Your browser is no longer supported. For the best experience of this website, please upgrade to a newer version or another browser.

Your browser appears to have cookies disabled. For the best experience of this website, please enable cookies in your browser

We'll assume we have your consent to use cookies, for example so you won't need to log in each time you visit our site.
Learn more

Do's and don'ts of online privacy

The use of the internet has entirely changed the way in which retailers can collect, store, analyse and use consumers’ information, giving rise to major privacy concerns.

Retailers are required to be transparent about what they are doing with personal information, obtain the correct consents and outline what a consumer’s privacy rights are when using the retailer’s website.

In the following article Alison Deighton, a partner and data protection specialist at national law firm TLT, explains how and why retailers need to comply with legal requirements online.

Key requirements

  • Consumers must be informed of ways that their data will be used and third parties to whom it is disclosed through online privacy notices.
  • Appropriate marketing consents must be captured.
  • Consumers must be provided with clear, comprehensive advice about cookies used on the site and the purposes for which they are used.
  • Retailers will also need to obtain consent to use of cookies, which can be implied through continued use of the website provided that information about cookies is clearly signposted as soon as consumers enter the site.

Best practice

A long technical privacy policy tucked away at the bottom of the home page is not sufficient to demonstrate that individuals have been appropriately informed of how their data will be used. Best practice is to provide relevant information at each point where the consumer’s information is collected through a system of layered notices. This means initially providing the consumer with a notice that gives them a quick overview of how their information will be used and signposting them to further information.

To obtain valid consent for marketing activities the consumer should be provided with easy to use consent mechanisms. If the consent mechanism is not easily understood it is likely to be invalid.

Consent requirements will differ depending on the communication channel being used. So, retailers can:

  • Email or text a consumer who has previously made a purchase provided that they have informed the consumer that their data will be used for marketing purposes at the point of data capture and provided an opt-out option at that point and on subsequent communications.
  • Email or text a consumer who has not previously made a purchase if you have prior consent to send marketing by these means – in this case the individual needs to have provided a positive indication of consent, for example by ticking a box.
  • Telephone a consumer as long as they have not opted out of receiving marketing communications and the Telephone Preference Service has been checked 28 days (or less) prior to the call.
  • Send mail by post as long as the consumer has not opted out of receiving marketing communications.

In relation to cookies, retailers will need to provide a clear and comprehensive statement about cookies setting out a description of the cookies on the website and the purposes for which they are used. To do this retailers will need to have carried out a cookie audit to identify which cookies are used and for what purpose.

To conclude

A retailer must comply with the data protection act or potentially face:

  • Enforcement action being taken against them to force compliance with legal requirements.
  • Fines of up to £500,000.
  • Consumers seeking compensation from them through the courts for any damage caused.

For more information please contact Alison Deighton, on 0117 917 8016 Visit

Have your say

You must sign in to make a comment

Please remember that the submission of any material is governed by our Terms and Conditions and by submitting material you confirm your agreement to these Terms and Conditions. Links may be included in your comments but HTML is not permitted.