PROFECO imposed fines on major e-commerce retailers even though no consumer complaint was filed; During a massive raid on e-commerce stores, PROFECO found that online stores' Terms and Conditions and Privacy Notices were ambiguous, failed to disclose mandatory information that most be provided to consumers before a transaction takes place and breached consumer privacy rights. Fines imposed rise to $300,000 USD.

What does this enforcement action means for Online Stores? 

The apparent immunity of e-commerce websites in Mexico has come to an end. On September, 2014, the Mexican Consumer Protection Agency (PROFECO) acting ex-officio, conducted a massive and unprecedented inspection of online stores in order to verify compliance of e-retailers with regard to e-commerce, online consumer protection, electronic contracting and privacy regulations. This raid represents a significant shift in PROFECO's approach to enforcement of e-consumers rights. Companies that sell products and services online should be aware that PROFECO may impose fines related to e-commerce even if no consumer claim has been filed. Online stores should ensure its Terms and Conditions, Privacy Notices and other information which needs to be disclosed to consumers before the transaction takes place, to be aligned with Mexican regulatory framework.

Grounds for sanctions

PROFECO showed its muscle and readiness to enforce e-commerce provisions during an event named Hotsale Mexico, the first "Cyber Monday" type of event organized in Mexico, where more than 85 online stores participated. Before the Event, PROFECO verified companies' Terms and Conditions, Privacy Notices, website information and security disclosures, and impose sanctions on a variety of websites. The main grounds for fines were the following:

  • Terms and Conditions were found to be disproportionate, in prejudice of consumers. For example, terms which allowed the e-retailer to unilaterally modify purchase prices or cancel purchase orders were found to be in breach to the law.
  • E-retailer failure to appropriately disclose information about delivery of products, return rights and cancellation rights.
  • Failure by site operators to disclose relevant information about the identity of the Company (including corporate name, address and other information).
  • Privacy notices were found to lack minimum mandatory information elements, including information security disclosures.

Your Company sells online in Mexico? Consider the following:

  • Ensure your online store is posting in the website relevant and appropriate disclosures as required by Mexican e-commerce laws. This task may be easily accomplished by conducting a quick "health check" of your website information. Domains to be assessed should include consumer protection, online contracting, privacy/data protection and information security.
  • If any deficiencies or gaps are found in your website, cover the gaps by disclosing mandatory information, by revising and updating legal documentation and by implementing website modifications (such as the "cookie notice").