Digital transformation refers to the use of modern technologies, such as artificial intelligence ("AI"), cloud computing and application programming interfaces ("APIs") to streamline and automate workflows, improve business operations, and increase competitive advantage. A business model is defined as a framework implemented by a company to generate profit through the delivery of its products and services. Traditionally, main business models included retail, mining, agricultural, manufacturing, as well as service-based businesses but, with the onset of digitisation, types of business models now extend to many others including freemium, e-commerce, digital marketplaces, platforms, and crowd-funding.

In the first of a series of articles, we will focus on digital transformation in retail and the typical legal considerations faced by retailers when digitising their businesses. This retail model consists of the traditional sale of products to consumers directly or to retailers.

The three sub-models include:

  • physical stores;
  • e-commerce stores; and
  • hybrid: a combination of physical and e-commerce stores.

Typically, the legal issues that retailers would need to consider when digitising include but are not limited to the following:

  • AdTech / MarTech: the emergence of advertising and marketing technologies and the rapid deployment of such technologies also requires a legal risk assessment before their deployment;
  • APIs and other integration: APIs are middleware software that allows two applications to communicate with each other. In the retail space, any utilisation of APIs also requires legal risk assessment and appropriate contracts in place. Likewise, if a retailer elects to integrate its solution with any third party, this necessitates a thorough legal risk assessment and appropriate contract in place;
  • Client-facing terms and conditions: It is an essential part of any e-commerce platform that the platform contains client-facing terms and conditions which accord both with consumer protection and other laws, as well as embeds, sound commercial terms and conditions;
  • Consumer protection: Consumer protection laws require that retailers include both policies and terms and conditions that comply with such laws. These include considerations such as cooling-off periods and return policies, as well as product warranties;
  • Contracting for solution development: When a retailer wishes to digitise, this would typically involve the development or implementation of a new technology-based solution. The starting point for ensuring success in the digitisation effort is to ensure that a sound contract is concluded between the retailer and its selected technology partners. If the solution is intended to be client-facing, there is a definite requirement that proper service levels are negotiated including appropriate recourse in the event of service level failure as this would ultimately impact the ability of customers to purpose from the retailer;
  • Cybersecurity: As with all technology, cybersecurity plays a critical role in digitisation and should not be an afterthought;
  • Data monetisation: An integral part of any successful retail digitisation initiative is having in place a data monetisation model. Despite widely perpetrated myths that legislation such as POPIA precludes parties from monetising and commercialising data, a well-crafted data monetisation strategy can help the retailer achieve its data monetisation objectives in a legally sound manner;
  • Data privacy: Data privacy is an essential component of digitisation, especially where consumer data is being processed. Compliance with legislation such as Protection of Personal Information Act, 2013 and the Promotion of Information Act, 2000 is mandatory and so too is ensuring that the use of cookies, privacy policies, and direct marketing consents are compliant with such laws. By using privacy impact assessments and privacy by design principles, a retailer can embed privacy into its digitisation efforts rather than trying to retrofit privacy compliance;
  • Email marketing: If a retailer wishes to rely on email marketing as part of its digitisation strategy, ensuring compliance with laws affecting direct marketing is essential;
  • Emerging technologies: The emergence of AI, cookies (and behavioural analysis), and e-commerce stores has led to improved marketing campaigns and customer targeting with personalised product recommendations and dynamic pricing. A common example of dynamic pricing is the "first-time access discounts" which uses cookies to determine whether a user is accessing an e-commerce store for the first time and offers the user a hefty discount to secure the customer. It is critical when embracing any technology that the retailer has a full risk appreciation of the implications of deploying such technologies and that risk mitigation mechanisms are employed before deployment of such technologies;
  • Influencers and celebrities: As retailers continue to promote their products and services through social media and other marketing campaigns, the use of influencers and celebrities requires appropriate background checks, follower vetting, and contracts in place to protect the retailer's interests;
  • Intellectual property: When digitising any content that includes copyrighted materials, trade marks or patented technologies (for example, photographs, images from the Internet, and even certain colours and fonts or colour combinations may be subject to IP protection), retailers need to ensure that they have the appropriate rights to use, share, display, and where relevant sell digital contents or products to avert any IP infringement claims;
  • International trade considerations: If a retailer wishes to develop an offering that is cross-border, it will have to ensure compliance with local laws as well as international trade laws, customs regulations, digital services taxes, data localisation laws, etc.;
  • Internet of Things ("IoT"): It is becoming increasingly common for retailers to introduce IoT into their operations and as with the deployment of any such technologies, this requires a detailed risk analysis coupled with appropriate policies and procedures as well as contracts;
  • Job displacement: Every digitisation effort should be coupled with an analysis as to whether jobs will be affected or not. If there is a likelihood that jobs are affected, compliance with employment laws is also mandatory to mitigate inadvertent risks arising from digitisation;
  • Other regulatory: Retailers may also have to ensure compliance with other regulations such as the National Credit Act, 2005, the Second-Hand Goods Act, 2008, Advertising Standards Authority requirements, and other regulations impacting their digitisation efforts. Furthermore, any e-commerce platform needs to be compliant with the Electronic Communications and Transactions Act, 2005;
  • Platforms: If a retailer elects to offer goods and services via a platform, this raises an additional complexity of having to ensure that proper contracts are in place to govern the relationship between the platform operator, the provider of goods and services and end consumers. As part of this consideration, rights in respect of data usage and exploitation are also critical;
  • Reliance on third-party consultants: Retailers may choose to procure the services of third parties such as advertising agencies, digital marketing agencies, social media managers, and others, and in doing so, need to ensure that the appropriate contracts are in place and that such contracts include brand guidelines, or even a simple list of dos and don'ts especially when it comes to social media management;
  • Scraping: When retailers display novel products, designs or solutions, they run the risk that such content could be scraped off their websites and social media accounts and replicated cheaply by mala fide third parties. Ensuring that effective protection measures are in place is part of risk mitigation and brand protection;
  • Social media: When a retailer markets products using social media, this raises a myriad of additional legal issues including compliance with social media terms and conditions, dealing with trolls, negative publicity, securing appropriate rights to keywords, and others;
  • Use of payment service providers: If a retailer elects to utilise a particular payment service provider or a specific type of payment mechanism, the retailer needs to ensure that the payment technology being deployed accords with legal requirements, especially with the growth of FinTech and the fact that not all start-ups, or for that matter, even scale-ups, may have undertaken a legal analysis before deploying a specific type of payment solution to market.

The above is a non-exhaustive list of some of the key considerations that retailers need to factor in when digitising. It also serves as a useful checklist for retailers to be able to assess the compliance of their existing offerings. In our next edition, we will further explore the key considerations for manufacturers when digitising.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.