(EN) Module 3 – Section 2

 Module 1
Module 2
Module 3
Module 4
Module 5
Module 6

Module 3 – Section 2

In this section you will find:


  • basic information on pre-sales regulations
  • basic information on the legislation during sales
  • basic information on the legislation in the post-sales phase
  • focus on: cookies and GPDR
  • basic safety instructions
The European Council adopted on 27 February 2018 a regulation banning unjustified geographical blocs (geo-blocking) in the internal market. Geographical blocking is a discriminatory practice that prevents online customers from accessing and purchasing products or services from a website based in another Member State. The new regulation aims to cancel barriers to e-commerce by avoiding discrimination based on nationality, place of residence or place of residence of customers. For further information

Regulatory framework

E-commerce, as we have seen in previous modules, offers many advantages, but it obviously also involves compliance with regulatory obligations. On this page we present you with an overview of the rules to be followed in the management of contracts for sale and provision of services at a distance and some points of reference for the study and support. We can say that online sales must comply with EU laws, including both the laws specifically related to e-commerce and the privacy laws. The rules aim to protect consumer rights and avoid practices that mislead consumers.

N.B. The information on this page refers exclusively to B2C sales.

Directive 2000/31/EC of the European Parliament and of the Council


The Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’) has created the basic legal framework for online services, including electronic commerce in the Internal Market. The purpose of the Directive is to remove obstacles to cross-border online services in the European Union and provide legal certainty to business and citizens in cross-border online transactions. The Directive on the electronic commerce, adopted in 2000, sets up an Internal Market framework for electronic commerce, which provides legal certainty for business and consumers alike. The Directive establishes harmonised rules on issues such as the transparency and information requirements for online service providers, commercial communications, electronic contracts and limitations of liability of intermediary service providers. It also enhances administrative cooperation between the Member States and the role of self regulation. After the adoption of the directive reports, studies and public consultations were released by the European Commission. The following are the main ones:

Section 1

2003 Report on the application of the Directive Article 21 of Directive 2000/31/EC

2003 Report on the application of the Directive Article 21 of Directive 2000/31/EC provides that in 2003 and thereafter every two years, the Commission shall submit to the European Parliament, the Council and the Economic and Social Committee a report on the application of the Directive accompanied, where necessary, by proposals for adapting it to legal, technical and economic developments in the field of information society services. The report provides the first assessment of the transposition and application of the Directive and its impact. The report is the first stage in a continuous process to ensure that Europe stays in the frontline of development in electronic commerce with a maximum level of legal certainty both for business and consumers.

Section 2

2007 Studies In the context of the application of the e-commerce Directive, the EC commissioned two studies respectively on its economic impact and on the application of the provisions on the liability of Internet intermediaries. The first study was carried out by Copenhagen Economics and finalised in September 2007; the second one, was undertaken by the ULYS consortium.

Section 3

2012 Communication A coherent framework to build trust in the Digital single market for e-commerce and online services. On January 11, 2012, the European Commission adopted the Communication on e-commerce and other online services. Based on an in-depth public consultation, this Communication sets out the Commission’s vision for the potential represented by online services in growth and employment, identifies the principal obstacles to the development of e-commerce and online services, and establishes 5 priorities, accompanied by an action plan: develop the legal and cross-border offer of online products and services; improve operator information and consumer protection; reliable and efficient payment and delivery systems; combating abuse and resolving disputes more effectively; deploy high speed networks and advanced technological solutions.

Section 4

Commission staff working document Report on the implementation of the e-commerce action plan – 23/04/2013 The Commission published a report on progress made in the implementation of the e-commerce action plan. The report shows that many important actions foreseen in the action plan have already been initiated.

Section 5

Public consultations 2010 – The future of electronic commerce The public consultation was conducted to analyse the reasons why electronic commerce remains limited to low percentage of total retail service sales in the EU over 10 years after it started. Issues covered in the consultation included: commercial communications of regulated professions such as pharmacists and lawyers; the development of the online press; the issue of the liability of Internet intermediaries; administrative cooperation; online dispute resolution, etc. 420 responses were received: they have been summarised in a summary report. 2012 – Procedures for notifying and acting on illegal content hosted by online intermediaries: A clean and open Internet On June 4, 2012, the European Commission launched a public consultation on procedures for notifying and acting on illegal content hosted by online intermediaries. The Commission wants to collect comments from all stakeholders on how this can best be achieved.

The summary of the result are available: //ec.europa.eu/information_society/newsroom/image/document/2017-4/consultation_summary_report_en_2010_42070.pdf

Daugiau informacijos šia tema: Europos Sąjungos Direktyva 2000/31/EC

The General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

The regulation is an essential step to strengthen citizens’ fundamental rights in the digital age and facilitate business by simplifying rules for companies in the digital single market. A single law will also deal with the current fragmentation and costly administrative burdens.

The regulation came into force on May 24, 2016 and became effective on May 25,  2018.

Data protection

Better rules for small business:

Stronger rules on data protection starting on May 25, 2018 mean that citizens have more control over their data and businesses will benefit from a fair competition. One set of rules for all companies operating in the EU, wherever they are based. Find out what this means for your SME.


Model http vs https

The HTTPS protocol (HTTP Secure, “Secure HTTP”) is a communication protocol created in 1994 for the Netscape web browser – and subsequently adopted by all the others – to make the exchange of information more secure between two web nodes. Technically it is not a real protocol but the application of the SSL / TLS protocol in conjunction with the HTTP protocol in order to prevent attacks of the “man-in-the-middle” type, a type of hacker attack in which a third entity is inserted in the communication line between client and server and intercepts all information exchanges between the two nodes. From Fastweb

Shopify, on the safety of its services states: “Every Shopify store includes a free 256-bit SSL certificate. All information related to pages, content, credit card and transactions are protected at the same level of security used by banks “.

Online security

To be successful with your online business, you must consider many different variables, including security. This is a very important point for you to succeed. The theft of information, personal data, manipulation of information are part of the threats that hide in the network, in order to face them it is necessary to invest in security.

As you know, on the Internet it’s very easy for a person who lives thousands of kilometers away to intercept or manipulate your information. This happens because the set of languages ​​for computers, protocols and codes that exist on the Internet,  were not initially designed to offer security guarantees, but to exchange information. That is why it is so important to have a good foundation in security.


Knowing it, we are going to show you the four basic principles that you must guarantee to your consumers:


1. Principle of authenticity: You need to be able to confirm that the person or company that claims to be on the other side of the network is who they say they are.

2. Principle of integrity: Make sure that the information transmitted through the network has not been modified.

3. Principle of privacy: Your online business should prevent sensitive data transmitted during an online transfer from being viewed by third parties.

4. Principle of non-repudiation: You need to know that the information transmitted can’t be repudiated or rejected (The consumer who pays with a card, can deny the purchase of the product and the bank will be obliged to return the money if “the purchase wasn’t identified electronically”. To provide greater legal security to the electronic commerce, the combination of the SSL secure communication protocol with the electronic signature arises).


Before starting your activity online, you should know the security systems that will help you protect your company and your customers. For this, below, we offer you some important tips to keep in mind:

Online transactions

Security in online transactions (purchases, sales, information exchange):


1. Protect computers: When you start your new online business, the first thing you have to do is install an antivirus protection system or a firewall on all the devices you are going to work with. This should prevent anyone from connecting to your computer.

2. Confidentiality and privacy: You need your customers to trust security of your store if you want them to buy from you. To achieve this, it is necessary to guarantee that information transmitted over the Internet is ineligible to unauthorized persons or entities. For this it is necessary to include SSL certificates in online commercial transactions. These certificates will encrypt all data transmitted from one browser to another, be it personal or financial information. They can also link the identity of your brand with your presence on the web, which helps visitors to know that your site is run by your company and not by an imposter. The user can know that he is on a secure page because, in addition to starting with HTTPS: //, the address bar will turn green and show the name of his company.

3. Authentication: All e-commerce systems must be able to identify all the participants during the exchange of goods. They must also guarantee that the identity of the virtual commerce can’t be supplanted by another person (Phishing, which is creating pages that imitate the websites of the latter). This point is very important to gain trust of your customers.

Data storage

Security of data storage


It is very important that you, as a me-commercer, bear in mind that each company has its own needs and that there are both physical storage systems and storage systems in the cloud.


1. You must store the data of the users and your own safely. If you are going to manage a Cloud system by your company, it will be essential to ask the provider for security certificates.

2. You need to make backup copies to protect your work and, possible, hire virtual insurance to protect your business in case of accidents.

3. In addition to the corresponding backup copies, it is very important you have information recovery plans.

4. You should keep a check on the people who have access to the sensitive information stored by your company.

5. For your security, it would be advisable you change your passwords regularly.

This project has been funded with support from the European Commission. Information reflects the views only of the author, and the Commission cannot be held responsible for any use which may be made of the information contained therein.
For more information contact: projektai@paneveziodrmc.lt