Running an e-commerce business in today’s competitive landscape means more than attracting customers and fulfilling orders.
To operate safely, avoid fines, and scale sustainably, online retailers must comply with a complex range of legal, commercial, and regulatory requirements.
Our eCommerce lawyers work with online businesses companies of all sizes, from start-ups to high-volume online retailers. Below is a practical guide to the core legal documents, compliance obligations, and risk-management strategies every online business should have in place.
Key Takeaways
Website Terms & Conditions set the contractual rules for customers and reduce disputes.
A compliant Privacy Policy is compulsory for many e-commerce businesses under the Australian Privacy Act, GDPR, and other laws.
Clear refund and return terms help meet Australian Consumer Law (ACL) obligations.
Supplier, fulfilment, and drop-shipping agreements protect you from third-party risks.
Trade mark and IP protection is essential to combat copycats and competitors.
1. Website Terms & Conditions: Your First Line of Protection
Your website’s Terms & Conditions (T&Cs) and Terms of Use form the contract between your online store and your customers.
Legally, they govern how transactions occur and protect your business if something goes wrong.
Strong Australian website terms and conditions should cover:
How orders are placed and accepted
Pricing, payment methods, and currency
Shipping timeframes and delivery expectations
Australian Consumer Law rights and warranties
Refund and return processes
Limitation of liability and disclaimers
Ownership of intellectual property
User-generated content rules (e.g., reviews)
Governing law and dispute resolution
A generic template won’t cover your risks. Custom legal drafting ensures the T&Cs reflect your actual processes, products, and customer journey.
Legal Tip: If your T&Cs do not reflect your actual processes (for example, if your shipping times differ from your stated terms) you may be engaging in misleading or deceptive conduct under the ACL, even unintentionally. Custom drafting is the safest approach.
2. Privacy Compliance: A Non-Negotiable for Online Stores
E-commerce businesses routinely collect personal information such as names, emails, payment details, and behavioural data. This means you must comply with:
Spam Act 2003 (Cth) (especially when email marketing)
The GDPR (if you sell to EU customers)
A compliant Privacy Policy must outline:
The types of personal information collected
How and why it’s collected
Whether it’s shared with third parties (e.g., Shopify, Google)
How data is stored and secured
User rights to access or correct information
How individuals can make a complaint
Learn more about what to include in your Privacy Policy in our article.
Remember: Even if you’re a “small business”, you may still be required to comply with privacy laws if you sell personal information, operate an online store with customer accounts, or use certain third-party marketing technologies. Many e-commerce stores don’t realise they lose the small business exemption once they engage in these activities.
3. Clear Refund and Return Policies Reduce Disputes
Refunds and returns are one of the biggest sources of customer disputes.
A clear, ACL-compliant refund and returns policy should:
Explain statutory consumer guarantees
Distinguish between “change of mind” returns and defects
Set clear processes for returning products
Describe the timeframes for refunds and exchanges
Avoid unlawful wording such as “no refunds under any circumstances”
If your refund wording restricts consumer rights (for example, “no refunds on sale items”), you may face significant ACCC penalties.
If you sell products or services online, it’s essential to know how ACL affects you – learn more in our guide on Australian Consumer Law and online businesses.
4. Supplier, Fulfilment, and Drop-Shipping Contracts
Third-party suppliers are often where e-commerce businesses face the most risk. Poor-quality products, late deliveries, or stock shortages frequently lead to ACL claims against the retailer – even if the supplier is at fault.
Well-drafted contracts should cover:
Quality, specifications, and safety standards
Delivery deadlines and logistics responsibilities
Indemnities for defective products
Inventory levels and forecasting
Insurance and risk allocation
Payment terms and termination rights
Exclusivity arrangements
Liability for product recalls
Legal Tip: Under ACL, you (NOT your supplier) are responsible to your consumers. This means your supplier contracts must protect you from the downstream consequences.
5. Advertising, Influencers, and Affiliate Marketing Compliance
Digital marketing is heavily regulated in Australia. The ACCC has increased scrutiny of online advertising, especially in the e-commerce and influencer sectors.
Businesses must ensure:
Sponsored content is clearly disclosed
Product claims are accurate, substantiated and not misleading
Email marketing complies with the Spam Act
UGC, reviews, and testimonials are not filtered or manipulated
Affiliates and influencers follow your brand and legal guidelines
Your business can be liable for misleading claims made by influencers (even if they were unpaid) if they are promoting your product.
For more detail on the rules around digital promotions, take a look at our guide on the legal side of influencer marketing.
6. Intellectual Property: Protect Your Brand From Copycats
Copycats and competitor imitation are common in the e-commerce space. Protecting your brand is crucial.
IP protection may include:
Trade mark registration (brand name, logo, tagline)
Design registration for unique product designs
Copyright protection for photos, videos, and product descriptions
DMCA or platform takedown notices for infringements
IP assignment clauses for employees and contractors
If you rely on contractors, like designers, photographers, web developers, you may not legally own the IP unless it is assigned in writing.
Learn more in our detailed guide to Intellectual Property Law in Australia.
Employment, Contractor & Outsourcing Agreements
As your e-commerce business expands, ensure your workforce is legally protected and properly classified.
Your employment contracts should include:
Confidentiality and IP ownership clauses
Clear duties, KPIs, and service levels
Non-compete and non-solicitation clauses (where appropriate)
Remember: Wrongly classifying contractors as employees can result in penalties, back pay, and superannuation liabilities.
Frequently Asked Questions
Do I legally need Terms & Conditions on my website?
While not strictly required by law, T&Cs are essential for setting expectations, limiting liability, and protecting your business from disputes. Without them, you’re exposed to unnecessary risk.
Is dropshipping legal in Australia, and what compliance obligations apply?
Yes, dropshipping is legal in Australia, but dropshipping businesses must comply with all obligations under the Australian Consumer Law (ACL).
Even if your products are supplied, manufactured, or shipped by a third party, you (the retailer) are still responsible for product quality, safety, accurate descriptions, shipping timeframes, and consumer guarantees.
Dropshippers must also ensure their supplier agreements include indemnities, quality standards, and delivery requirements.
If you transfer customer information to overseas suppliers, you must also comply with privacy and data-sharing obligations under the Privacy Act. In short, dropshipping is legal, but it carries unique legal risks that must be managed through strong contracts and clear website terms.
What laws apply to e-commerce businesses in Australia?
Key laws include:
Australian Consumer Law (ACL)
Privacy Act and Australian Privacy Principles
Spam Act
Copyright Act and Trade Marks Act
Fair Trading laws in each State/Territory
Overseas privacy laws if selling internationally
Can I use a free Terms & Conditions or Privacy Policy template?
You can, but it’s risky. Templates rarely cover:
unique shipping processes
drop-shipping arrangements
data collection and marketing tools
warranty obligations
business-specific risks
They often leave major compliance gaps.
What contracts should a scaling e-commerce business have?
At minimum: website T&Cs, Privacy Policy, Refunds & Returns Policy, supplier agreements, fulfilment/3PL contracts, and IP agreements for staff and contractors.
When should I contact an e-commerce lawyer?
As early as possible – ideally before launch or when making major changes (such as new suppliers, new product lines, international expansion, rebranding). Early legal support is far cheaper than fixing mistakes later.
Prosper Law’s brisbane e-commerce lawyers have experience with various companies across Australia. If you want tailored, fixed-fee legal support, get in touch.
