These retailers along with many others have been using e-receipts for a good while now. Some customers are happy about the practice – the benefits include easier organisation, plus the fact that it’s more environmentally friendly.

Others are less enthusiastic. Those with hard-to-spell names or weird email addresses might be more concerned about in-the-moment awkwardness rather than future convenience.

However, a much bigger reason for dissatisfaction towards e-receipts is uncertainty over how retailers hold and use this kind of data, with consumers also feeling greater pressure to give away data when asked face-to-face.

Recently, of course, the situation surrounding email data has changed, with GDPR tightening the law around consent.

So, how do the new regulations impact e-receipts, and what does it mean for both customers and retailers? Let’s delve into it.

Before GDPR

Previously, one of the main reasons retailers used e-receipts was to help create a single view of the customer. By using an email address as an identifier, retailers could then track customer purchases across all channels – mobile, web, and in-store.

Secondly, and more pertinently, retailers could also use e-receipts as a means to send more than just proof of purchase. Before May 25th, it was common practice for retailers to include marketing messages in receipts, using them to also highlight product promotions, offers, and other brand material.

Mothercare is one retailer that commonly did this. In 2016, the Guardian explained how an e-receipt for the brand also included a request to complete an online survey, promotion for a Dutch buggy brand, and an invitation to download the Mothercare app.

Here is another example from Topshop, which includes links to its social media channels as well as a competition to win £250 or an iPad.

topshop e-receipt

While this type of marketing is arguably innocuous, the arguments against it are amplified if retailers are to take consent for an e-receipt and use it as an opt-in for any old marketing emails – long after the initial purchase has been made.

The ICO was quite clear in a blog post from 2016:

“Retailers must understand it’s not enough to assume that because a customer has given their email address to receive an e-receipt that they are happy for it to be used for other purposes. Being transparent about the collection and use of data and giving customers informed choices over how their data will be used is key to ensuring compliance with the law and building trust.”

After GDPR

So, are retailers still using e-receipts post-GDPR? The answer is yes and the rules are largely the same, except GDPR has tightened up consent.

It’s even more important for consent to marketing to be separate from other services. So for example, if a customer enters a competition or downloads a whitepaper, or in this case, ask for an e-receipt – marketing should not just be thrown in for good measure. The GDPR states that personal data should be “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.”

Consent must be unambiguous and the retailer must keep records of consent under the GDPR’s accountability principle.

There are obvious implications for training and customer service. Given the face-to-face aspect of this, some customers may find it difficult to say no to e-receipts.

Interestingly, some retailers like Timberland are incentivising consent to email marketing by giving away free gifts (in this case socks for a pair of new shoes).

In this instance, Timberland used a privacy notice and form at the checkout to make sure it complies with privacy regulation. See ICO Guidance  for detail on incentivising consent, which doesn’t always amount to a penalty for those that don’t consent, but may be seen as a grey area for some, especially when talking about free gifts as opposed to loyalty schemes.

Where’s the proof?

While opting-in to marketing emails is clear in an online capacity (requiring consumers to actively tick a box), the fact that e-receipts are issued in person makes the whole situation far more complicated.

If brands want to attempt to obtain consent for further use of email data (for marketing), it is up to retail employees to carefully and clearly obtain this.

This poses two problems. First, it is unlikely to be easy to do, especially considering customers don’t expect (or probably want) a confusing explanation about email data when they’re buying something. Second, it’s also going to be difficult to prove how and even if a customer did indeed offer their consent, without introducing notices and forms like Timberland.

As a result of the new regulation, we could see a marked change in the way e-receipts are used and indeed perceived by customers. With the danger of fines for retailers who are found to infringe the privacy rights of an individual, many might forget about obtaining additional consent at the point of purchase (and only use e-receipts for their original purpose) – or even perhaps just revert back to paper receipts entirely.

This is not necessarily great news for retailers, of course, with many now required to find new ways to track and target multi-channel customers as a result.

Note that this article represents the views of the author solely, and is not intended to constitute legal advice. 

Get up to date:

GDPR: A year on