The growth of e-commerce in Spain and in the world in general is steady year after year.
However, the regulations and laws that have been passed, and that are in force today, did not exist until a few years ago.
According to Marketing4ecommerce, the first ecommerce transaction was carried out in 1984 thanks to a Videotex system from the American company Tesco.
From then on, it was not until 1995, with the arrival of Ebay and Amazon, that e-commerce became so widespread and explosive that it has now become one of the most important sales channels for all companies.
Today, more and more brands are focusing all their attention on the digital public through the creation and loyalty of their customers.
But, what is the law that regulates e-commerce operations, and what should you take into account from a legal standpoint if you want to create your online shop?
All these questions will be answered in this article that we have prepared for you and that will undoubtedly become one of your essential bookmarks.
Electronic Commerce Law (34/2002)
Its purpose is to establish a legal framework for the development of commerce through the different digital media in force, adapting and modifying its content in accordance with the development of each of the areas that make up the ecommerce ecosystem.
Other relevant laws
Purpose of the Law
|Royal Legislative Decree 1 of November 16, 2007||To establish the rules that service providers must follow with respect to their consumers.|
|Law 6/2020||To provide a legal framework that guarantees the security and confidence of electronic transactions.|
|Directive 2000/31/EC||To recognize the legal validity of electronic signatures and contracts concluded online.|
|General Data Protection Act (GDPR) (EU) 2016/679||To protect the fundamental rights of citizens in relation to the processing of their personal data.|
|Intellectual Property Law (IPL)||To protect copyright and related rights.|
|Organic Law on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD)||To establish and regulate consent with respect to the protection of personal data and guarantee of digital rights.|
|Spanish Civil Code||This is the fundamental decree of the Spanish state and establishes the rights and obligations of citizens.|
|European Regulation on Online Payments (PSD2)||To ensure the security of payments made during online transactions.|
|European Union Regulation on Online Dispute Resolution (ODR)||To establish avenues for the resolution of problems and incidents arising from an online transaction.|
|Law on Industrial Property||To regulate the protection of inventions and symbols such as trademarks, designs or patents.|
Which law regulates e-commerce in Spain?
The law that regulates e-commerce is Law 34/2002, of July 11, 2002, on Information Society Services and E-Commerce (LSSICE).
This law was published in the BOE (Official State Gazette) on July 12, 2002 and came into force on October 12, 2002.
Since its enactment, it has undergone several modifications as the digital world has changed, with its last update on July 13, 2022.
Scope and objectives of the law
If you have an online store or engage in any type of economic activity over the Internet, whether selling products or services, then you should know that you will be obliged to comply with the current regulations established by the LSSICE.
When we talk about “any type of economic activity”, this can refer to:
- Selling products through your own online store or an ecommerce platform.
- Provision of services such as SEO consulting, digital marketing, etc.
- Website hosting.
- Offering of advertising through a digital medium.
- Offers sent through email marketing services or similar.
As you can see, the scope of this law is very broad and linked to virtually any activity related to the Internet.
However, its main objective has been to adapt the current Spanish legislation to the new challenges posed by the digital world, which has dramatically exploded into every corner of the planet.
From this initial objective, we can highlight other adjacent points that have undoubtedly been fulfilled throughout its more than 20 years of history.
- Job creation and economic development at national and international level.
- Achieving free trade between different countries of the world using the power of telecommunications services.
- Developing an infrastructure that allows the country to find solutions not only from a strictly commercial point of view, but also from the transformation of the daily life of its inhabitants.
- Establishing regulations and a legal framework to recognize the rights and obligations of those who provide a service or sell a product, as well as those who consume it.
So far, we have summarized the strictly legal aspects.
But, let’s go a little more to the specifics.
I have an ecommerce business: What obligations do I have towards my customers?
Whether as the owner of a website or even if you provide a service or receive money through advertising or Google Adsense style banners, you must comply with a series of obligations with respect to the users who visit your site or contact you.
🔒 Protection of the user's personal data
✅ Obtain the user's consent
In addition, it is prohibited to send e-mails of an informative or commercial nature without the prior consent of the user.
This includes not only information sent by email, but also using other media such as SMS or MMS.
📃 Making the general terms and conditions available
At the same time, the user must have at their disposal the “General Terms and Conditions of Service” before purchasing a product or acquiring a service.
✍🏼 Include the details of the company or service provider
Another important point is to include your company’s data, either as a product seller or in the event you provide any kind of service.
These data need to include the following:
- Company name.
- Tax ID number.
- E-mail address.
- Telephone number.
Other relevant laws
Just as we have established Law 34/2002 as the law that regulates e-commerce in Spain, we must also mention the other secondary laws that support or reinforce the characteristics of the LSSICE.
Royal Legislative Decree 1 of November 16, 2007
In force since December 1, 2007, the purpose of the Consumer Protection Act is to establish the rules that service providers must follow with respect to their consumers.
- The rights a consumer has when faced with a defective product.
- What to do in case of not receiving a service in accordance with the contract.
- Which practices are prohibited by law as they are considered unfair to the user.
This law covers both offline commercial activity as well as online transactions in general.
In force since November 13, 2020, its main objective is to establish a legal framework to ensure the security and reliability of electronic transactions.
This includes, among other aspects:
- Electronic signature.
- Electronic seals.
- Certified electronic delivery services.
- Electronic storage services.
Likewise, through this law, a list of trust service providers has been created, which has a European scope and whose objective is to establish clear guidelines and recognize those entities that provide electronic services in Spain.
This is a directive on e-commerce concerning certain legal aspects of information society services, in particular electronic commerce in the internal market.
Published by the Department of European Communities on July 17, 2000, it establishes the principles that information society service providers in the EU must comply with, such as, for example, providing information to users and the limited liability of intermediary service providers.
At the same time, it establishes the framework for e-commerce outside Spain including the obligation to recognize the legal validity of electronic signatures and contracts concluded online.
In case of non-compliance with this framework, it has the obligation to sanction those responsible.
General Data Protection Regulation (GDPR) (EU) 2016/679
One of the revolutionary laws and one that has undoubtedly set the course for e-commerce.
It establishes that any entity that handles customer, employee, supplier or partner data that forms part of the development of the activity to which it is dedicated or the sector it is responsible for, must comply with the GDPR.
This is a European regulatory law that aims to protect the fundamental rights of citizens in relation to the processing of their personal data within the European Union (EU).
Its regulatory framework includes:
- Obligation, on the part of controllers, on the processing of customer information to ensure the protection of their data.
- The right, on the part of data subjects, to have control over how their personal data will be processed.
- The responsibility of how to carry out the correct treatment without violating the security of individuals.
From this Law, the figure of the Data Protection Delegate arises, who is in charge of supervising compliance with this law, as well as advising both parties about it.
Intellectual Property Law (LPI)
The Royal Legislative Decree 1/1996 of April 12 is the one that establishes the Intellectual Property Law, regulating, clarifying and harmonizing the legal provisions in force on the matter.
It is basically the Law that regulates the protection of copyright and related rights.
Among its applications, we can highlight:
- Protection of intellectual property rights of authors and creators of original works.
- Protection of literary, artistic, scientific works and other contents.
- Protection of copyrights within the digital environment, including online content platforms.
It is considered one of the fundamental laws as it protects the creativity and innovation of human beings.
Organic Law on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD)
The Organic Law 3/2018, of December 5, is the one that establishes the Personal Data Protection and guarantee of digital rights.
Formerly called LOPD 15/1999, it aims to strengthen the protection of citizens’ rights regarding the treatment of their personal data in order to establish guarantees for the exercise of digital rights.
It is also the law that regulates the consent of the user regarding the treatment of their personal data, right to information, access and rectification, deletion or portability of the same.
One of its most important points is that it gives the citizen the right to freedom of expression online, the right to access the Internet as well as the protection of minors.
Spanish Civil Code
The Spanish Civil Code, established on July 24, 1889, is the fundamental decree of the Spanish state that establishes the rights and obligations of citizens in civil matters.
Obviously, it has been modified several times over the years, most recently on September 6, 2022.
It regulates, among other things:
- The legal capacity of persons.
- Legal custody.
- The economic matrimonial regime.
Although it does not establish specific provisions with respect to the Law on e-commerce, it may be applicable to commercial relations that are developed through it, such as contracts or online commercial transactions.
Unfair Competition Law
The main purpose of Law 3/1991, which came into force on January 31, 1991, is to protect honest competition in the market and to sanction those persons or companies that act against the rules established for fair competition.
Among the conduct that the Law considers unfair, we can highlight the following:
- Imitation of products or services.
- Deceptive advertising.
- Breach of trade secrets.
- Use of confidential information.
- Denigration of competition.
Likewise, the scope of the Law also includes intellectual property rights such as the defense of trademarks, patents, industrial designs or trade names.
In short, compliance with the law is essential to guarantee the integrity of the ecosystem of economic activity in Spain.
European Regulation on Online Payments (PSD2)
Although the European Regulation on online payments was introduced in 2015, it was not until 2018 that it came into force.
Its main purpose is to ensure the security of payments made during online transactions, as well as to encourage innovation and development of new payment systems due to the growth of the sector.
In order to comply with this premise, the service provider must meet a series of requirements, among which we can highlight the following:
- Strong Customer Authentication (SCA).
- Account segregation.
- Notification of security incidents.
- Security audits.
Another key point is forcing banks to give access to customer data to their suppliers in order to foster a secure ecosystem from both sides.
European Union Regulation on Online Dispute Resolution (ODR)
The Online Dispute Resolution Regulation, also called the E-Commerce Regulation (EC) 524/2013, is the way by which both the business and the consumer will be able to establish a framework of legality in the resolution of a dispute generated from an online transaction.
Through the ODR platform, all the necessary evidence may be presented with the aim of reaching a mediation agreement that resolves the problem in question.
Moreover, this process is completely free of charge and online with the aim of contributing to the mutual trust between both parties and to a quick and effective resolution.
Law on Industrial Property
The Industrial Property Law is a set of laws that regulate the protection of inventions and distinctive signs such as trademarks, designs, patents or trade names.
Among the laws that comprise it, we can highlight:
- Patent Law.
- Law on the legal protection of topographies of semiconductor products.
- Law on the Legal Regime for the Protection of Plant Varieties.
- Law on Trademarks.
- Law on the protection of industrial design.
- Law on chattel mortgage and non-possessory pledge.
In short, this set of laws establishes the procedures and legal actions that can be taken in case of violation of any of them.
Definition of e-commerce and its forms
E-commerce is nothing more than a form of commerce.
The difference with traditional commerce is that it is done through different digital media such as the Internet, social networks, marketplaces, mobile devices, etc.
E-commerce can be considered both the purchase and sale of goods and services as well as the exchange of information, procurement of a particular service or the distribution of digital content through different platforms.
According to an article published on Bigcommerce.com, among its main forms, we can highlight:
Different types of products
In order to cover the different areas involved in the ecommerce business, packaging companies have different types of products to package from food, liquids, fashion, toys and jewelry to palletization for large quantities.
B2C (Business to Consumer)
This is the most traditional online method and involves a business to consumer transaction. For example, when we make a purchase from an e-commerce store.
B2B (Business to Business)
These are typical wholesale purchases and are transactions between two companies. Generally, the buyer usually resells the product to the end consumer.
Unlike the B2C system, in these cases the volumes and totals of each purchase invoice are usually larger since, as we have said, the end target is the common consumer.
B2B2C (Business to Business to Consumer)
Unlike the previous model, in which the company buys a private label product to present it as its own, the product or service it sells is in partnership with the original company.
For example, when you have a sports shop where you sell products from brands such as Adidas or Nike.
B2G (Business to Government)
This business model is conducted through a company that sells its products or services to government entities, either nationally or locally.
In most cases, it is done through the awarding of public contracts in which several companies submit a bid until it is decided which of them will carry out the contract in question.
It is normal that in this type of model, the execution times, due to bureaucratic issues, are much longer than normal.
C2B (Consumer to Business)
A typical C2B model is that of influencers, through which a company contacts a content creator in order to be able to offer a specific product to its audience.
In this case, the influencer would be performing the activity directly with the company.
Another typical case of this business model is affiliate marketing.
C2C (Consumer to Consumer)
Alibaba, Ebay and Walmart are some of the exponents of this type of business, in which they put two consumers in contact through the traction of their daily visits to the site with the aim of carrying out a commercial transaction and charging a commission for it.
They operate as a digital showcase with a myriad of products offered by different consumers who benefit from the advantages of the portal with the aim of selling their product.
Regulation of electronic bidding and contracting
The regulation of electronic supply and contracting is a set of laws that establish the practices that must be complied with in the framework of the supply and contracting of goods and services.
Its objective is to establish rights and obligations for those parties involved in e-commerce in order to guarantee the security and reliability of the parties.
Among its main laws, we can highlight:
- The Law on Information Society Services and E-Commerce (LSSICE)
- The General Consumer and User Protection Act (LGDCU)
- The Personal Data Protection Law (LOPD)
- The European Data Protection Regulation (GDPR)
Rights and obligations of the parties in e-commerce
The E-Commerce Law establishes the rights and obligations of the parties. Among the most important points, we can highlight.
- Provide clear information about the product or service offered.
- Offer an effective means of contact for the consumer.
- Comply with the established delivery times.
- Comply with GDPR and LOPDGDD regulations regarding the protection of the consumer's personal data.
- Provide clear information regarding the final price of the product (including taxes or shipping costs, if any).
- Respect the intellectual property of third parties.
- Right to receive clear and concise information about the product or service.
- Right to delivery of the product or service according to the agreement established prior to the transaction.
- Right to a minimum warranty period as well as a quality after-sales service.
- Right to the protection of your personal data.
- Right to the possibility to initiate complaints if necessary.
Data protection and privacy regulation in e-commerce
As we have mentioned above, this area of e-commerce depends on the Data Protection and Digital Rights Guarantee Law (LOPDGDD) and the General Data Protection Regulation (GDPR).
The European Union not only obliges stores to have a special section regarding this, but also establishes certain obligations and responsibilities that each of the owners of these stores must address in order to ensure the security of their consumers’ private data.
It is the obligation of the companies:
- To clearly inform consumers about the purpose of the processing of their personal data.
- To carry out the necessary technical and organizational measures to guarantee the customer’s security.
- To facilitate the user’s access to the rectification, opposition or suppression of their personal data.
- To appoint a data protection delegate in case of processing massive data in a systematic way.
- To notify in the event of any violation of the security in any area of the company that puts customer data at risk.
Regulation of advertising and promotion in e-commerce
The main objective of this regulation is to protect consumers from possible deceptive or fraudulent practices by companies.
In this regard, the E-Commerce Law establishes a series of obligations that companies must comply with.
Among them, we can highlight:
- Advertising and promotion must be clearly specified as such and must not give rise to second glances or possible deception.
- Companies must provide all the necessary information regarding the product offered, such as features, sales price, sales conditions, estimated delivery time, return methods, payment methods, etc.
- Companies are not allowed to engage in aggressive commercial practices such as sending mass e-mails without the customer’s consent (spam).
- For this reason, the customer’s consent to receive advertising or information from the company is an essential condition.
Regulation of security and trust in e-commerce
The Law on Information Society Services and E-Commerce establishes in several of its articles different measures with the aim of regulating security and trust.
Among them, we can highlight the implementation of processes that guarantee security in electronic transactions, as well as in the treatment of users’ personal data.
In addition, it obliges service providers and companies in general to identify themselves by name, address, VAT number and contact telephone number, in order to provide the customer with a quick means of access in the event of any complaint.
Finally, during the purchase process or the duration of the service, the company must guarantee the confidentiality of the data exchanged with the consumer(s).
Regulation of taxation in e-commerce
If there is one thing that has been much talked about in 2021, it has been the new VAT regime for e-commerce.
Royal Decree Law 7/2021, dated April 27, has brought major changes, especially in the area of remote sales of products and goods.
As a result of the new regulations, transactions are subject to the VAT of the Member State where the goods arrive or where the buyer is established.
Furthermore, two new categories of supply of goods have appeared, which we will detail below.
These are supplies of goods dispatched or transported by the supplier from one Member State to a different Member State, the recipients of which are final consumers.
These are supplies of goods dispatched by the supplier from a third country or territory to final consumers in a Member State.
In this case we will be able to claim he duty-free allowance that applies to those goods with a value of less than 150 euros.
Penalties and liabilities in e-commerce
Title VII of the E-Commerce Law is concerned with establishing penalties and liabilities and applying, where appropriate, the relevant fines.
Infringements can be considered as minor, serious or very serious and their fines range from 30,000 euros to 600,000 euros.
Responsibilities not only extend to those responsible for the content published on their stores or platforms, but also to intermediaries, such as internet or hosting providers, in the event that they have not requested and acted in a timely manner.
As for consumers, their responsibilities include not using e-commerce services for illegal purposes or purposes contrary to good morality and principles.
Developments and updates to the E-commerce Law
Since its implementation in 2002, the E-Commerce Law has undergone modifications and has been evolving according to the advance of technologies and the different scenarios that this changing and dynamic digital world poses day by day.
One of the first changes that have impacted the Law is the one made in 2014, with the request for consent for the installation of cookies on devices.
Moreover, another of the most important changes has been the Data Protection Act through the General Data Protection Regulation (GDPR) which, as we have explained before, came into force in May 2018.
In turn, the following year, the Law on Information Society Services and E-Commerce (LSSI) was passed establishing regulations regarding commercial communications and the penalty regime.
Another of the great transformations that have been introduced is the one concerning the modification of VAT in 2021. Undoubtedly, a paradigm shift and a new order for all those players involved in the e-commerce trade.
In short, it should be noted that the E-commerce Law will continue to undergo modifications and additions as new software, products and services begin to take hold and gain ground within the field of ecommerce.
Conclusions and recommendations
If you are already active in the digital world or if you have not yet taken that step but you are thinking about it, having a clear idea of your rights and obligations as an ecommerce business owner will save you a lot of headaches.
Throughout this article we have covered all the issues related to the E-Commerce Law and that is why we want to summarize the most important points.
In particular and as a starting point, we recommend you take into account that your store must include a Legal Notice section, cookies policies, privacy policies and terms of service.
At the same time, you are obliged to be up to date with the regulations posed by both the GDPR Law and the LOPDGDD Law. Fortunately, online you will find several plugins or applications that you can install within the environment of your website to keep it updated on a daily basis.
Also, you need to ensure that you keep your business within the rules of good practices to avoid incurring penalties that could jeopardize your name and, above all, your capital.
As we have explained, you are obliged to provide your customer with all the necessary information, in a clear and concise manner, so that they know how to act in case of any inconvenience with your product or, at the same time, where to contact your team to make any complaint.
We are sure that by maintaining order and following the current regulations, you will be able to enjoy the growth of your business without major inconveniences.
That is why we encourage you to get down to work and, if you think it is necessary, contact a professional who can advise you on the implementation of your store.