Which? highlights retailers breaching data protection and privacy laws with their e-receipts

Research from consumer rights guardian Which? has highlighted the data protection dangers of e-receipts and that some retailers are in breach of data protection and privacy rules when it comes to using them to direct market.

Which? sent mystery shoppers to various high street brands and asked to receive e-receipts but with no marketing. However, whilst some just sent the electronic receipts as receipts a number also included with the receipts, marketing information.

The rules on electronic marketing are clear when it comes to opting out of marketing. If you don’t want email marketing messages, in any format, then you have a right to say no and under no circumstances can marketing materials still be sent, this includes for your customers and includes all marketing messages. So, for those sending e-receipts which include banners or other marketing messages, they are in breach of the Data Protection Act 2018 and the Privacy & Electronic Communications Regulations 2003.

As Which? highlights:

An ICO spokesperson said: ‘Retailers must understand it’s not enough to assume that because a customer has given their email address to receive an e-receipt that they are happy for it to be used for other purposes.

‘Being transparent about the collection and use of data and giving customers informed choices over how their data will be used is key to ensuring compliance with the law and building trust. ‘

Anyone who has received an e-receipt email that includes direct marketing when they have specifically objected can complain to the organisation that sent it in the first instance, and if they remain unsatisfied they can complain to the ICO.’

You can read more about the research on Which? here. It’s a larger piece about the use of e-receipts but makes interesting reading in terms of their findings about how e-receipts are increasingly being used.

What does this mean for your business?

If you use e-receipts or agree to send any messaging to someone who has said they don’t want marketing, then you are on dodgy ground if you send them marketing messages. Key things you need to do:

  1. Make sure your staff understand what it means when someone says they don’t want any marketing – opting out of marketing can be by any means: face to face, over the phone, via email, by letter
  2. If you send automated content out, like e-receipts, updated terms and conditions you will need different processes for those who have opted-in and those who are opted-out of your marketing

Unsure what this means to your business? No worries – that’s what the Digital Compliance Hub is all about. Helping businesses get to grips with what they need to do to comply with the GDPR, privacy, marketing and other regulations too. With information and guidance in plain English and a helpline for when you need to ask some questions, specific to your business. Sign up today for a free trial.