Lawyers write a lot about the fact that when creating an online store or any online service, you should first of all work out the legal aspects and place the necessary documents on the site.
Easier said than done, and that is why there are just a few useful examples. Let's figure it all out.
Form 1 - 2 mistakes
We go to the site of one of the famous cosmetic brands and try to register. A form pops up where we need to enter a lot of our data, but the errors have already begun ...
Mistake # 1: We enter personal data into the form, but there is no consent to data processing. This is a direct violation of the law on personal data, which entails a fine.
It would be correct to place a link to consent to the processing of personal data worded according to the Federal Law "On Personal Data".
Mistake # 2: We are invited to subscribe to the newsletter, putting a tick next to the phrase "Inform me on the latest news." Firstly, it is difficult to regard this as consent to the distribution (FAS will not like it).
You should place a link to the clickable consent to the newsletter, which describes how the newsletter will arrive, how you can unsubscribe, and user's consent to all this. Secondly, the court practice says: the phrase informing that this is an advertising newsletter should be explicit and clear, so the text claiming "informing on the news" will not do.By the way, the same is true when subscribing through a separate form.
Mistake # 3: There is neither the consent to the processing of personal data, nor the consent to receive the newsletter in the form.
And here is another mistake we found on the website of the online clothing store.
When filling out the form of subscription to the newsletter we are offered to agree with the Policy on personal data processing. But why would we want to do it if we need to give consent to the processing of personal data and receiving the newsletter? You don't need to accept the Policy.
Disregarding the violations, we passed the registration and decided to place an order. Having filled in the form (by the way, containing more personal data than in the registration form), we press the “Checkout” button.
We are again offered to subscribe to news, but they do not offer the consent to the processing of personal data and do not offer to accept a retail sale agreement.
Mistake # 4: Again, the personal data processing consent is missing.
When filling out the order form, we leave more data than during registration, and the purpose of processing is different, it is now the fulfillment of contractual obligations to the buyer. Meaning yet another consent is necessary.
Mistake # 5: We are not offered to read the retail sale agreement and accept it.
On the one hand, of course, there is the Civil Code and the Law on Consumer Protection, and the rules for the sale of goods are described there. But on the other hand, we can prescribe our own terms, and we should not waive this right.
Moreover, in the footer of the site there are terms for the sale of goods, which indicate: “When ordering Goods through the Online Store, the Customer agrees to the Terms of Sale of Goods (hereinafter referred to as the Terms) set forth below.” Further in the text there is no indication what the checkout is. But then how can we confirm that the buyer was made aware of the terms and accepted them? It's not clear...
Mistake # 6: The personal data processing policy is missing.
We look into the footer of the site, trying to find a Policy on the processing of personal data, which should be accessible from any page of the site, but there is none there...
Mistake # 7: Check in the box
And here is another common violation, automatically checked box. What's bad about that? Because it is, in fact, a document with an already standing signature, which was not supplied by the user. And we need the signature to be put not by some Jane Doe, but by the user. Don't do that!