The world of e-commerce has grown exponentially and continues to grow at a rapid rate under the current circumstances. This presents entrepreneurs with opportunities to digitalise their business and expand to the global market. However, regulating a worldwide market means strict enforcement of the law to ensure fair practice and compliance. With that said, entrepreneurs should address the following issues to mitigate risks of legal consequences.

Laws and regulations are constantly changing in response to evolving societal values. Entrepreneurs shall therefore develop the good practice of staying current on legal amendments enacted and applying them to all areas of operations.

Devising effective terms and conditions for your website

The terms and conditions are a legally binding agreement between you and the customer. While it is not legally mandatory under Hong Kong law, the incorporation of one is highly recommended and adds contractual value. Entrepreneurs shall ensure that the terms and conditions are correctly incorporated and accepted by consumers before each sale.

If a business incorporates terms and conditions to its website, the terms drafted should comply with the Electronic Transaction Ordinance (Cap 553).

Other points to note for effective terms and conditions:

  • Accessible to the consumer
  • Clear and concise language
  • Great attention drawn to specific terms that are against consumer interests
  • If translations are provided, e.g. English and Chinese, it must be clearly stated which version prevails in case any discrepancies arise
  • Information about the seller’s business
  • Fair and reasonable

Collecting customers’ personal data for direct marketing

The implementation of the privacy policy is legally mandatory under Hong Kong law. While it is not a contract, the policy is a unilateral declaration that shall be visible and accessible to customers on the website. The policy shall be articulated clearly to the customers and disclose all information regarding the purpose and use of the customers’ personal data.

Pursuant to the Personal Data (Privacy) Ordinance (Cap 486), the collection of consumers’ personal data is highly sensitive and requires strict implementation in terms of its use for marketing purposes. Breaches or failure to comply with such requirements may result in criminal sanctions.

Basic requirements of a robust privacy policy:

  • Clearly state the use and type of personal data collected
  • Identify the collector and the entities to which the information is disclosed to
  • Personal data can only be retained temporarily and used no longer than necessary
  • Implement a system enabling customers to access and rectify their data

Cybersecurity protection from online fraud

Cases of fraud within the cyber space has amounted to alarming concern, to which online business must adapt to prevent security breaches and disruption to business operations. Fraudsters target money and/or private information, and disguise their means of collection through phishing emails and suspicious links to induce businesses. Cybersecurity issues are time-sensitive and must be actioned upon immediately to prevent a company from suffering data, financial and reputational loss.

Preventive actions to minimise cybersecurity and fraud risks:

  • Verify the sender’s identity before opening any suspicious link or responding to suspicious emails
  • Conduct regular security checks of new beneficiaries before making any monetary transactions or exchanging company information
  • Encrypt all sensitive information, especially customers’ personal data

In summary, in experiencing a rapid integration of technology and online platforms into business practices, it is more crucial than ever that entrepreneurs ensure proper measures are implemented to prevent fraudulent practices or suffer from legal consequences.

This summary is for information purposes only. Its contents do not constitute legal advice and should not be regarded as a substitute for detailed advice in individual cases. Transmission of this information is not intended to create, and receipt does not constitute, a lawyer-client relationship between JC Legal and the user or browser. JC Legal is not responsible for any third-party content which can be accessed through the hyperlink provided in this summary.

© 2020 JC Legal. Developed by Varomatic.