Maintaining Compliance When Faced with Worldwide eCommerce Regulations


eCommerce sales are becoming increasingly prevalent throughout the world as people turn towards the convenience and ease of online transactions. Driven by industry powerhouses like Walmart and Amazon, worldwide retail eCommerce sales grew from $1.3 trillion in 2014 to $2.3 trillion in 2017, and estimates suggest eCommerce sales will only increasing over the next few years according to The Enterprise Guide to Global eCommerce.

International markets contribute significantly to the rise in eCommerce transactions. China alone makes up almost 50% of global eCommerce purchases, and online shopping has been steadily growing in places like the United Kingdom and India.

As online transactions grow, governments around the world are enacting regulatory laws in an attempt to protect customer data, lower the risk for fraud, and protect local companies from being overshadowed by large foreign eCommerce companies.



On August 31, 2018, China passed the Electronic Commerce Law aimed at fighting the sale of counterfeit goods, preventing false advertising, and protecting customer data. Some key elements of the new law include:

  • Liability of eCommerce platform operators: eCommerce sites must be aware of whether or not the goods sold through their site comply with the rules stipulated in the Electronic Commerce Law regarding the sale of counterfeit goods. Sites that fail to ensure compliance will be liable under the law and subject to fines.
  • Personal data protection: eCommerce sites must not only secure their customers data, but also respond in a timely manner when contacted by a customer regarding their own data. If a customer requests that their account be deleted, the eCommerce site must immediately erase all of the customer’s information.
  • Intellectual property protection: This aspect of the new law is intended to protect manufacturers and any other IP rights holder by punishing eCommerce sites that sell counterfeit products stolen from the original IP rights holder.

Due to this new law, any companies currently operating or planning on operating in the massive Chinese eCommerce market will have the obligation to uphold greater due diligence regarding the products they choose to sell on their website and how they handle customer data.


In late December 2018, India banned eCommerce companies from selling the products of companies in which they have equity, mainly aimed at protecting local small businesses from becoming overshadowed by retail giants. Local Indian retailers worry that companies like Amazon are using their control over inventory from the companies they have equity in to obtain exclusive sales agreements and low prices with which local vendors can’t compete.


On May 25, 2018, Europe enacted the General Data Protection Regulation (GDPR), which introduced laws regarding the handling of individual’s data within the EU.

The goal of GDPR is to “harmonize” data protection laws throughout Europe, making companies accountable for the personal information it stores on its website in case there is a data breach. While this regulation is limited to countries within the European Union, in the face of globalization and international eCommerce practices, all companies worldwide should be aware how to maintain compliance with GDPR in order to continue expanding their business overseas.


United Kingdom

Though the United Kingdom is scheduled to leave the European Union within the next year, Parliament recently passed the Data Protection Act 2018, which provides the same protections to UK citizens and their data that they would have received under GDPR.


Though the US has thus far maintained a hands-off approach to regulating tech companies and online marketplaces, recent data breaches and data scandals compromising companies like Facebook, Marriott, and Equifax have put pressure on the federal government to implement a data privacy law of its own.

One such proposed piece of legislation, the Consumer Data Protection Act, would add policies intended to strengthen data privacy. It would also add the ability to penalize executives of offending companies for violations. Though this act hasn’t materialized yet, US eCommerce sites need to prepare their platforms over the next few years and ensure they have the proper security measures in place for when the US government inevitably follows the path of GDPR and enacts a law of their own.

To learn how Terrace can help your eCommerce enterprise implement the security measures and architecture needed to achieve regulatory compliance, call us at (415) 848-7300 or email us at

%d bloggers like this: