Before spelling out the legal requirements for ecommerce in Italy, let’s say that in Italy revenue generated by e-commerce is expected to show an annual growth rate of 7.3%, resulting in a market volume of €21,385m by 2024. The purchase of goods and services online is undergoing a positive trend that pushed the European institutions to intervene by approving a series of measures to protect the transparency and safety of consumers.

There are many substantial legal requirements for selling online in Italy. Directive 2000/31 / EC, implemented through legislative decree n. 70 of 2003, mandates a series of requirements for e-commerce operators, including:

• Indicating the technical steps that users have to follow to conclude the contract and how to archive the agreement once it is effective;
• Publish the “terms and conditions” in a clear way on your website in order to allow users to memorize them;
• Provide clear information on the price of the products or services, any applicable taxes and the cost of delivery;
• Give prompt response to orders received providing users with a summary of their purchase, including the applicable terms and conditions, information relating to the essential characteristics of the goods or services and a detailed indication of the price, means of payment, termination for convenience, delivery costs and applicable taxes.

1. When operating an e-commerce website, provide clear and concise information on the characteristics of the products or services.

2. In case of products, clearly indicate the shipping and packaging costs.

3. Specify whether VAT is included in the final price.

4. Clearly indicate that consumer can unilaterally cancel his order within 14 days after the receipt of the purchased good or from the conclusion of the contract in case of services and explain how to exercise his/her withdrawal right. Do not forget to report in the terms and conditions of sale consumer’s right to obtain a refund of the amount paid in case of cancellation of the order.

5. Indicate the legal guarantees applicable to products that present a lack of conformity.

Those who decide to start an e-commerce must necessarily collect and process personal data from their customers. Privacy policy is a mandatory document for any website and its purpose is to explain how personal data collected by the Data Controller will be processed and for which purposes. The privacy policy will contain the following information:

• The type of data collected;
• The purposes and legal basis of processing;
• If the provision of personal data by users is mandatory or optional;
• The retention time of personal data;
• Possible transfers of personal data abroad;
• In what ways the user can exercise his rights towards the data controller;

Failure or unsuitable information is punished with heavy fines. Any processing for marketing purposes requires consent, which can be obtained by means of a check box to be marked at the end of the purchase process.

The Data Protection Authority, defined a cookie as “small text strings that the sites visited by the user send to his terminal (usually to the browser), where they are stored and then retransmitted to the same sites on the next visit by the same user”. Remember to upload an adequate cookies policy on your website, which explains which cookies will be installed, if they are installed directly by the owner of the site or by third parties, if they are permanent or session cookies, what information regarding users is acquired and how users can remove them. If you use third-party analytical cookies, remember to take measures to reduce their identification power. Not all providers allow these operations unlike Google Analytics which instead allows both the masking of the IP address of visitors and to disable some functions that would allow Google to cross the data obtained through cookies with other data already in its possession. If you use third-party analytical cookies without taking the aforementioned measures, you ask users’ permission before installing them. Do not install profiling cookies on the user’s terminal until he has given his consent. Place the banner if you use tracking/profiling cookies.

One of the legal requirements for ecommerce is that you must always be identifiable. If the website is owned by a company, remember to indicate: Company name, registered office, VAT number, registration number in the register of companies, share capital, contact information;

• specify if the company is in liquidation;
• indicate whether the company is a single-member company;
• Each innovative startup must ensure that users have access to the information referred to in paragraph 12 of art. 25 of Legislative Decree 179/2012;
• Each marketing e-mail, must be clearly identified as such.

If you have any queries about legal requirements for ecommerce in Italy and need legal advice, do not hesitate to contact me.