Data Protection

Retailers used customers' email addresses taken for issuing receipts to send marketing material

The Data Protection Commissioner has issued guidelines for shops using people’s email addresses for marketing purposes.

THE DATA PROTECTION Commissioner (DPC) has issued guidelines for retailers in relation to using customer’s email addresses for marketing purposes.

The DPC carried out a series of audits in order to assess how organisations gather and process personal data in the course of providing electronic receipts to customers.

Last month, reported that the Commissioner was looking into the issue after receiving complaints from consumers.

In a number of cases, the DPC found that e-mail addresses, gathered for the purpose of issuing e-receipts, were being used to subsequently issue marketing material.

The practice of issuing e-receipts to customers is becoming more common in Ireland, with several retailers giving customers the option of receiving one instead of (or in addition to) a paper receipt.


The DPC’s guidelines inform retailers that contact details “obtained in the context of the sale of a product or service” may only be used for direct marketing by email if the following conditions are met:

  • The product or service you are marketing is of a kind similar to that which you sold to the customer at the time you obtained their contact details
  • At the time you collected the details, you gave the customer the opportunity to object, in an easy manner and without charge, to their use for marketing purposes
  • Each time you send a marketing message, you give the customer the right to object to receipt of further messages
  • The sale of the product or service occurred not more than 12 months prior to the sending of the electronic marketing communication or, where applicable, the contact details were used for the sending of an electronic marketing communication in that 12-month period*

*If a customer fails to unsubscribe using the free option provided to them by the direct marketer, then s/he will be deemed to have remained opted-in to the receipt of such emails for a 12-month period 

Regulations about obtaining consent from a consumer regarding their information can be read here.

In circumstances where the DPC is investigating an alleged breach of the rules on electronic marketing, the onus is on retailers to demonstrate they had a subscriber’s consent to send a marketing message.

Offences may be brought and prosecuted by the DPC. Each unsolicited marketing email can attract a fine of up to €5,000 on summary conviction. If convicted on indictment, the fines range from €50,000 for an individual to €250,000 for a corporate body.

Read: Data Protection Commissioner investigating shops asking for customer email addresses after complaints

Read: ‘False sense of security’: Warning for parents who use smart devices to keep tabs on their children

Your Voice
Readers Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel