize that a number of internal procedures need to be put in place, both concerning consumers and the protection of personal data. Your staff must know their roles and procedures, and keep all the necessary records at all times. 

Finally, if all of this seems like science fiction that certainly won’t affect you, keep in mind that within the EU, during the first year of GDPR implementation, as many as 89,271 personal data breaches [5] have been reported. 

How To Prepare For E-Commerce

Besides the many benefits that e-commerce brings, you should keep in mind that the legal framework for online businesses is becoming increasingly complex. Hence, considering that this is an area that is constantly growing, the number of market participants is increasing, as well as the number of regulations. Along with the adoption of the necessary documents for your website, such as Terms of Use, Privacy Policy, and Cookie Policy, you should carefully examine whether you have additional obligations such as concluding an appropriate agreement with the data processor or perhaps regarding the international data transfer. 

In addition, if you plan to expand your business to the EU territory, you will surely have to inform yourself in detail about the applicable laws and obligations imposed by the GDPR. If you plan to offer your products to EU residents, it is especially important to note that in 2022, the Digital Services Act Package came into effect, consisting of the Digital Services Act (DSA) and the Digital Markets Act (DMA). This European Union regulation has introduced new obligations for owners of digital platforms, including owners of e-commerce stores. 

Understanding all regulations is necessary in order to create a stable business and its development, as well as to protect your consumers who will become your regulars. 

The information presented in this blog does not represent legal advice but is solely informative. 

[1] Eberhart v. Amazon.Com, Inc., No. 1:16-cv-08546 Court: New York Southern
[2] German Consumer Federation
[3] Case C 649/17 Bundesverband der Verbraucherzentralen und Verbraucherverbände — Verbraucherzentrale Bundesverband eV v Amazon EU Sàrl
[4] Payment Industry Security Standards
[5] Source: European Data Protection Board

Similar Articles

Latest Articles

Ready to get started?

If you are not sure about what the first step should be, schedule consultations with one of our experts.





Not Just Another Newsletter

Forget boring legal analysis and theory. Receive timely updates,
news and reminders that can actually help your business.