The use of the internet has entirely changed the way in which retailers can collect, store, analyse and use consumers’ information, giving rise to major privacy concerns.
Retailers are required to be transparent about what they are doing with personal information, obtain the correct consents and outline what a consumer’s privacy rights are when using the retailer’s website.
In the following article Alison Deighton, a partner and data protection specialist at national law firm TLT, explains how and why retailers need to comply with legal requirements online.
- Consumers must be informed of ways that their data will be used and third parties to whom it is disclosed through online privacy notices.
- Appropriate marketing consents must be captured.
- Consumers must be provided with clear, comprehensive advice about cookies used on the site and the purposes for which they are used.
To obtain valid consent for marketing activities the consumer should be provided with easy to use consent mechanisms. If the consent mechanism is not easily understood it is likely to be invalid.
Consent requirements will differ depending on the communication channel being used. So, retailers can:
- Email or text a consumer who has previously made a purchase provided that they have informed the consumer that their data will be used for marketing purposes at the point of data capture and provided an opt-out option at that point and on subsequent communications.
- Email or text a consumer who has not previously made a purchase if you have prior consent to send marketing by these means – in this case the individual needs to have provided a positive indication of consent, for example by ticking a box.
- Telephone a consumer as long as they have not opted out of receiving marketing communications and the Telephone Preference Service has been checked 28 days (or less) prior to the call.
- Send mail by post as long as the consumer has not opted out of receiving marketing communications.
In relation to cookies, retailers will need to provide a clear and comprehensive statement about cookies setting out a description of the cookies on the website and the purposes for which they are used. To do this retailers will need to have carried out a cookie audit to identify which cookies are used and for what purpose.
A retailer must comply with the data protection act or potentially face:
- Enforcement action being taken against them to force compliance with legal requirements.
- Fines of up to £500,000.
- Consumers seeking compensation from them through the courts for any damage caused.
For more information please contact Alison Deighton, on 0117 917 8016 alison.deighton@TLTsolicitors.com. Visit www.TLTsolicitors.com