HAVING REGARD to Article 5 b) of the Convention of the Organisation for Economic Co-operation and Development of 14 December 1960;

HAVING REGARD to the Recommendation of the Council concerning Guidelines for Consumer Protection in the Context of Electronic Commerce [C(99)184/FINAL], which this Recommendation replaces;

HAVING REGARD to the Recommendation of the Council concerning Guidelines for Protecting Consumers from Fraudulent and Deceptive Commercial Practices Across Borders [C(2003)116]; the Recommendation of the Council on Consumer Dispute Resolution and Redress [C(2007)74]; the Declaration for the Future of the Internet Economy (The Seoul Declaration) [C(2008)99]; the Recommendation of the Council on Principles for Internet Policy Making [C(2011)154]; the Recommendation of the Council concerning Guidelines Governing the Protection of Privacy and Trans-border Flows of Personal Data (“Privacy Guidelines”) [C(80)58/FINAL, as amended]; the Recommendation of the Council on Consumer Policy Decision Making [C(2014)30]; the Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity (“Security Risk Recommendation”) [C(2015)115];

RECOGNISING the benefits of e-commerce to consumers, which include easy access through a range of devices to a variety of goods and services, including digital content products, offered by an expanding array of businesses at competitive prices, with  convenient payment options;

RECOGNISING the dynamic and innovative character of the e-commerce marketplace, which enables consumers to gather, compare, review and share information about goods and services, and fosters the development of new business models, some of which facilitate consumer-to-consumer transactions;

RECOGNISING that the ease and speed of engaging in e-commerce, at anytime, anywhere, and in particular across borders, may create situations which are unfamiliar to consumers and put their interests at risk;

RECOGNISING the need to address a number of consumer challenges related to information disclosure,  misleading or unfair commercial practices, confirmation and payment, fraud and identity theft, and dispute resolution and redress;

RECOGNISING the need to equip consumer protection enforcement authorities with the ability to effectively protect consumers in e-commerce and to exchange information and co-operate in cross-border matters;

MINDFUL of the increasing privacy and security risks faced by consumers in e-commerce and the need to effectively address those risks to enhance consumer trust in e-commerce, consistent with the Privacy Guidelines and Security Risk Recommendation;

RECOGNISING the value to governments, businesses and consumers of clear guidance as to the core characteristics of effective consumer protection in e-commerce, which can be supplemented by additional measures for the protection of consumers in e-commerce;

RECOGNISING the importance of e-commerce policies that are innovation-friendly, technology neutral and informed by evidence and insights from information and behavioural economics;

RECOGNISING the value of inclusive and transparent multi-stakeholder processes in developing flexible and globally scalable policies for protecting consumers in e-commerce;

EMPHASISING that the appropriate allocation of responsibility for the protection of consumers among relevant e-commerce actors is key to promoting consumer welfare and enhancing consumer trust;

On the proposal of the Committee on Consumer Policy:

I. AGREES that this Recommendation applies to business-to-consumer e-commerce, including commercial practices through which businesses enable and facilitate consumer-to-consumer transactions (hereafter “e-commerce”), and that it covers commercial practices related to both monetary and non-monetary transactions for goods and services, which include digital content products (hereafter “goods and services”).

II. RECOMMENDS that Members and non-Members adhering to this Recommendation (hereafter “Adherents”) work with businesses, consumer representatives and other civil society organisations (hereafter “stakeholders”) in a transparent and inclusive manner to implement the following principles in their policy frameworks for the protection of consumers in e-commerce:


A.           Transparent and Effective Protection

1.            Consumers who participate in e-commerce should be afforded transparent and effective consumer protection that is not less than the level of protection afforded in other forms of commerce.

2.            Governments and stakeholders should work together to achieve such protection and determine what changes may be necessary to address the special circumstances of e-commerce, including for children and vulnerable or disadvantaged consumers. In so doing, they should take into account the insights from information and behavioural economics.

B.           Fair Business, Advertising and Marketing Practices

3.            Businesses engaged in e-commerce should pay due regard to the interests of consumers and act in accordance with fair business, advertising and marketing practices as well as the general principle of good faith.

4.            Businesses should not make any representation, or omission, or engage in any practice that is likely to be deceptive, misleading, fraudulent or unfair. This includes the general impression likely conveyed to consumers by the representation or practice as well as implied factual misrepresentations conveyed through features such as the good or the service’s name, words, pictures, audio and/or video and the use of disclaimers that are hidden, hard to notice or to understand.

5.            Businesses should not misrepresent or hide terms and conditions that are likely to affect a consumer’s decision regarding a transaction.

6.            Businesses should not use unfair contract terms.

7.            If contract terms stipulate monetary remedies in the case of a consumer’s breach of contract, such remedies should be proportionate to the damage likely to be caused.

8.            Businesses should not engage in deceptive practices related to the collection and use of consumers’ personal data.

9.            Businesses should not permit others acting on their behalf to engage in deceptive, misleading, fraudulent or unfair practices and should take steps to prevent such conduct.

10.          Businesses should be able to substantiate any express or implied representations for as long as the representations are maintained, and for a reasonable time thereafter.  

11.          Businesses should comply with any express or implied representations they make about their adherence to industry self-regulatory codes or programmes, privacy notices or any other policies or practices relating to their transactions with consumers.

12.          Businesses should not attempt to restrict a consumer’s ability to make negative reviews, dispute charges, or consult or file complaints with government agencies and other complaint bodies.

13.          Advertising and marketing should be clearly identifiable as such.

14.          Advertising and marketing should identify the business on whose behalf the marketing or advertising is being conducted where failure to do so would be deceptive.

15.          Businesses should ensure that any advertising or marketing for goods or services are consistent with their actual characteristics, access and usage conditions.

16.          Businesses should ensure that advertised prices do not misrepresent or hide the total cost of a good or a service.

17.          Endorsements used in advertising and marketing should be truthful, substantiated and reflect the opinions and actual experience of the endorsers. Any material connection between businesses and online endorsers, which might affect the weight or credibility that consumers give to an endorsement, should be clearly and conspicuously disclosed.

18.          Businesses should take special care in advertising or marketing that is targeted to children, vulnerable or disadvantaged consumers, and others who may not have the capacity to fully understand the information with which they are presented.

19.          Even where not obligated to do so, businesses should consider offering consumers the possibility to withdraw from a confirmed transaction in appropriate circumstances.

20.          Businesses should take into account the global nature of e-commerce and consider the various regulatory characteristics of the markets they target.

21.          Businesses should not exploit the special characteristics of e-commerce to hide their true identity or location, or to avoid compliance with consumer protection standards and/or enforcement mechanisms.

22.          Businesses should develop and implement effective and easy-to-use procedures that allow consumers to choose whether or not they wish to receive unsolicited commercial messages, whether by e-mail or other electronic means. When consumers have indicated, at any time, that they do not want to receive such messages, their choice should be respected.

23.          Businesses should not offer, advertise or market, goods or services that pose an unreasonable risk to the health or safety of consumers. Businesses should co-operate with the competent authorities when a good or a service on offer is identified as presenting such a risk.

24.          Businesses should consider the needs of persons with disabilities when designing e-commerce platforms and online payment systems.

C.           Online Disclosures

General Principles

25.          Online disclosures should be clear, accurate, easily accessible and conspicuous so that consumers have information sufficient to make an informed decision regarding a transaction. Such disclosures should be made in plain and easy-to-understand language, at a relevant time, and in a manner that enables consumers to retain a complete, accurate and durable record of such information.

26.          When more than one language is available to conduct a transaction, businesses should make available in those same languages, all information necessary for consumers to make an informed decision regarding a transaction. All information that refers to costs should indicate the applicable currency, unless it is apparent from the context.

27.          Businesses should take into account the technological limitations or special characteristics of a device or platform, while providing all necessary information.

Information about the Business

28.          Businesses engaged in e-commerce with consumers should make readily available information about themselves that is sufficient to allow, at a minimum: i) identification of the business; ii) prompt, easy and effective consumer communication with the business; iii) appropriate and effective resolution of any disputes that may arise; iv) service of legal process in domestic and cross-border disputes; and v) location of the business.

29.          This information should include the legal name of the business and name under which it trades; its principal geographic address; an e-mail address, telephone number or other electronic means of contact; appropriate domain name registration information for web sites that are promoting or engaging in commercial transactions with consumers; and any relevant government registration or license information.

30.          When a business publicises its membership in any relevant self-regulatory programme, business association, dispute resolution organisation or other body, the business should provide sufficient information to enable consumers to easily contact such body. Businesses should provide consumers with easy methods to verify that membership, access the relevant codes and practices of the organisation, and take advantage of any dispute resolution mechanisms offered by the organisation.

Information about the Goods or Services

31.          Businesses engaged in e-commerce with consumers should provide information describing the goods or services offered that is sufficient to enable consumers to make informed decisions regarding a transaction.

32.          Depending on relevant factors, including the type of good or service, this should include information such as:

i)     Key functionality and interoperability features;

ii)     Key technical or contractual requirements, limitations or conditions that might affect a consumer’s ability to acquire, access or use the good or service;

iii)    Safety and health care information; and

iv)    Any age restrictions.

Information about the Transaction

33.          Businesses engaged in e-commerce should provide information about the terms, conditions and costs associated with a transaction that is sufficient to enable consumers to make an informed decision regarding a transaction. Consumers should be able to easily access this information at any stage of the transaction.

34.          Businesses should provide consumers with a clear and full statement of the relevant terms and conditions of the transaction.

35.          Where applicable and appropriate given the transaction, such information should include the following:

i)     Initial price, including all fixed compulsory charges collected and/or imposed by the business;

ii)     Information on the existence of variable compulsory and optional charges collected and/or imposed by the business when they become known by the business and before consumers confirm the transaction;

iii)    Notice of the existence of other routinely applicable costs to the consumer that are collected and/or imposed by third parties;

iv)    Terms, conditions, and methods of payment, including contract duration, recurring charges, such as automatic repeat purchases and subscription renewals, and ways to opt out from such automatic arrangements;

v)    Terms of delivery or performance;

vi)    Details of and conditions related to withdrawal, termination or cancellation, after-sales service, return, exchange, refunds, warranties and guarantees;

vii)   Privacy policy; and

viii)  Information on available dispute resolution and redress options.

D.           Confirmation Process

36.          Businesses should ensure that the point at which consumers are asked to confirm a transaction, after which time payment is due or they are otherwise contractually bound, is clear and unambiguous, as should the steps needed to complete the transaction, especially for new payment mechanisms.

37.          Businesses should provide consumers with an opportunity to review summary information about the good or service, as well as any delivery and pricing information before consumers are asked to confirm a transaction. They should enable consumers to identify and correct errors or to modify or stop the transaction, as appropriate.

38.          Businesses should not process a transaction unless the consumer has provided express, informed consent to it.

39.          Businesses should enable consumers to retain a complete, accurate and durable record of the transaction, in a format compatible with the device or platform that the consumers used to complete the transaction.

E.           Payment

40.          Businesses should provide consumers with easy-to-use payment mechanisms and implement security measures that are commensurate with payment-related risks, including those resulting from unauthorised access or use of personal data, fraud and identity theft.

41.          Governments and stakeholders should work together to develop minimum levels of consumer protection for e-commerce payments, regardless of the payment mechanism used. Such protection should include regulatory or industry-led limitations on consumer liability for unauthorised or fraudulent charges, as well as chargeback mechanisms, when appropriate. The development of other payment arrangements that may enhance consumer confidence in e-commerce, such as escrow services, should also be encouraged.

42.          Governments and stakeholders should explore other areas where greater harmonisation of payment protection rules among jurisdictions would be beneficial and seek to clarify how issues involving cross-border transactions could be best addressed when payment protection levels differ.

F.           Dispute Resolution and Redress

43.          Consumers should be provided with meaningful access to fair, easy-to-use, transparent and effective mechanisms to resolve domestic and cross-border e-commerce disputes in a timely manner and obtain redress, as appropriate, without incurring unnecessary cost or burden. These should include out-of-court mechanisms, such as internal complaints handling and alternative dispute resolution (hereafter, “ADR”). Subject to applicable law, the use of such out-of-court mechanisms should not prevent consumers from pursuing other forms of dispute resolution and redress.

Internal complaints handling

44.          The development by businesses of internal complaints handling mechanisms, which enable consumers to informally resolve their complaints directly with businesses, at the earliest possible stage, without charge, should be encouraged.

Alternative dispute resolution

45.          Consumers should have access to ADR mechanisms, including online dispute resolution systems, to facilitate the resolution of claims over e-commerce transactions, with special attention to low value or cross-border transactions. Although such mechanisms may be financially supported in a variety of ways, they should be designed to provide dispute resolution on an objective, impartial, and consistent basis, with individual outcomes independent of influence by those providing financial or other support.


46.          Businesses should provide redress to consumers for the harm that they suffer as a consequence of goods or services which, for example, are defective, damage their devices, do not meet advertised quality criteria or where there have been delivery problems. Governments and stakeholders should consider how to provide redress to consumers in appropriate circumstances involving non-monetary transactions.

47.          Governments and stakeholders should work towards ensuring that consumer protection enforcement authorities and other relevant bodies, such as consumer organisations, and self-regulatory organisations that handle consumer complaints, have the ability to take action and obtain or facilitate redress for consumers, including monetary redress.

G.           Privacy and Security

48.          Businesses should protect consumer privacy by ensuring that their practices relating to the collection and use of consumer data are lawful, transparent and fair, enable consumer participation and choice, and provide reasonable security safeguards.

49.          Businesses should manage digital security risk and implement security measures for reducing or mitigating adverse effects relating to consumer participation in e-commerce.

H.           Education, Awareness and Digital Competence

50.          Governments and stakeholders should work together to educate consumers, government officials and businesses about e-commerce to foster informed decision-making. They should work towards increasing business and consumer awareness of the consumer protection framework that applies to their online activities, including their respective rights and obligations, at domestic and cross-border levels.

51.          Governments and stakeholders should work together to improve consumers’ digital competence through education and awareness programmes aimed at providing them with relevant knowledge and skills to access and use digital technology to participate in e-commerce. Such programmes should be designed to meet the needs of different groups, taking into account factors such as age, income, and literacy.

52.          Governments and stakeholders should make use of all effective means to educate consumers and businesses, including innovative techniques made possible by global networks.


53.          To achieve the purpose of this Recommendation, governments should, in co-operation with stakeholders:

i)     Work towards improving the evidence base for e-commerce policy making through:

-        The collection and analysis of consumer complaints, surveys and other trend data, and

-        Empirical research based on the insights gained from information and behavioural economics;

ii)     Review and, if necessary, adopt and adapt laws protecting consumers in e-commerce, having in mind the principle of technology neutrality;

iii)    Establish and maintain consumer protection enforcement authorities that have the authority and powers to investigate and take action to protect consumers against fraudulent, misleading or unfair commercial practices and the resources and technical expertise to exercise their powers effectively; 

iv)    Work towards enabling their consumer protection enforcement authorities to take action against domestic businesses engaged in fraudulent and deceptive commercial practices against foreign consumers, and to take action against foreign businesses engaged in fraudulent and deceptive commercial practices against domestic consumers;

v)    Encourage the continued development of effective co-regulatory and self-regulatory mechanisms that help to enhance trust in e-commerce, including through the promotion of effective dispute resolution mechanisms;

vi)    Encourage the continued development of technology as a tool to protect and empower consumers;

vii)   Facilitate the ability of consumers to access consumer education information and advice and to file complaints related to e-commerce.


54.          In order to provide effective consumer protection in the context of global e-commerce, governments should:

i)     Facilitate communication, co-operation, and, where appropriate, the development and enforcement of joint initiatives at the international level among governments and stakeholders;

ii)     Improve the ability of consumer protection enforcement authorities and other relevant authorities, as appropriate, to co-operate and co-ordinate their investigations and enforcement activities, through notification, information sharing, investigative assistance and joint actions. In particular, governments should:

-        Call for businesses to make readily available information about themselves that is sufficient to allow, at a minimum, location of the business and its principals for the purpose of law enforcement, regulatory oversight and compliance enforcement, including in the cross-border context,

-        Strive to improve the ability of consumer protection enforcement authorities to share information subject to appropriate safeguards for confidential business information or personal data, and

-        Simplify assistance and co-operation, avoid duplication of efforts, and make every effort to resolve disagreements as to co-operation that may arise, recognising that co-operation on particular cases or investigations remains within the discretion of the consumer protection enforcement authority being asked to co-operate.

iii)    Make use of existing international networks and enter into bilateral and/or multilateral agreements or other arrangements as appropriate, to accomplish such co-operation;

iv)    Continue to build consensus, both at the national and international levels, on core consumer protections to further the goals of promoting consumer welfare and enhancing consumer trust, ensuring predictability for businesses, and protecting consumers;

v)    Co-operate and work toward developing agreements or other arrangements for the mutual recognition and enforcement of judgments resulting from disputes between consumers and businesses, and judgments resulting from law enforcement actions taken to combat fraudulent, misleading or unfair commercial conduct;

vi)    Consider the role of applicable law and jurisdiction in enhancing consumer trust in e-commerce.

III. ENCOURAGES stakeholders to disseminate and follow this Recommendation in their approach to e-commerce;

IV. INVITES Adherents and the Secretary-General to disseminate this Recommendation;

V.  INVITES non-Adherents to take account of and adhere to this Recommendation;

VI. INSTRUCTS the Committee on Consumer Policy to:

i)     serve as a forum to share information on progress and experiences with respect to the implementation of this Recommendation, and

ii)     monitor the implementation of this Recommendation and report to the Council within five years of its adoption and thereafter as appropriate.