Laws differ, of course, from country to country. In Europe, however, many of the most important laws for webshop owners are based on EU directives and are therefore the same in all EU member states. In other regions of the world, the situation may differ.
It's also worth bearing in mind that the law isn't always black and white. The people who write laws can't anticipate every situation that might arise, especially in fast-evolving fields such as on-line trading. Consequently, the correct way to interpret the law in a particular situation is often a matter of opinion until the principle is tested in a court case.
For a webshop owner, two main areas of law are relevant: privacy law and consumer law (fair trading).
The Data Protection Directive applies throughout the EU. It's a complex piece of legislation, which controls the processing of personal data. Personal data is any piece of information that relates to an identifiable individual. Processing is almost anything that you might want to do with that information: collecting it, saving it, sending it from one system to another, using it to generate mail shots and so on.
Central to the directive is the principle that all data processing must be transparent, proportional and for a legitimate purpose. Transparency doesn't just imply telling your customers what information you are collecting and what you are going to do with it. It also means that you yourself need to know what processing you are doing (not as straightforward as it sounds, when so much goes on 'under the hood' of software products and systems) and that you can explain to the authorities what you have done and why, if the need arises.
Proportional processing means, for example, not gathering more data than you actually need for your stated purpose and not keeping it for longer than you really need to. A legitimate purpose might be enabling you to serve your customers properly; it certainly wouldn't be building up a picture of your clientele for use in the context of some unrelated project.
The Data Protection Directive isn't the only privacy law around. There is also the ePrivacy Directive (or 'Cookie Directive'), for example, which regulates how websites save little data files ('cookies') on visitors' computers.
No webshop owner can possibly be completely familiar with all the privacy laws in use. But you need to be alert to their existence. And you need to think about the privacy implications when choosing software and services. Will the product or service be designed with your local privacy laws in mind if the supplier or provider is in another global region?
You also need to ensure a good level of security so that data you legitimately process doesn't get into other people's hands.
To help you find your way around this complex field, the data protection authorities in most European countries publish practical guidelines. Look up your local data protection authority and visit the website.
Naturally, as a webshop owner, you have to obey all the 'ordinary' consumer laws that apply to any trader. Your goods must be as described, safe and fit for purpose, for example. The normal distance selling laws apply too: you have to allow people to return goods within a 'cooling off period', for instance.
You also have to abide by a range of 'special' laws that are specific to ecommerce. The main one is the eCommerce Directive. The directive defines rules on things such as transparency and the provision of information by on-line service providers, commercial communications and electronic contracts. It also defines the limits of an intermediary's liability. Your local trading standards authority or the trade association for your sector should be able to provide practical help on operating within the rules.
Most countries have their own national laws as well. In the Netherlands, for example, there is the 'Wet Van Dam', which regulates the automatic renewal of contracts and subscriptions.