Friday, November 24, 2017
Increasingly retailers are offering to send us our receipts by email. It’s a convenient way to keep your purse empty of litter. However the Office of the Data Protection Commissioner (ODPC) is concerned that some retailers are obtaining customers’ email addresses for one purpose (to send them an e-receipt) and then also using it for another – direct marketing.
Earlier this month the ODPC issued guidance to retailers on the issue following some investigations by the ODPC.
Direct marketing is regulated in Ireland by the E-Privacy Regulations. In summary, consumers need to know from the outset that you intend using their email both to send them an e-receipt and for direct marketing purposes. There is no room for surprises in this area of the law as the fines and penalties can be significant and damaging for a brand if a prosecution is taken for breaching the regulations – and that does happen.
With some planning, retailers can ensure they are in compliance and build their marketing database knowing it has ‘data integrity’ i.e. is fully compliant with data protection laws making it a business asset in real financial terms.
We set out below the four steps which the Data Protection Commissioner recommended in its recent guidance on e-receipts to ensure retailers are in data protection compliance in this area.
Where contact details have been obtained in the context of the sale of a product or service, these details may only be used for direct marketing by electronic mail if the following conditions are met: