Essential guide to internet and email law

Close up of cursor opening email software

The internet is covered by laws and regulations that have implications for every business that works online.

If you sell your products and services online, there are additional laws that give consumers extra protections that you must know about. It can become more complicated if you sell products and services internationally.

Here, we explore some of the laws governing the internet, email, and ecommerce.

Rules governing emails

Contracts and ecommerce

Data protection

Intellectual property

Monitoring email and internet usage

1. Rules governing emails

The same basic rules which apply to ordinary business letters also apply to emails.

You need a standard footer stating your company name and other details

  • You must include your registered office address, a contact email address, company registered number and country of registration.
  • You can use the signature feature of most email software to automatically add standard contact details to your emails.

You may want to include a standard disclaimer

  • Here's a standard template disclaimer: "This email is confidential and for the use of the intended recipient only. If you have received this email in error, please inform us immediately and then delete it. Unless it specifically states otherwise, this email does not form part of a contract."
  • Simply inserting a disclaimer does not mean that you cannot be held liable for the contents of an email or any breach of privacy that results if it is delivered in error.

The content of an email is covered by the same laws as the contents of a letter

  • Do not send or forward emails that are illegal, offensive or discriminatory.
  • Check the contractual implications of an email before sending it (see Contracts and ecommerce). If you are unsure, get professional advice.

Marketing emails are covered by a range of regulations aimed to protect customers from spam

  • You must clearly show the purpose of the email and who has sent it.
  • You must provide a valid address which recipients can use to opt out of receiving further emails from you.
  • You cannot send marketing emails to consumers, sole traders or unincorporated partnerships without their prior consent unless their email address was collected in the course of a previous sale or sale negotiation relating to similar goods or services.
  • Any promotional offers contained in your emails must be obvious, clear and easily accessible. Any competitions or games must also be obvious, and the rules both clear and accessible.

You must be careful what information you include in emails

  • A misguided or offensive email sent round the office could be forwarded round the world in seconds.
  • Emails (and the internet sites people have visited) are stored and recorded and can be used as evidence many years later.
  • If an email is sent (or forwarded) to an international recipient, that country's laws apply to its content. For example, you could be sued in that country for publishing a libel that may not necessarily be libellous under English law.
  • Your business could be held liable for emails sent by your employees, so they must understand the implications of doing so.

2. Contracts and ecommerce

The contents of an email or your website are contractually significance

  • As a seller, you must make it clear what steps a buyer must complete to create a legally binding contract.
  • The content of emails that are sent and received before a contract is concluded form part of the contractual agreement.
  • Digital signatures can be used to authenticate documents.
  • The information on your website can form part of a contract.
  • Make sure it is clear to your customers at what stage a contract will have been formed and the languages it is available in.
  • You must also give customers a chance to check their order for errors (and allow them to correct them) before the order is placed.

You must provide the correct company details on your website

  • You must include your full company name, address (geographic and registered) and email address.
  • The company's registration number and place of registration should also be given.
  • You must state any professional registration, membership and authorisations (eg the Law Society) the company has.
  • If your company has a VAT number, this must be included.

Take care with your terms and conditions

  • Ensure that customers agree your terms and conditions before you accept an order. Make them clearly accessible on your site and provide a link in official emails to customers.
  • Send an email to confirm the order (provided you have enough stock to fulfil the order).
  • Adapt your terms and conditions specifically for your website. For example, you might want to state that your website is only an invitation to the customer to consider buying. Add that the offer will only be confirmed when you email to accept the order.
  • Put your terms of trade in a pop-up box that appears when a customer is about to make an online purchase. Make customers tick a box to confirm they agree to your terms.
  • Make sure customers can store a copy of your terms and conditions. For example, put them in a form which can be saved and printed, such as a PDF. Don’t provide official documents in an editable form, such as a Word document.

Keep prices - and the rest of your website - up to date

  • Regularly check the prices for every item listed on your website. State whether prices include VAT, tax and delivery costs.
  • If your website makes a direct offer, and this is accepted, you may be obliged to fulfil the contract, even if the price listed is incorrect.
  • You must clearly indicate taxes and delivery charges, if applicable.
  • You must include the buyer's right to cancel the order, known as a cooling-off period. If the customer buys online, they generally have the right to change their mind and cancel an order for goods within 14 days of receiving the goods.
  • Customers also have the right to a cooling-off period for any services or credit agreements they buy online.
  • You must provide the customer with a return label to send goods back if they change their mind. The cost can be deducted from their refund amount.
  • There are different rules for personalized items or food products. In most cases, these can only be returned if they are damaged or broken.

It can be difficult to determine precisely where contracts and transactions occur

  • In some countries, local laws (such consumer protections) will apply - even if your terms and conditions state that any contract is governed by English law.
  • If you sell products or services to. Other countries transactions may be subject to regulation and taxation in the customers' country.
  • If you are using a website to sell or promote your products to UK customers only, make sure you state this clearly.

Be careful who you are selling to

  • It can be illegal to sell certain products to minors. You’ll need to ensure that you check before sending them.
  • Contracts established with minors are unenforceable.

You must confirm receipt of an electronically placed order

  • You must do this as soon as possible.
  • In most cases, you can automate this process using the customer's email address.

If you buy products and services online for your business, the same considerations apply

  • Ensure you know who you are dealing with and in which jurisdiction.
  • Paying with a credit card offers greater levels of protection than other forms.

Online marketing messages are regulated in the same way as advertisements

3. Data protection

If you handle personal data in any form, you must comply with the General Data Protection Regulation (GDPR). You may also have to register with the Information Commissioner.

You must not use personal data for direct marketing purposes if an individual asks you not to.

Set up a clear privacy policy, and make it prominently available on your website

  • Before asking users to provide information, tell them how their details will be used. Will you be using the data for mailings or market research? Will you share their contact information with other organisations?
  • People must provide consent for you to use their personal data for mailings or market research. This is called a positive opt-in. This is a requirement if you are sharing information with other organisations or are marketing their products.
  • A good rule is to only collect the data you need. You must not keep personal data for longer than you need it.
  • If your site uses cookies, you need to tell visitors how you use them and work out how to get visitors' consent. Cookies can be used to improve site useability and monitor visitors' browsing behaviour.

Comply with regulations on monitoring employees' email and internet use

Store any data you collect securely

  • Access to data, particularly personal and financial information, should only be given to employees who need it.

4. Intellectual property

Material on the internet is protected by copyright and other intellectual property laws

  • Put a copyright notice on your website. However, enforcing your copyright, particularly overseas, can be challenging.
  • State any trade marks you are using.
  • Do not use images or text that are protected by someone else's copyright or someone else's trade marks without their permission.
  • Do not download and use copyright protected material without permission. For example, you usually have to accept a copyright owner's terms (which may include payment) before downloading software.

Design rights apply to websites

  • If you use a designer to create your website, ensure that the design right is assigned to you in writing.
  • Copyright for software you use on your site generally remains with the supplier (and is licensed to you).
  • Get a written guarantee from the designer that the site does not breach anyone else's rights.

Linking to other websites can be a breach of copyright

  • You shouldn’t copy other websites, including lifting text, images or videos, and present it as your own.
  • You can link to other sites, but ensure they appear in a new window.
  • If you want to replicate content, ask the owner for their permission before doing so.

Domain names can be contentious

  • Your domain name should be unique to your business, and not be designed to mimic an established business or mislead customers.
  • A company that feels you are infringing its trade mark can ask the internet authorities to assign the domain name to them or take you to court. Large companies are particularly vigorous in pursuing claims (and have the resources to do so).
  • If you have a trade mark and register a related domain name, you should be safe from potential claims.
  • To stop others from imitating you, consider buying various domain extensions, such as .com and
  • Having a trade mark may not be enough to be to prevent someone else from registering and using a domain name. You may have to prove they are acting in bad faith or attempting to piggyback on your success.

5. Monitoring email and internet usage

A monitoring system can help you control inappropriate or illegal use of email and the internet in your business, but there are legal restrictions on monitoring.

You must inform employees if you intend to monitor emails or internet use

  • This also applies to monitoring employees' phone use.
  • Make monitoring part of your employment contracts and your email and internet policies.
  • Ensure staff sign up to the policy and can access a copy online, through your intranet for example.

You can monitor internet and email traffic that passes through your business

  • You can install software which logs all emails sent and received, together with the addresses (but not the contents).
  • You can install software which produces a log of all internet sites visited and any downloads made.
  • You can also install software to prohibit access to specified internet sites.
  • If you do decide to monitor your employees' use of email and the internet, it is essential that you make them aware that you are doing so.

You may inspect individual emails for specific business purposes

You may inspect emails without the employee's consent for purposes including:

  • recording transactions and other important business communications
  • making sure employees comply both with the law and with your internal policies
  • preventing abuse of your systems
  • checking emails when employees are on leave

In all other cases, you must get permission to monitor communications or read emails

  • You need permission from both the sender and the receiver.

Employees' actions

You are generally responsible for your employees' actions when they are using your email and internet systems.

Contractual obligations created over the internet are just as binding as any other.

Defamatory statements can quickly be circulated to a wide audience, potentially harming the reputation of your business

  • Defamatory emails must not be sent or forwarded, even internally. Several major companies have been forced to pay substantial damages to competitors that have been libelled in emails.
  • The informal nature of chatrooms and discussion forums means there is a high risk of employees making defamatory comments.

Offensive emails or even website access can create a hostile working environment

  • This can lead to claims for stress or discrimination.

The internet can make it easy for employees to commit illegal acts

  • For example, stealing other people's intellectual property by copying photos or text from other sites to use on your own.
  • In most cases, an aggrieved party will pursue the company rather than the individual employee responsible for the problem.
  • Setting up and enforcing appropriate policies, and training all employees, can substantially reduce the risks.



The law is complex. This factsheet reflects our understanding of the basic legal position as known at the last update. Obtain legal advice on your own specific circumstances and check whether any relevant rules have changed.

Expert quotes

"Use some common sense when devising your email disclaimer - a long one can put recipients off reading the message itself." - Steve Newton, Galatea Training Services

"Make sure employees know communications over intranets and the internet are not private. State clearly how emails will be monitored in both your employment contracts and your email policy." - Annelise Tracy Phillips, Eversheds

"Smartphones, PDAs and other devices are becoming ever more important business tools. However, the size of the screens complicates compliance with the Distance Selling Regulations. Thus, companies must devise and implement technological strategies which enable them to take full advantage of mobile technology to sell goods and services whilst fulfilling their legal obligations." - Simon Halberstam, Sprecher Grier Halberstam LLP

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.