Quite probably, yes. But the good news is that it isn’t too difficult (or expensive) to become compliant with UK and EU law. As the owner of a website you have a number of legal obligations to fulfil that are governed by the Information Commissioner’s Office (ICO). The ICO is an independent agency that is responsible for protecting the rights of individuals’ personal data, wherever it is used online.
Your organisation, whether you are a sole trader or a PLC, is legally obliged under The Data Protection Act 1998 to register as a ‘Data Controller’, if your website collects any personal data. Personal data could be in the form of cookies your website sets, or the information you collect through contact forms or email subscription forms. It is highly unlikely that your website doesn’t at the very least set cookies as they are used in any tracking software such as Google Analytics, as well as advertising and social media integration tools.
It is straightforward to register with the ICO (although they do charge £35 per year for the privilege) but there is no way to do it online and must be done by post. It is also an annual subscription, so you will need to remember to keep up to date.
Display the correct information
Another area where you may be falling foul of the law is in the correct displaying of company information. If you own a limited company you must display the company registration number, place of registration and registered office address in an accessible place on the website. This doesn’t have to be on every page but it must be easy to find; a ‘Contact Us’ page is a common example although, some sites use the footer section on each page. You should also be including this information in company communications, for example emails. As well as being required for legal compliance, it also makes good business sense to include as much information about your company as possible, as transparency helps to build trust with your potential customers.
Required legal documents
If your website provides or sells services and products you should include a terms and conditions document and require that customers signify their consent to said terms before continuing. It is also within this document that you have the opportunity to specify how the visitor is permitted to use the website and all of its content.
In 2011 the EU passed a privacy law. As part of this law websites are required to obtain permission from visitors before storing cookies in their web browser. This law also requires that visitors are given the option to opt-in or ‘accept cookies’ as soon as EU visitors arrive at the website. This is commonly seen in the form of a pop up bar with a button to ‘accept’ along with a link to the full cookies policy document. Failure to properly adhere to the ‘cookies law’ is unlikely to result in severe legal sanctions; many large organisations are not compliant, but you may see your Google services restricted or stopped if you do not meet their requirements, which would probably be much more harmful to your business.
If your company provides a website is must be accessible to disabled users under the Equality Act 2010. It is unlikely that you would face legal action under this act; no case related to a website and this act has been heard in court, but there are also ethical issues to consider which are beyond the scope of this article. Clearly it makes no commercial sense to hinder a user’s access to your website and there are many simple steps that can be taken in the construction of your website to aid disable users. For example, adding alternative text to images to describe the content in screen readers, or considering colour usage and its impact on colour blind users.
What if I don’t comply?
Non-compliance with any of the aforementioned acts and laws can result in two kinds of sanctions; civil liability and criminal liability of varying severity, from financial penalties all the way up to prison terms. Civil liabilities commonly arise from copying of content and material from third parties, but could also be related to libel. Examples of infringements that are subject to criminal liability are breaching data protection laws by failing knowingly or otherwise, to protect users’ confidential information.
This article is only intended as a general overview of the legal issues surrounding website ownership and in no way should it be considered a substitute for proper legal advice.