The collection and use of personal information by e-businesses in the UK must be done in compliance with UK data protection laws.
These laws are primarily contained in the following legislative pieces:-
1. Data Protection Act 1998 (DPA)
2. The Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (the Regulations) as revised by the Privacy and Electronic Communications (EC Directive) (Amendments) Regulations 2011 (SI 2011/1208).
3. Consumer Protection from Unfair Trading Regulations 2008 (SI 2008/1277), which implement Directive 2005/29/EC concerning unfair business-to-consumer commercial practices.
The latter is an important tool for preventing abuse as the Regulations provides that a trader is guilty of an offence if he makes persistent and unwanted solicitations by telephone, fax, email or other remote media except in circumstances and to the extent justified to enforce a contractual obligation. Penalties for contravention can amount to an unlimited fine or a prison term of no more than two years (Regulation 13).
Every website which has data relating to living individuals must be registered with the information commissioner for data protection purposes.