Even before the coronavirus pandemic, e-commerce was experiencing an accelerated expansion worldwide. As a result of that global trend, its growth has also been noticed in Serbia. With regard to the domestic market, we can ascertain with confidence that, if anyone has been positively affected by the pandemic, it is those who have previously recognized the benefits of e-commerce. From the current perspective, it seems that rarely has any online shop failed to record double-digit growth since the proclamation of the Covid-19 pandemic in Serbia.
If you are convinced that this is only a fleeting positive effect, better think twice. After customers have experienced all the great benefits of online shopping, such as a wide range of available goods, shopping at any given time, day or night, payment by card or cash on delivery, as well as the home delivery, they will be willing to return to the traditional brick and mortar shopping experience?
If these global trends have taught you this important lesson, or the e-commerce store is something you have planned in your backlog, we have prepared a list of key legal aspects for you to consider.
One of the key findings in relation to the e-commerce business is that everything that applies to brick and mortar sales applies to online sales as well. The fact that the customer cannot physically walk through your store and check the products does not mean that they cannot do the same while looking at the product offered from the convenience of their home.
Hence, the same game rules apply to e-commerce stores!
As a seller (retailer), you are required to guarantee the buyers the same rights and opportunities as in traditional business, whilst you have to comply with all the obligations as you would otherwise, when selling goods at a boutique, department, or convenience store .
Besides that, there are additional obligations for e-commerce retailers.
In order to act in accordance with your duties, you need to provide all the necessary information about your store, products, and how the customers, ie, consumers, can exercise their rights .
Thus, your first step shall be to adopt a comprehensive Terms of Services , which will provide the buyers with both the rights and obligations that they have in their relationship with you. For example, the Terms of Service shall contain instructions on how to complete a purchase, is the price VAT included, are the shipping costs included, how to file a claim or replace the purchased product, who bears the responsibility for defective goods, and the proper functioning of things, etc. The more comprehensive your Terms of Services are, the less risk you face of eventual litigation or inspection.
How important the Terms of Services are to e-commerce retailers, we can learn from the lawsuit against Amazon.com. In short, a customer filed a lawsuit against Amazon  for injuries received from a faulty coffee machine, which the customer had purchased through that e-commerce platform. As someone who enabled the sale of a faulty device, the questions of responsibility for the goods sold and the proper functioning were raised. Thus, if you have not prescribed the court jurisdiction and the application of substantive law in the Terms of Services, you are at risk of being subject to the law of the country where the injury has occurred, as well as running the proceedings in that country , which may be significantly less favorable to you.
For a giant like Amazon.com, the potential payout of USD 2 million and court costs could be perceived as pocket money. Still, ask yourself if your e-commerce startup would survive such a financial blow and negative publicity.
The practice has shown that many e-commerce stores and platforms fail to indicate who is behind them, ie, their background and real ownership structure.
Apart from the fact that such behavior fosters distrust in customers, it is also illegal, and can ultimately result in fines.
According to the Consumer Protection Law, you are obliged to inform the consumer clearly and understandably, among other things, of your business name, company identification number, registered address, and telephone number, all before entering into a contract for the sale of goods.
Whatsmore, the Law on Electronic Trade obliges you to give notices of the procedure that applies to the conclusion of the agreement, contractual provisions, Terms of Services, if they are an integral part of the agreement, and the language versions in which the agreement can be concluded, etc.
If you fail to provide consumers with all necessary information, you are at risk of penalties, which for legal entities range from RSD 300,000.00 to 2,000,000.00.
Interestingly, the issue of leaving a phone number for consumers has also been raised at the European Union level. Again, Amazon.com electronic was “accused”, but according to the EU authorities, without any merit.
Specifically, the German Consumer Federation  appealed to the European Court of Justice, claiming that Amazon did not honor its legal obligations by failing to provide consumers with effective means of communication, that is, by not informing consumers clearly and understandably about their telephone and fax numbers.
The European Court of Justice ruled in favor of Amazon, saying that Amazon was not obliged to always provide consumers with telephone contact before entering into a contractual relationship, provided that simple communication was enabled in another direct and effective manner.
However, consumer awareness has been raised to a much higher level in recent years, and competent inspection authorities are increasingly controlling businesses and their operations.
Violation of these regulations can result in the imposition of fines on legal entities of RSD 100,000 to even 2,000,000.
In addition, if you use the services of a third party for sending the newsletters, as well as any other service that processes data collected by you through the website, it means that you have engaged a personal data processor, and you are obliged to regulate your contractual relationship with them. Finally, you should also keep in mind the rules regarding international data transfer.
What will differentiate your business from the competitors is offering the possibility of online payment to your customers.
However, the introduction of electronic payment options raises many questions and requires you to ensure the security of the transactions.
In addition to the essential crypto protection, as well as the SSL certificates, you will have to delve deeper into this issue in order to prevent or at least reduce the risk of fraud.
Another way to increase the security of electronic transactions is to comply with the PCI standards  . These standards are important for all retailers who accept credit card payments and provide data security both during the transaction and during storage and verification.
It is enough to leak the data of only one of your customers and you are already on the way to losing the trust of the consumers that you have been building for years. You should take into consideration that no one will want to buy and leave their data if there is the slightest chance that the data will end up in the wrong hands, especially if the data includes valuable information such as card numbers or checking accounts.
However, if a leak occurs, you must notify the person whose data was breached, and in some cases, even the general public. Also, under the Law on Personal Data Protection , you are required to notify the Commissioner for Personal Data Protection about the data breach, within 72 hours of becoming aware of the breach.
In addition to the risk of losing clients, there is also the risk of being punished for a personal data breach. Penalties under the Law on Personal Data Protection go up to 2 million dinars, and according to the General Data Protection Regulation (GDPR), which may apply to domestic business entities in certain cases, up to 20 million euros or 4% of the annual company turnover, whichever is higher.
It is important to emphasize that a number of internal procedures need to be put in place, both concerning consumers and the protection of personal data. Your staff must know their roles and procedures, and keep all the necessary records at all times.
Finally, if all of this seems like science fiction that certainly won’t affect you, keep in mind that as many as 89,271 personal data breaches  have been reported at the EU level in a single year.
In addition, if you plan to expand your business to the EU territory, you will surely have to inform yourself in detail about the applicable laws and obligations imposed by the GDPR.
Understanding all regulations is necessary in order to create a stable business, as well as to protect your consumers who will become your regulars.
The information presented in this blog does not represent legal advice but is solely informative.