One of the greatest advantages of selling online is that you’re not restricted by geography. Unlike a physical store, where customers will only travel so far to visit you, online retailers have a truly global reach. Selling to international customers can be a great way to increase your income, but it also increases the number – and scope – of rules that you will need to follow.
The biggest single market for online shopping, outside the USA and Canada, is the European Union (EU). However, the rules and regulations for operating an online business – communicating with your customers, and even simple things like sending marketing emails – are very different in the EU to the USA. To operate your business internationally, it is vital that you ensure that you are playing by the rules of the country where your customer is located, in order to avoid costly lawsuits and potential multi-million-dollar fines. Read on to find out the things you should be watching out for, as well as how you can use your Magento web design and some simple Magento extensions to help you stay on the right side of the law.
Personal Data is the European name for what, in the US, we refer to as Personally Identifiable Information. The EU, and its 28-member states, have much stricter privacy rules than the US. These rules heavily restrict what information you can collect about your customers, how you are allowed to collect and store that data, and what you can use it for.
If you’re thinking, “but we’re an American business subject to American laws,” think again. Collecting even a single piece of data about a single individual with EU nationality, or residing in an EU members state, means your business is subject to the EU’s General Data Protection Regulation (GDPR). Non-compliance could land you with a fine of up to €20,000,000 ($23.3 million), so not playing by the EU’s rules really isn’t worth the risk.
So, what are you allowed to do?
The main point of the GDPR is that you must have a legal basis for collecting and processing any information you gather about your customers. If a customer places an order with you, then it’s fine to use their name and address to ship them the product they’ve ordered. There’s also no problem with using an email address or phone number to contact a customer if there’s a problem with their order. The customer obviously wants you to use their data for the purpose of supplying them with the product they’ve ordered, so doing so is completely legal.
What you can’t do, though, is use the information they gave you when they placed their order for any other purpose.
The Problem with Analytics
With very few exceptions, it is illegal to gather any information about a person within the EU without their permission. That has to be explicit permission, so, for example, you can’t use Analytics software on your website to gather details about their location, demographics, or other personal characteristics without asking if it’s okay first.
If you use Google Analytics with your Magento installation, then you should ensure you follow Google’s own guidance [https://privacy.google.com/businesses/compliance/] on ensuring your site is legal. Alternatively, PIWIK is an alternative analytics provider which offers a privacy-friendly option, complete with Magento extension [https://matomo.org/blog/2012/06/piwik-ecommerce-extension-for-magento/].
What About Marketing?
First things first, if you collect phone numbers or emails from customers when they place an order, you absolutely cannot use these for marketing communications (anything that promotes a product or service) unless you ask permission first. No permission = no marketing, period.
Social media marketing is fine, as long as you use the platforms’ own tools (e.g. Facebook Advertising) to target your marketing messages. Using email lists, or data you’ve exported from your Magento ERP integration is likely to put you in breach of the GDPR.
Of course, you should still take care of your social media marketing – especially on Facebook – for other reasons, as we’ve posted about before [https://newbirddesign.com/storm-facebook-marketing-wake-controversy/].
One final point: if you’ve ever bought or sold marketing databases or email lists, double check that they don’t include the details of anyone within the EU. Under the GDPR, this kind of activity is explicitly banned, and you will be prosecuted if you are caught doing it. You must also ensure that you do not share customer personal data with anyone who does not need to know it; so take extra care using social media or other apps which automatically harvest contact details from other devices or software.
Freedom of Speech
Imagine you sell T-shirts with printed slogans, or artwork, or any other product – physical or digital – which carries a message. It is important to ensure that the product doesn’t break the law in the country you’re shipping it to. Freedom of Speech is not protected in the EU – or, in fact, anywhere else – in the same way as it is in the USA, and your product can and will be confiscated by customs or local law enforcement if it is deemed inappropriate. In the worst case, your valued customer could find themselves charged with a criminal offense simply for wearing a T-shirt you’ve sold them, which wouldn’t exactly be a marketing triumph.
As a general rule, you should avoid:
– anything containing nudity (with the exception of historic works of art);
– religious messages of any kind, including those promoting Christianity;
– swearing, insults, or profanity;
– ethnic, racial, or religious terms, or symbology.
If you display any of these products on your web shop, ensure that they are not available for purchase by anyone overseas – or certainly not within the EU.
This will only apply to those supplying books, magazines, podcasts, or similar items, but it is important. Outside the USA, laws on defamation (sometimes known as libel) are very different indeed. In most countries – including all of the EU – if you make any statement about another individual which could have a negative impact on their reputation or public image, and you cannot prove that the statement is true, you are breaking the law.
Customs and Import Rules
Many normal, everyday products in the USA are illegal in the EU. The most obvious is any kind of firearm or ammunition which, especially if you try to send it to the UK, is likely to result in an unannounced visit from the FBI.
The majority of US meat and dairy products, as well as many other US foodstuffs, are also banned from the EU. This is due to lower hygiene and product standards in the US, meaning that many foods made here are considered to be unsafe for human consumption in the EU. Also, anything which contains GM grain – or any other GM ingredient – is completely banned.
If you send goods to the EU which are valued over approximately $30, they are likely to be subject to import charges and tax when they arrive. It’s very important to make this clear to your international customers so that they are expecting it. If your international customers order from you without being aware of import charges, they are going to be very unhappy when their local postal service presents them with a hefty bill to pay before they can get hold of their order.
Alternatively, you could choose to absorb the import charges yourself by paying UPS or another international shipping service to deal with them for you. Although this will impact on the amount of profit you can make from each sale, the increased number of international sales you will make by simplifying your customers’ experience should more than compensate.
Of course, we can’t provide an authoritative guide to the international law, and you should get legal advice if you have any major concerns. However, if you are selling internationally, then our Magento developer team can help you make the most of the fantastic opportunities that the world has to offer your business.