Retailers! What do Black Friday and e-receipts have in common? Data protection compliance

Friday, November 24, 2017

Increasingly retailers are offering to send us our receipts by email. It’s a convenient way to keep your purse empty of litter. However the Office of the Data Protection Commissioner (ODPC) is concerned that some retailers are obtaining customers’ email addresses for one purpose (to send them an e-receipt) and then also using it for another – direct marketing.

Earlier this month the ODPC issued guidance to retailers on the issue following some investigations by the ODPC.

Direct marketing is regulated in Ireland by the E-Privacy Regulations. In summary, consumers need to know from the outset that you intend using their email both to send them an e-receipt and for direct marketing purposes. There is no room for surprises in this area of the law as the fines and penalties can be significant and damaging for a brand if a prosecution is taken for breaching the regulations – and that does happen.

With some planning, retailers can ensure they are in compliance and build their marketing database knowing it has ‘data integrity’ i.e. is fully compliant with data protection laws making it a business asset in real financial terms.

We set out below the four steps which the Data Protection Commissioner recommended in its recent guidance on e-receipts to ensure retailers are in data protection compliance in this area.

Where contact details have been obtained in the context of the sale of a product or service, these details may only be used for direct marketing by electronic mail if the following conditions are met:

The product or service you are marketing is of a kind similar to that which you sold to the customer at the time you obtained their contact details.
At the time you collected the details, you gave the customer the opportunity to object, in an easy manner and without charge, to their use for marketing purposes.
Each time you send a marketing message, you give the customer the right to object to receipt of further messages.
The sale of the product or service occurred not more than twelve months prior to the sending of the electronic marketing communication or, where applicable, the contact details were used for the sending of an electronic marketing communication in that twelve-month period.

For more information on this topic please contact Ann Henry or Hugo Grattirola.

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Cookie	Type	Duration	Description
Necessary
cookielawinfo-checkbox-non-necessary	session	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
viewed_cookie_policy	session	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
cookielawinfo-checkbox-necessary	session	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
Analytics
_gat_gtag_UA_180138433_1	third-party	1 minute	Google uses this cookie to distinguish users.
GPS	session	30 minutes	This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location
_gid	session	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
_ga	persistent	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
Preferences
_gat_UA-25168621-1	session	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
Advertisement
VISITOR_INFO1_LIVE	third-party	5 months	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
IDE	persistent	2 years	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
Performance
YSC	third-party		This cookies is set by Youtube and is used to track the views of embedded videos.

Contact The Team

Subscribe

Retailers! What do Black Friday and e-receipts have in common? Data protection compliance