Internet and email law

Close up of cursor opening email software

The internet is not an unregulated free-for-all: the law still applies, and you need to understand the implications for your business.

In some cases, such as online sales, there are additional laws that give consumers extra rights. The international nature of the internet, and the ease with which information is copied and transmitted, can lead to additional problems.

Rules governing emails

Contracts and ecommerce

Data protection

Intellectual property

Monitoring email and internet usage

1. Rules governing emails

The same basic rules which apply to ordinary business letters also apply to emails.

You need a standard footer stating your company name and other details

  • You must include your registered office address, a contact email address, registered number and country of registration.
  • You can use the signature feature of most email software to add standard contact details to your emails automatically.

You may want to include a standard disclaimer

  • For example: "This email is confidential and for the use of the intended recipient only. If you have received this email in error, please inform us immediately and then delete it. Unless it specifically states otherwise, this email does not form part of a contract."
  • Simply inserting a disclaimer does not mean that you cannot be held liable for the contents of an email or any breach of privacy that results if it is delivered in error.

The content of an email is covered by the same laws as the contents of a letter

  • Do not send or forward emails that would be illegal, offensive or discriminatory if sent as an ordinary document.
  • Check the contractual implications of an email before sending it (see Contracts and ecommerce).

Commercial emails are covered by a range of regulations

  • You must clearly show the purpose of the email and who it is coming from.
  • You must provide a valid address which recipients can use to opt out of receiving further emails from you.
  • You cannot send marketing emails to consumers, sole traders or unincorporated partnerships without their prior consent unless their email address was collected in the course of a previous sale or sale negotiation relating to similar goods or services.
  • Any promotional offers contained in your emails must be obvious, clear and easily accessible. Any competitions or games must also be obvious, and the rules both clear and accessible.

Emails can present high risks

  • Emails are easy to distribute widely. A misguided email sent round the office could be forwarded round the world in seconds.
  • Emails (and internet sites) are easily stored and used as evidence.
  • If an email is sent (or forwarded) to an international recipient, that country's laws may apply to its content. For example, you might be sued in that country for publishing a libel that may not necessarily be libellous under English law.
  • Your business is likely to be held liable for emails sent by employees.

2. Contracts and ecommerce

The contents of an email or your website can have contractual significance

  • As a seller, you must make it clear what steps a buyer has to complete to create a legally binding contract.
  • The content of emails sent and received before a contract is concluded can form part of the contractual agreement.
  • Digital signatures can be used to authenticate documents.
  • The information on your website can form part of a contract.
  • Make sure it is clear to your customers at what stage a contract will have been formed and the languages it is available in.
  • You must also give customers a chance to check an order for errors (and allow them to correct them) before the order is placed.

Give the right company details on your website

  • You must include your full company name, address (geographic and registered) and email address.
  • The company's registration number and place of registration should also be given.
  • You must state any professional registration, membership and authorisations (eg the Law Society) the company has.
  • If your company has a VAT number, this should be also be stated.

Take care with your terms and conditions

  • Ensure that your terms and conditions are agreed before you accept an order. Send an email to confirm the order (provided you have enough stock to fulfil the order).
  • Adapt your terms and conditions specifically for your website. For example, you might want to state that your website is only an invitation to the customer to consider buying. Add that the offer will only be confirmed when you email to accept the order.
  • Put your terms of trade in a pop-up box that appears when a customer is about to make an online purchase. Make customers tick a box to confirm they agree to your terms.
  • Make sure customers can store a copy of your terms and conditions. For example, put them in a form which can be saved and printed.

Keep prices - and the rest of your website - up to date

  • Make sure you know where prices appear on your site and check them  regularly. Also state whether prices include VAT, tax and delivery costs.
  • If your website makes a direct offer, and this is accepted, you may be obliged to fulfil the contract, even if the price is wrong.
  • You must clearly indicate taxes and delivery charges, if applicable.
  • You must include the buyer's right to cancel the order, known as the cooling-off period. If the customer buys online, they generally have the right to change their mind and cancel an order for goods within 14 days of receiving the goods.
  • Customers also have the right to a cooling-off period for any services or credit agreements they buy online.

The place where contracts and transactions occur can be difficult to determine

  • In some countries, local laws (eg consumer protection laws) will apply even if your terms and conditions state that any contract is governed by English law.
  • If you have a presence in another country and carry out business over the internet with customers there, transactions may be subject to regulation and taxation in your customers' country.
  • If you are using a website to sell or promote your products to UK customers only, make sure you state this clearly.

Be careful who you are selling to

  • Selling to minors may be illegal depending on the country you are selling to and what you are selling.
  • You will usually find that contracts with minors are unenforceable.

You must confirm receipt of an electronically placed order

  • You must do this without any unnecessary delay.

If you make purchases over the internet, the same considerations apply

  • Make sure you know who you are dealing with and in which jurisdiction.

Online marketing messages are regulated in the same way as advertisements

  • They must comply with the 'CAP Code' enforced by the Advertising Standards Authority.
  • The basic rule is that adverts must be 'legal, decent, honest and truthful'.

3. Data protection

If you handle personal data in any form, you will have to comply with the General Data Protection Regulation (GDPR). You may also have to register with the Information Commissioner.

You must not use personal data for direct marketing if an individual asks you not to.

Set up a clear privacy policy, and make it prominently available on your website

  • Before asking users to provide information, tell them how their details will be used. Will you be using the data for mailings or market research? Will you share their contact information with other organisations?
  • People must give you consent to use their personal data for mailings or market research, using a positive opt-in. This is a requirement if you are sharing it with other organisations or are marketing their products.
  • Only collect the data you need. You must not keep personal data for longer than you need it.
  • If your site uses cookies, you need to tell visitors how you use them and work out how you will get visitors' consent. Cookies can be used to improve site useability and monitor visitors' browsing behaviour.

Comply with regulations on monitoring employees' email and internet use

Store any data you collect securely

  • Access to the data should only be given to employees who need it.

4. Intellectual property

Material on the internet is protected by copyright and other intellectual property laws

  • Put a copyright notice on your website. Actually enforcing your copyright, particularly overseas, can be problematic.
  • State any trade marks you are using.
  • Do not use images or text that are protected by someone else's copyright or someone else's trade marks without their permission.
  • Do not download and use copyright material without permission. For example, you usually have to accept a copyright owner's terms (which may include payment) before downloading software.

Design right applies to websites

  • If you use a designer to create your website, ensure that the design right is assigned to you in writing.
  • If you fail to have design right assigned to you, you could be forced to pay the designer every time you want to change the site. And you may not be able to have it changed by anyone else.
  • Copyright for software you use on your site generally remains with the supplier (and is licensed to you). If you commission bespoke software, get the copyright assigned to you.
  • Get a written guarantee from the designer that the site does not breach anyone else's rights.

Linking to other websites can be a breach of copyright

  • Making other web pages appear to be part of your site, or modifying their appearance, is generally not permitted.
  • The safest course is always to ask permission from a website's owner before linking to it.

Domain names can be contentious

  • If you have a trade mark and register a related domain name, you should be reasonably safe from potential claims.
  • A company that feels you are infringing its trade mark can ask the internet authorities to assign the domain name to them, or take you to court. Large companies are particularly vigorous in pursuing claims (and have the resources to do so).
  • Just having a trade mark may not be enough to be able to prevent someone else from using a domain name. You may have to prove they are acting in bad faith or attempting to piggyback on your success.

5. Monitoring email and internet usage

A monitoring system can help you control inappropriate or illegal use of email and the internet in your business, but there are legal restrictions on monitoring.

You must inform employees if you intend to monitor emails or internet use

  • This also applies to monitoring employees' phone use.
  • Make any monitoring part of your employment contracts and your email and internet policies.

In general, you can monitor internet and email traffic

  • You can install software which produces a log of all emails sent and received, together with the addresses (but not the contents).
  • You can install software which produces a log of all internet sites visited and any downloads made.
  • You can also install software to prohibit access to specified internet sites.
  • If you do decide to monitor your employees' use of email and the internet, it is essential that you make them aware that you are doing so.

You may inspect individual emails for specific business purposes

You may inspect emails without the employee's consent for purposes including:

  • recording transactions and other important business communications
  • making sure employees comply both with the law and with your internal policies
  • preventing abuse of your systems
  • checking emails when employees are on leave

Otherwise you must get permission to monitor communications or read emails

  • You need permission from both the sender and the receiver.

Employees' actions

You are generally responsible for your employees' actions using your email and internet systems.

Contractual obligations created over the internet are just as binding as any other

Defamatory statements are easily circulated to a wide audience

  • Defamatory emails must not be sent or forwarded, even internally. Several major companies have been forced to pay substantial damages to competitors libelled in emails.
  • The informal nature of chatrooms and discussion forums means there could be a high risk of employees making defamatory comments.

Offensive emails or even website access can create a hostile working environment

  • This can lead to claims for stress or discrimination.

The internet can make it easy for employees to commit illegal acts

  • For example, stealing other people's intellectual property by copying photos or text from other sites to use on your own.
  • In most cases, an aggrieved party will pursue the company rather than the individual employee responsible for the problem.
  • Setting up and enforcing appropriate policies, and providing any training employees need, can substantially reduce the risk of being held liable.



The law is complex. This factsheet reflects our understanding of the basic legal position as known at the last update. Obtain legal advice on your own specific circumstances and check whether any relevant rules have changed.

Expert quotes

"Use some common sense when devising your email disclaimer - a long one can put recipients off reading the message itself." - Steve Newton, Galatea Training Services

"Make sure employees know communications over intranets and the internet are not private. State clearly how emails will be monitored in both your employment contracts and your email policy." - Annelise Tracy Phillips, Eversheds

"Smartphones, PDAs and other devices are becoming ever more important business tools. However, the size of the screens complicates compliance with the Distance Selling Regulations. Thus, companies must devise and implement technological strategies which enable them to take full advantage of mobile technology to sell goods and services whilst fulfilling their legal obligations." - Simon Halberstam, Sprecher Grier Halberstam LLP

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.