As the countdown to Christmas gets ever closer, retail activity receives a foreseeable general boost which, in turn, provides for an increase in purchase receipts. The amount of paper used to provide these receipts for the millions of transactions looks set to reduce as they are now increasingly substituted with an electronic equivalent, an e-receipt. The related growth of the issuance of these electronic receipts instead of a paper one has not been overlooked by the Data Protection Commission.
The Data Protection Commission (DPC) has carried out a series of audits to assess how organisations gather and process personal data in the course of providing e-receipts to their customers. In some cases, e-mail addresses gathered for the purpose of issuing e-receipts, were subsequently used by retailers to issue marketing material. This further use of the customer’s contact email has prompted the DPC to publish some helpful guidelines in terms of best practice for retailers/controllers.
In order to receive an e-receipt, a customer must provide a valid email address to the retailer. Customers should be advised at this point, that the reason their email address is being requested is to provide them with an e-receipt only. Where there is a desire by the retailer to follow-up with a marketing email to the customer, the customer must consent to this additional purpose at the outset.
The Data Protection Commission points out:
At a minimum, customers should be provided at the point of collection of their e-mail address, with the means to ‘opt-out’ from receiving marketing material. This can be achieved by having an ‘opt-out’ tick box prominently displayed beside the customer’s email address field. As a best practice solution, the DPC recommends that the electronic point of sale system should display two blank tick-boxes – the first being ticked if the customer wishes to receive an e-receipt; the second being ticked if the customer consents to receiving marketing via e-mail. Such an approach will record the affirmative wish of the customer.
Retailers should have a means record electronically whether a customer has agreed to receive marketing or not. In circumstances where the DPC is investigating an alleged breach of the rules on electronic marketing, the onus is on retailers to demonstrate that they have obtained a subscriber’s consent before sending a marketing message.
The main guideline points for retailers marketing having obtained consent include:
- The product or service being marketed is your own product or service
- The product or service you are marketing is of a kind similar to that which you sold to the customer at the time you obtained their contact details
- At the time you collected the details, you gave the customer the opportunity to object, in an easy manner and without charge, to their use for marketing purposes
- Each time you send a marketing message, you give the customer the right to object to receipt of further messages and
- The sale of the product or service occurred not more than twelve months prior to the sending of the electronic marketing communication or, where applicable, the contact details were used for the sending of an electronic marketing communication in that twelve-month period.
Important also to mention that where the retailer creates a database or file of e-receipt addresses a retention policy must be created to provide for their deletion.
Summary proceedings and Penalties:
Summary proceedings for an offence under S.I. 336 of 2011, may be brought and prosecuted by the DPC in the context of misuse of e-receipts. A person who commits an offence under this Regulation is liable on summary conviction to a fine up to €5,000 for each unsolicited marketing email.
A person who commits an offence under this Regulation is liable, if convicted on indictment, in the case of a natural person an individual) to a fine not exceeding €50,000. A person who commits an offence under this Regulation is liable, if convicted on indictment, in the case of a body corporate, to a fine not exceeding €250,000.
The take-away from this short article is that e-receipts are permissible where certain conditions are satisfied and maintained. If you have any questions or wish to discuss e-receipts in more detail please contact:
Carter Anhold Solicitors
Sligo Office, 1 Wine Street, Sligo Co Sligo F91 X58H or
Dublin Office, 212A, The Capel Building, Mary’s Abbey, Dublin 7
00353 71 916 2211