THE DATA PROTECTION Commissioner (DPC) has issued guidelines for retailers in relation to using customer’s email addresses for marketing purposes.

The DPC carried out a series of audits in order to assess how organisations gather and process personal data in the course of providing electronic receipts to customers.

Last month, TheJournal.ie reported that the Commissioner was looking into the issue after receiving complaints from consumers.

In a number of cases, the DPC found that e-mail addresses, gathered for the purpose of issuing e-receipts, were being used to subsequently issue marketing material.

The practice of issuing e-receipts to customers is becoming more common in Ireland, with several retailers giving customers the option of receiving one instead of (or in addition to) a paper receipt.

Fines 

The DPC’s guidelines inform retailers that contact details “obtained in the context of the sale of a product or service” may only be used for direct marketing by email if the following conditions are met:

• The product or service you are marketing is of a kind similar to that which you sold to the customer at the time you obtained their contact details
• At the time you collected the details, you gave the customer the opportunity to object, in an easy manner and without charge, to their use for marketing purposes
• Each time you send a marketing message, you give the customer the right to object to receipt of further messages
• The sale of the product or service occurred not more than 12 months prior to the sending of the electronic marketing communication or, where applicable, the contact details were used for the sending of an electronic marketing communication in that 12-month period*

*If a customer fails to unsubscribe using the free option provided to them by the direct marketer, then s/he will be deemed to have remained opted-in to the receipt of such emails for a 12-month period 

Regulations about obtaining consent from a consumer regarding their information can be read here.

In circumstances where the DPC is investigating an alleged breach of the rules on electronic marketing, the onus is on retailers to demonstrate they had a subscriber’s consent to send a marketing message.

Offences may be brought and prosecuted by the DPC. Each unsolicited marketing email can attract a fine of up to €5,000 on summary conviction. If convicted on indictment, the fines range from €50,000 for an individual to €250,000 for a corporate body.

Read: Data Protection Commissioner investigating shops asking for customer email addresses after complaints

Read: ‘False sense of security’: Warning for parents who use smart devices to keep tabs on their children

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

Support us Learn More