Website compliance

Websites are regulated as an advertisement by the Advertising Standards Authority (“ASA”) and subject to the British Code of Advertising Practice (“BCAP”) Non-Broadcast rules. The key aspects of BCAP are around:

Social responsibility, legality and fair competition
Transparency, not disguising marketing material as anything other than an advertisement
Avoiding misleading advertising especially “free” offers, limited stock availability, comparisons and testimonials.
Avoiding harm or offence.
Special rules for adverts directed at children or featuring them.
Privacy standards
Promotional standards for competitions, prize draws and other incentives
Sector specific rules.

In addition, there are a number of regulations that dictate mandatory content for websites. The Electronic Commerce (EC Directive) Regulation 2002 requires clear, easily accessible contact details including an email address and a geographic or street address. The Privacy and Electronic Communication (EC Directive) Regulation 2003 as amended requires consent to the use of cookies and other tracking technology on websites and mandates specific information to include about the use of cookies and how to disable them. Company status disclosure rules apply to websites, the same as to headed notepaper, emails and invoices. So, full company name, place of registration, registration number and registered office address all need to be stated.

Although not strictly mandatory content, website owners are advised to include terms of use of the website, limiting liability as far as legally possible for damage caused by accessing the website, links to other websites and misleading or incorrect information accidentally included on the website. Ownership of copyright and legal jurisdiction are other useful terms to include.

To meet data protection compliance standards it is also advisable to include a Privacy Notice (usually and confusingly called a “Privacy Policy”) on the website to explain how personal data is collected by the website and further processed by the website owner.

Over recent years the website has become the location for information to meet various, criss-crossing, standards. And the standards change to meet new laws, new interpretation and developing guidance.

We recommend to our clients that websites are compliance checked for mandatory content every six months and prior to any new website going live. For help with website checking see our DPaaS product, we offer data protection and website compliance support on retainer and will carry out routine website reviews on behalf of clients to ensure that legal requirements are being met.

Mandy P Webster, Data Protection Consultant

About the Author: mandy.webster

Since June 1999 Mandy Webster has been a freelance consultant offering audit, advice and training on privacy, information security and e-commerce issues as Data Protection Consulting Limited. The company’s mission is to help clients from a variety of sectors, and of all sizes, comply with data protection law and to that end it offers a range of solutions. Mandy, a qualified lawyer, is author of ‘Data Protection for the HR Manager’ and ‘Data Protection in the Financial Services Industry’ published by Gower and “Effective Data Protection” and ‘The ICSA Data Protection Troubleshooter’ published by ICSA Publishing Limited. Mandy is a well-known writer, commentator and speaker on data protection.

Website compliance