Data Ownership and Consent
It was hot and humid outside. I decided to stop by a coffee shop for some refreshments, but also to get myself out of the sweltering heat. I paid for my order and went on my merry way… or so I thought. Later that evening, while checking my email, I was surprised to find an electronic receipt from the coffee shop that I had visited earlier in the day. What perplexed me even more was that I had not provided my email address to the coffee shop, so then how did they have my email address to send me that receipt?
I decided to look into this some more, and discovered that a growing number of businesses now use third-party payment providers to manage their transactions, especially for credit cards. This means that completely different businesses might be using the same provider even though they are not related. And that is exactly what happened to me.
Putting the pieces of the puzzle together: A few months ago, during a client visit, I was purchasing lunch and the waitress asked me: "Would you like a receipt printed or by email?" Of course, I chose the email receipt. Little did I realize that this would translate to mean that every receipt from any merchant that uses the same payment provider would be delivered to my email. And this is how the café could send me an email receipt without me ever giving them my email address. Mystery solved.
This experience led me to think about some interesting implications from this situation related to data ownership and consent. While I did sign up for an email receipt at the first business, I did not explicitly authorize it at the second business.
The European Union's General Data Protection Regulation (GDPR) seeks to answer some of these questions. Some of the key points of the regulation pertain to data ownership and consent. (See blog post on Customer Permissions). According to the GDPR, my email address would be considered my “personal data” and therefore any business using my email address would need my permission to use and to share it.
Advantage provides the ability to maintain customer contact preferences for a variety of uses. For example, the “promote by” fields in Advantage offer the ability to track if a customer wishes to receive communications in general, and by channel (phone, email, and SMS). In addition, it is also possible to retain customer consent to receive communication from business partners (or not).
What will be the effect of GDPR on the sharing of personal data such as what happened to me? Consent is certainly going to be harder to obtain. You can’t default opt-in, and the language has to be more direct. Marketers are not going to want to further depress those consents by asking permission to share with others. So perhaps there will be less sharing of data? That would be fine with me. I get enough email, thank you.
But until then, the next time you're using your credit card to get your caffeine fix or to eat lunch in a café, think carefully about what information you might be giving up when you agree to an email receipt. And in the meantime, rest assured that AdvantageCS is paying close attention to GDPR and that we have available tools, features, and processes for handling and processing of personal data.
(Review the Home Page of EU GDPR to learn more.)