The number of e-commerce sites in France is increasing and should reach 220,000 sites in 2023. At the end of 2022, there were 207,000 merchant sites ( Source French government ) in France.
All of these sites generated nearly 147 billion euros in expenditure, as recalled by the E-commerce and Distance Selling Federation (FEVAD) in its latest barometer.
With the growing interest of consumers in online sales, the sector was quickly framed, in particular by laws, and required companies to display a certain number of mentions on their website.
CGV, RGPD, CNIL… Are these acronyms foreign to you? We suggest that you review these elements in our article.
E-commerce in France: a regulated affair
In France, the creation of an e-commerce site is regulated thanks to the Law of June 21, 2004 for confidence in the digital economy.
Mandatory mentions
As an e-commerce company, you will need to display the following information on your merchant site:
The identity of the company : the company name, legal form, amount of share capital;
The contact details of the company : address of the head office, the email address or the telephone number to contact you;
Mentions relating to intellectual property :
- If you use images, illustrations, photographs : you must include their intellectual property
- For texts that are not yours, you must obtain the authorization of the author or at least cite the source of the text
Other mandatory information additional to your activity:
If you are a commercial activity:
- Registration number in the Trade and Companies Register (RCS)
- Individual identification number (the intra-community VAT number) if applicable
In the context of merchant sites : your general conditions of sale (GTC)
To go further on these subjects, we advise you to visit the website economie.gouv.fr which lists the obligations to be respected for the display of notices on your website and according to your activity.
In the event of non-compliance with these rules, penalties may be imposed.
If you forget the information indicated above, you expose yourself to financial penalties which can be significant. As Bercy reminds us on its site, the law provides for up to 1 year in prison in the event of a breach of one of the obligations concerning mandatory notices and cookies.
The amount of the fines differs depending on whether you are a natural person or a legal person:
- For natural persons: €75,000 fine
- For legal entities: €375,000 fine
There are also other bodies that regulate data processing, such as the CNIL.
CNIL and GDPR: two acronyms that should hold no secrets for you
Who says e-commerce site probably means recovery of some data from your customers. Since 2018 and the implementation of the GDPR or General Data Protection Regulation, the personal data of individuals is better protected.
This regulation requires companies to process user data in a transparent manner, to obtain their consent for its processing and to allow them to control it. Here again as a professional, you will have to make available a series of information including:
- The identity and contact details of the body responsible for the data processing;
- The contact details of the Data Protection Officer (DPO) , or a point of contact on personal data protection matters;
- The legal basis of the data processing (consent of the Internet user, compliance with an obligation provided for by a text, execution of a contract, etc.)
Failure to comply with these regulations can lead to significant financial penalties for companies. This is when the CNIL - the National Commission for Computing and Liberties - comes into play. The CNIL is the body responsible for applying the GDPR regulations in France, among others. Often referred to as the “Internet policeman”, it has numerous powers of control and sanctions against any organization which processes the personal data of persons residing in France or which has an establishment in France.
Controls can be carried out on an annual basis, on reports and complaints (complaints), during initiatives within the framework of themes identified with regard to current events and which are likely to present problems and issues relating to data protection. personal.
In 2022, the CNIL carried out 21 sanctions for a total amount of 101,277,900 euros. At the European level, 18 draft sanctions were examined by the same body. You can also consult the list of companies sanctioned by the CNIL in 2022.
As you will have understood, in France, e-commerce is highly regulated. First of all by a law of June 21, 2004 which requires e-merchants to display mandatory information on their website. This information must be easily accessible and understandable by all visitors.
On the other hand with the implementation in 2018 of the GDPR, the General Data Protection Regulation which aims to regulate the use of individuals' personal data. The CNIL, for its part, is responsible for applying this regulation and imposing sanctions in the event of breaches.
Support from a professional e-commerce agency can be a real asset in your online business.
