This question is commonly asked and easily answered: you can’t.
That’s right, in practice you can’t ensure that a website will comply with all applicable laws.
Why not? To answer this question, you need to appreciate a couple of basic legal points.
First, a website may be impacted by laws of many different kinds. Examples include contract law, the law of torts, copyright law, trade mark law, design law, competition law, consumer protection law, ecommerce law, the law of defamation, the law of obscenity and so on.
Second, there is no “international law” of websites as such, nor is there an international law of contract (or tort or copyright or trade marks …). There are international legal instruments that have an impact upon these areas of law (e.g. the Berne Convention on copyright) but such instruments don’t on the whole provide complete answers to concrete legal questions. There are also supra-national legal regimes, such as EU law, that will govern some but not all such questions.
Website legal compliance needs to be approached from a national perspective, albeit with an understanding of the international legal environment.
So many laws, so little time (and money)
There are around 200 sovereign states in the world. While some of those sovereign states share their laws, others are federal entities applying different laws in different areas. The sheer number of legal systems in the world is the root of the problem.
The problem is compounded by the fact that lawyers are usually only qualified in a one jurisdiction; occasionally a lawyer is qualified in two, but very rarely in three or more.
In principle, the way to ensure that a website complies with all applicable laws is to get advice on compliance from a competent lawyer in every jurisdiction in the world. But the complexity of getting advice from circa 200 different lawyers does not bear thinking about. And you still won’t be sure of compliance, because with so many lawyers involved, some of the advice you get will be incomplete or plain wrong; and even if it isn’t, some of it will be out of date before the exercise is completed. In some jurisdictions, just instructing a lawyer can take weeks.
The last time I conducted a multi-jurisdictional compliance exercise, it covered only 7 jurisdictions, all of them English-speaking. Even so, it took several months and cost a lot of money (a disproportionate amount in my view, but those were the client’s instructions).
There’s also the issue of cost. Let’s suppose that the average cost of getting general advice on website compliance is £1,000. If this is right, you could expect to spend £200,000 getting compliance advice in 200 jurisdictions. For almost all websites, that’s unaffordable.
A practical approach
The real question that needs to be asked is this: in what jurisdiction(s) should I take advice? The answer to this question will primarily depend upon:
- the riskiness of the website,
- the jurisdictions in which the operator is based and the site is hosted,
- the jurisdictions in which users and customers are based, and
- the commercial return expected from the website.
Often, for a new site, it will be appropriate to take professional advice only in relation to the “home” jurisdiction, notwithstanding the potential for foreign users and customers. This does of course involve taking a risk, but all business involves risk, and legal risks – or rather, risks that can be managed through the taking of legal advice – aren’t always the worst of them.