If you’re hoping to start an eCommerce business, most of your activities and information will be stored and shared online. As we know, the online world carries lots of risks, whether it be data breaches or access to customer information. So, one of the first things you should be thinking about is how to manage your legals and protect your business online. 

Before you start looking into all the relevant laws that you need to be compliant with, let’s go back to the very basics where business owners need to build a strong foundation. 

1. Business Structure

No matter what kind of business you’re running, your first step should always be to consider your business structure. This is because your structure should be set up based on your business goals and needs. For example, think about the following:

  • What is your budget? 
  • How many people do you plan to take on board? 
  • Do you plan on expanding your business overseas? 
  • How prepared are you to risk personal liability for debts? 

All of these questions are things that will help you decide which structure is most suitable for you. If you’re not looking to spend a lot of money, and want to keep things simple, then perhaps a sole trader or partnership is suitable for you. 

If your long term goals look quite big and expansive, and you’re okay with spending a little more cash to set up initially, then a company structure may be your best option. 

It might seem like a very simple step, but it’s important to think it through. You can read more about what to consider when choosing a business structure here

2. Terms & Conditions (T&Cs)

T&Cs are generally terms that users agree to before they can use a service. Most businesses will have T&Cs for their website as well as general terms of trade. 

Terms of Sale

Any business providing goods or services should provide Business Terms and Conditions to their users. Users are expected to agree to these terms before they can actually use that service. Usually, these terms should set out things like:

  • Price
  • Payment
  • Shipping
  • dwas
  • Warranties

Put simply, they cover the details of the transaction between the seller and consumer so both parties know what they’re entering into. 

Website T&Cs

Even if your business is not solely online, most businesses will have an online component, and therefore, still have website T&Cs. They should cover the following things:

  • Intellectual property – can users use your IP for personal use?
  • Liability – if a customer loses something as a result of relying on your website’s information, how can you minimise your liability?
  • External links – how will you minimise your responsibility for information that ends up with third parties?
  • Privacy – how will users’ data be collected, stored and used? (This should be covered in a Privacy Policy, which we’ll cover later). 

3. Privacy… And Other Relevant Policies

The business world is full of laws regulating privacy and personal information. This is particularly important if your business is based online, and you’re giving access to multiple parties from different places. Ecommerce businesses should always be prepared with the right policies in place.

Since you’re dealing with lots of valuable information, and a high-risk online environment, these policies will ensure that all parties understand the risks of their engagement with your business and can limit your liability in certain circumstances. 

Privacy Policy

A good Privacy Policy will tell users what information you’ll be collecting from them, as well as how you store and use it for commercial purposes. 

If you’re a business with an annual turnover of more than $3 million, then the Privacy Act 1988 (Cth) applies to you, and you’ll need to have a privacy policy. 

But even if it does not apply to you, it’s always good to have one to be on the safe side. After all, you want to build a good relationship with your customers too, and the best way to do this is to be transparent and honest about how you’re managing their data. 

It’s worth noting that personal information includes bank account details, email addresses, or even just a customer’s name! There are lots of regulations for privacy in online businesses, so we’ll cover this in more detail shortly. 

Even if the Privacy Act does not apply to your business, it’s better to be on the safe side and have a Privacy Policy prepared for any issue that might come your way. 


Let’s say you’re running an online business called Good4U that connects therapists to clients. As part of the process, website users are required to disclose certain details about their health. 

For example, some of the following questions will be asked:
• Do you have any underlying physical health conditions?
• Have you or are you currently seeing another therapist?
• Does your family have a history of any physical or mental illnesses/disorders?

These kinds of questions require very sensitive information about people’s health. Under Australian law, businesses that deal with health information need to comply with the Privacy Act, so you’d need to have a
Health Service Provider Privacy Policy

This is because health information is considered more personal and sensitive than regular data, so there are special requirements for the way this kind of data is handled (for example, you’d need a person’s consent before disclosing their health information). 

We’ve written more about how privacy works for health service providers here.  

All businesses need to be aware of their privacy obligations under Australian law. This is covered by the 13 Australian Privacy Principles, and generally sets out how businesses should collect information or allow users to access their personal information. 

If your online business conducts activities overseas, this means you’d have to look at the privacy laws of the country you’re operating in. This is all part of your due diligence to ensure you’re compliant with those countries’ laws, and maintaining that honest relationship with your global customer base. 

For example, if you’re collecting data from users in the EU (so this includes customers, suppliers and business partners), you need to refer to the General Data Protection Regulation (GDPR) and ensure you’re compliant. It’s similar to the Australian Privacy Principles, except these cover privacy obligations for a larger geographical area. 

Cookie Policy

Cookies are how websites can retain or trace a user’s online footsteps, or keep track of your online activity. However, this data is usually used to improve the user experience. 

Regardless, businesses have an obligation to disclose how they use this data to their users. It should also disclose what third parties have access to that information and how it can be used. 

The main takeaway is that you should have policies in place to maintain transparency with the parties you’re dealing with. Not only does this ensure you’re compliant with the relevant laws for your industry, but it also shows customers that you take your business and your responsibilities seriously, which is always great for your brand. 


Email disclaimers are extremely common with businesses. Usually, it tells people what they can and can’t do when they receive an email. This is designed to protect any personal or confidential information from winding up in the wrong hands (including cases where you’ve sent an email to the wrong person by accident!)

In other words, it reduces your liability where information ends up where it shouldn’t. 

4. Cyber Security

One of the most effective ways to prevent the loss of sensitive information is by strengthening your cyber security system. These threats could be in the form of scam emails or ransomware, so it’s important that you invest in a strong protective system that your employees know how to manage well. 

For example, your eCommerce business should be prepared with a Data Breach Response Plan. This may require employees to be trained to respond to an unexpected data breach, update systems regularly to avoid being hacked or regularly monitoring people’s access to sensitive information (especially if employees are working from home). Since eCommerce businesses are entirely online, it’s worth taking that extra step and getting Cyber Security Insurance, too. 

We’ve written more about the precautions that business owners should take when it comes to cyber security here

5. Payment

Online businesses are all about convenience, speed and efficiency, even when it comes to payment. If you’ve made purchases online before, you’ll notice the variety of payment options that are available at checkout, and how easy it is to make that payment. 

But this convenience comes with lots of legal considerations, too. For example, there is still a risk of financial information ending up in the wrong hands during the payment process. The last thing you want is to have payment errors cause financial loss for customers, as this could damage your brand and the trust you have with your customers. 

While you’re still in the early stages of setting up your eCommerce business, it’s important that you decide what your payment options will look like. It should complement your business structure and how you want to run things. 

For example, if you’re running an online marketplace, you want to choose from the following options:

  1. Commission – you get a percentage of the seller’s earnings
  2. Subscription – users pay a recurring fee for their use of your service or product
  3. Listing fees – sellers pay you a fixed fee for being able to sell their service or product on your website

You also want to make sure you have policies that cover your payment processes. 

Refund Policy

Customers are generally entitled to refunds and exchanges in certain circumstances (these are set out by the Australian Competition and Consumer Commission). These kinds of rights should be clearly displayed in your Refund Policy, so users understand how the refunds process works and what they can and can’t do with payments they’ve made. 

Shipping Policy

If you’re selling products online, you probably have shipping processes in place so your customers can get their products ASAP. However, this convenience comes with a lot of responsibility, too. 

With any shipping or delivery process, you need to let your customers know how it will all work. So, it’s a good idea to have a Shipping Policy, which covers things like tracking, ETAs, processing time, how much it costs, and what happens if a package is lost. These kinds of details should also be covered in your Supply Agreement with your manufacturers. 

6. International Considerations

People from all over the world are likely to have access to your website. As such, you’ll need to think about how commercial laws work beyond Australia. 

International Supply Agreements

International agreements are common for businesses who have overseas suppliers (so if you get your materials from other countries). If this is your business, you need to make sure that your agreements with those suppliers are compliant with the laws of that country. 

Generally, when drafting contracts that you want to be able to enforce internationally, you should cover details around the governing law and jurisdiction. This should cover the following things:

  • Which country’s laws will regulate the contract?
  • If there is a dispute, who is responsible for managing the dispute?
  • Is there an uniform international convention that both countries are party to? Could we use this as a compromise?

These are all things you should be discussing carefully with your suppliers, so you know how things should be handled on both ends. It also minimises any hiccups later down the track if the laws of your countries are quite different. 

If things do end up getting quite messy from a legal point of view, you may even want to consider International Commercial Arbitration – we’ve written about this here

You’ll also need to read into that country’s laws around data privacy, payment or taxes for international shipments. This way, you can craft your policies and disclaimers accordingly. 

7. Intellectual Property

Intellectual Property includes the intangible things that your business owns. This could be your logo, a slogan or unwritten trade secrets (for example, McDonalds’ special Big Mac Sauce!). 

All of these things are essential for a business’ success, but they can only do so while remaining private. You wouldn’t want someone running off with the secrets that made your business successful to begin with. 

So, what can your online business do to protect your IP in a high-risk environment?

Register A Trademark

The first thing you want to do is make sure that your IP is legally yours. So, you may want to Register A Trademark for your logo or slogan. 

Copyright in Australia arises automatically with something you’ve created as your own (however, it has to be expressed in some material form). You don’t need to register copyright in Australia, but most businesses go further and register a trade mark for that extra barrier of protection from competitors. 

If your eCommerce business plans on expanding overseas, the good news is that Australia is involved in many international treaties, so it’s very likely that copyright laws and protection of your IP will also apply in those other countries (it’s important to double check this anyway!).

However, if you want your trade mark to apply overseas, you need to Register An International Trademark. You need to satisfy certain requirements before applying to the World Intellectual Property Organisation (WIPO) for an international trade mark registration. For example, you need to make sure that the trade mark you would like to register internationally is the same as the one you want to use in Australia (you can read more about this here). 

Restraint of Trade Clause

One of the best ways to protect your trade secrets from ending up in the wrong hands is by getting parties to sign a Restraint of Trade Clause. This ensures that employees (and anyone else who has access to inside information, such as independent contractors) do not share confidential information about your business or trade secrets. Depending on the clause, it can prevent former employees from working with competitors or starting their own business by engaging in a similar business activity to you, ultimately becoming your competitor. 

Non-Disclosure Agreement (NDA)

No matter what kind of business activity you’re engaging in, an NDA is extremely important for protecting your trade secrets. You might get your employees, suppliers or any other party who has access to inside information to sign an NDA. This way, they can’t go off telling or sharing that private information with other people, and can retain your competitive edge. 

8. Inventory

Running an online business means you need to be on top of your inventory. If this doesn’t run smoothly, this could cause some problems with your deliveries to your customers, and could damage your business overall. 

These kinds of things should be covered in your agreement with your suppliers (Supply Agreement). For example, it should set out who is responsible for customs, fees and lost items during the shipping process. 


To keep things cheap and efficient, you may want to consider a dropshipping model. This way, you won’t waste space or resources holding inventory or stock that you don’t actually need. 

Under a dropshipping model, you only purchase the stock you need from the manufacturer, and have it sent straight to the buyer. This means you don’t actually need to hold any stock yourself! 

While it’s great for managing efficiency and resources, it also means you need to manage the details of that arrangement in a Dropshipping Agreement, as well as T&Cs with the customer. 

Next Steps

Running an eCommerce business is exciting news, and there are heaps of opportunities for growth on a global scale. However, this kind of expansion also requires closer consideration of all your legals. 

Whether it be strengthening your cyber security system or registering an international trade mark, Sprintlaw has a team of experienced lawyers who are ready to help you out. 

You can reach out to us at team@sprintlaw.com.au or contact us on 1800 730 617 for an obligation-free chat.

About Sprintlaw

Sprintlaw's expert lawyers make legal services affordable and accessible for business owners. We're Australia's fastest growing law firm and operate entirely online.

(based on Google Reviews)
Do you need legal help?
Get in touch now!

We'll get back to you within 1 business day.

  • This field is for validation purposes and should be left unchanged.

Related Articles
How To Start A Pajama Company 
How To Start A Branding Company 
How To Start A BPO Company 
How To Start A Crane Company
How To Start A Tutoring Business