E-receipts and data privacy

At sign and hand

What do you do when a shop assistant asks for your email address when you’ve just made a purchase?

The reason they give is that they want to send you a receipt by email (an e-receipt), but I bet they won’t mention e-receipts and data privacy.

They will say that email is better than a paper receipt. You have a permanent record, you won’t lose it, destroy it in the wash, or let the dog eat it.

An open wallet showing UK currency
AS you hand over your money, are you even thinking about e-receipts and data privacy?

Indeed, there are perfectly legitimate advantages to both sides. Those accruing to the vendor include not having to handle a paper receipt (that might contain a toxic chemical called Bisphenol A) and saving money (and planets) on till rolls.

On the other hand, there are some serious implications regarding e-receipts and data privacy – and not just  reciting (and even spelling out) your email address in front of the queue of shoppers standing behind you.

The legal bit

According to the provisions of the GDPR (General Data Protection Regulations), the retailer must tell you in advance how they will use your data and must give you the opportunity to decline any marketing advances that use the email address you’ve just given them.

Fair enough, as long as they actually do that and you can give informed consent (bearing in mind that the queue behind you is not just breathing down your neck now, but is also breathing fire). And it’s just not realistic to expect the shop assistant to explain to you in this situation just who they are intending to share your information with (which they are obliged to do). And is the shop assistant serving you  even aware of the implications of e-receipts and data privacy? Hmm.

So, it’s very easy to get into a situation where providing an e-receipt is actually more time-consuming and difficult than providing a paper one and the retailer might not gain your informed consent before bombarding you with marketing messages.

E-receipts and data privacy

What I am more worried about, though, is whether the retailer keeps to him/herself your email information and purchasing history.

According to Thisismoney:

The Information Commissioner’s Office (ICO) is concerned shops that issue e-receipts could be using customers’ email addresses for other purposes and flouting data protection laws. The watchdog is also worried that shoppers’ details might be sold to third parties without their knowledge.

Hand holding a paper receipt
The decline of paper receipts could become another threat to our privacy

Do you think that your shopping receipt and email address are not worth anything? Not so. There are organisations that will actually pay you for your scanned receipts. (see wellkeptwallet, for instance). Why? Data. Data is very valuable. The concern is that some processes that send you an e-receipt might also sell that data to third parties.

This might not even be illegal if you’ve been told about their privacy policy and that they do sell it – and if you’ve had the chance to read the privacy policy and agreed to it, and if you’ve understood the implications, and if the person behind you in the queue hasn’t had apoplexy by now. That’s an awful lot of “ifs”.

Some people just don’t care about privacy of their data. Their typical response when probed about this attitude is a shrug of the shoulders and “I’ve got nothing to hide”. Well, if you belong in that camp then good luck to you (and your data and your privacy). I don’t.

My solution to the e-receipts and data privacy issue

So, when asked for my email address I politely request a paper receipt. In most cases, I get one even though the vendor has no legal obligation to provide a receipt in a face to face transaction. This strikes me as rather bizarre, but I’ve found this stated on a number of websites. I sent an email to my local trading standards office asking them to confirm it, but they haven’t favoured me with a reply.

And, if the retailer won’t give me a “proper” receipt? I give them an email address of a Gmail account that I don’t use for any other purpose. It does not include my name, and is unlikely ever to be traceable back to me (other than by the omnipotent Mr Google, of course).

You can even set up a Gmail account to automatically forward any emails it receives to your “normal” email account.

I got fed up with repeating the address several times to shop assistants, so now it’s in big letters on my phone where I can find it easily and thrust it in front of the startled salesperson.

Are we losing the fight for our privacy? Quite possibly, but I’m not giving up easily.

Further reading:





Image by Dean Moriarty from Pixabay

Image by rawpixel.com on Freepik

Donations Jar
Just click on the jar…