Retailers! What do Black Friday and e-receipts have in common? Data protection compliance

Friday, November 24, 2017

Increasingly retailers are offering to send us our receipts by email. It’s a convenient way to keep your purse empty of litter. However the Office of the Data Protection Commissioner (ODPC) is concerned that some retailers are obtaining customers’ email addresses for one purpose (to send them an e-receipt) and then also using it for another – direct marketing.

Earlier this month the ODPC issued guidance to retailers on the issue following some investigations by the ODPC.

Direct marketing is regulated in Ireland by the E-Privacy Regulations. In summary, consumers need to know from the outset that you intend using their email both to send them an e-receipt and for direct marketing purposes. There is no room for surprises in this area of the law as the fines and penalties can be significant and damaging for a brand if a prosecution is taken for breaching the regulations – and that does happen.

With some planning, retailers can ensure they are in compliance and build their marketing database knowing it has ‘data integrity’ i.e. is fully compliant with data protection laws making it a business asset in real financial terms.

We set out below the four steps which the Data Protection Commissioner recommended in its recent guidance on e-receipts to ensure retailers are in data protection compliance in this area.

Where contact details have been obtained in the context of the sale of a product or service, these details may only be used for direct marketing by electronic mail if the following conditions are met:

1. The product or service you are marketing is of a kind similar to that which you sold to the customer at the time you obtained their contact details.
2. At the time you collected the details, you gave the customer the opportunity to object, in an easy manner and without charge, to their use for marketing purposes.
3. Each time you send a marketing message, you give the customer the right to object to receipt of further messages.
4. The sale of the product or service occurred not more than twelve months prior to the sending of the electronic marketing communication or, where applicable, the contact details were used for the sending of an electronic marketing communication in that twelve-month period.

For more information on this topic please contact Ann Henry or Hugo Grattirola.