How The GDPR Is Still Ruining Christmas
from the privacy-what? dept
Late last year, I wrote about how the GDPR almost ruined Christmas in one German town, where it was determined that the annual tradition of kids putting their wishes on a tree in the center of town (to be fulfilled by local town officials) would violate the GDPR. Some people did figure out a "workaround" involving some pointless bureaucracy in getting parents to first sign "consent" forms to allow the town to do the same thing they've always done for years without a problem.
However, now we have another story of the GDPR ruining another Christmas tradition in a different way. This tradition? Taking back the awful presents people give you that you don't actually want. At least some retailers are telling people that doing so under the GDPR requires them to inform the original purchaser that you really didn't like their gift:
While the pilgrimage to take back garish jumpers and superfluous socks is a new year's tradition as familiar as taking down the Christmas tree, data rules now oblige internet retailers to tell a buyer when an item they have bought is returned - regardless of whether it was a gift.
In some cases, companies are warning customers that they should inform the gift-giver themselves that they are making the return - before the company has to let them know.
In one instant, a father returning a child's coat to Boden was told that the original buyer would be informed 'due to data protection regulations'.
I'm sure some can try to spin this as a way of forcing people to be a bit more honest about not liking the awful sweater their dear old aunt bought them for the holidays, but, really... how exactly is this protecting anyone's "data"? If anything, it seems to be violating more people's privacy in revealing what they do with the crap presents they never wanted in the first place.
The article notes that not all retailers are doing this, but it does appear many believe it's necessary:
Eleven of the 30 retailers approached by The Mail on Sunday said they would have to inform buyers if gifts they had bought were returned.
The article does quote some "data protection" officials saying that retailers don't need to do this, but at the very least it highlights the same thing we keep pointing out about the GDPR and other attempts to regulate the internet. When these grand sweeping regulations are written in ways that are so vague and broad -- with such massive punishment for getting things wrong -- no one should be surprised when the end result is utterly ridiculous.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Ploy by retailers to avoid returns.
You don't appear to have made any effort to more than vaguely wonder on the key point, just rushed to use it as excuse for attack on GDPR.
If is retailers doing it to avoid returns, which is my bet because what could possibly be the rationale, then you have the culprits completely wrong.
With "journalists" like you spreading FUD on just bias, it's no wonder that there's confusion.
If turns out your bias is wrong, you won't report that.
[ link to this | view in chronology ]
Re: Still lying l
[ link to this | view in chronology ]
Re: Ploy by retailers to avoid returns.
[ link to this | view in chronology ]
Re: Re: Ploy by retailers to avoid returns.
[ link to this | view in chronology ]
Re: Re: Re: Ploy by retailers to avoid returns.
[ link to this | view in chronology ]
Re: Re: Re: Re: Ploy by retailers to avoid returns.
[ link to this | view in chronology ]
Re: Ploy by Trolls
I't the TD Blog - where Mike and others give their opinion. We can go to your website to see your super-better opinion, right? What is that link again? www.tinfoiliscommonlaw.com
[ link to this | view in chronology ]
Re: Re: Ploy by Trolls
Meh. He has a point. Why wouldn't they want an excuse to reject returns?
Rule of Acquisition #1: Once you have their money, never give it back.
[ link to this | view in chronology ]
Re: Re: Re: Ploy by Trolls
;)
[ link to this | view in chronology ]
You have done nothing to clear up that so-called “confusion”, so how about you shut the hell up when the grown folks are talking.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
There Shall be No Joy in Sombertown*
How The GDPR Is Still Ruining Christmas
The GDPR and it's anti-Christmas minions are mere pikers in comparison to the Burgermeister Meisterburger.
"Toys are hereby declared: illegal, immoral, unlawful, and anyone found with a toy in his possession will be placed under arrest and thrown in the dungeon. No kidding!" ~ Burgermeister Meisterburger, mayor of Sombertown
https://christmas-specials.fandom.com/wiki/Burgermeister_Meisterburger
https://www.youtub e.com/watch?v=TX87QQLVD5k
*Borrowed from Santa Claus is Comin' to Town
[ link to this | view in chronology ]
Really...?
The MoS is quoted by the Telegraph as saying 11 of 30 retailers approached have such policies, but is there much support for this?
The only retailer actually identified in the Telegraph as having this GDPR policy is Bodens, a company with apparently just three high-street shops nationwide and some concession stands in two-dozen branches of John Lewis. They're not really what I'd call a household name - and before this article appeared, I'd never even heard of them.
Perhaps if someone can find the original MoS article, there might be something a bit more compelling than the very thin and questionable evidence currently on show.
[ link to this | view in chronology ]
Re: Really...?
[ link to this | view in chronology ]
Re: Really...?
Why is their physical footprint relevant to an article specifically talking about online retail?
https://en.wikipedia.org/wiki/Boden_(clothing)
"Boden is a British clothing retailer selling primarily online and by mail order and catalogue"
"They're not really what I'd call a household name"
Why is the size and fame of the retailer relevant to them being confused by the legislation? I'd actually say that it's more important to see what's happening with less prominent retailers, since there's more of them and they may not have the legal resources available to clear their actual responsibilities, hence the overreaction.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
To quote GLaDOS, "Nice job breaking it, hero."
[ link to this | view in chronology ]
Re:
No, not just because of that.
You'll find that, if you look on the lefthand side at the top of the page, there is a list of tags. Try clicking on the one that says "gdpr". You will find that this is not the first article Techdirt has published on the subject.
FYI, if you're under the age of 13, you're not supposed to be participating in online forums.
[ link to this | view in chronology ]
So, yeah, GDPR is used now to excuse any lunacy the companies (and towns, too) can come up with.
[ link to this | view in chronology ]
Another instance of companies abusing the GDPR name
[ link to this | view in chronology ]
https://www.trouw.nl/home/google-moet-berispte-arts-verwijderen-uit-zoekmachine~a1fb7f03/ (in Dutch)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Most of you have no idea on corporate compliance
1. GPDR is a very vague law that waves its hands around "complying" in a lot of vague and general ways that affects a bunch of highly technical industries where vague solutions are not an option. This makes complying in a way that makes the corporation bullet proof very hard. If someone complains and a government lawyer takes up the complaint, the company has to spend lots of time and money to prove they complied with every single little aspect of the law.
2. The penalties for unsuccessfully guarding against a single complaint is €10M-20M or 4% of Gross Worldwide Product (whichever is bigger). For a huge percentage of the businesses in this world, that penalty would destroy the business. Even fighting it might destroy the business.
3. GDPR Article 13 section 3 states:
Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.
I can very well understand this company's rules about return. They took the customer's information for the purpose of making a sale. A return is not a sale, and to look up the transaction, process it as returned, and then update that customer's information, it is quite easy to argue the return as a secondary purpose and therefore the business is required by law to notify the customer. I understand it sounds insane to many, but it's a sensible interpretation of the law that if they don't comply with may destroy their business.
And just because someone is quoted as saying "there are other ways to comply with this law" doesn't mean any of those options are better. Lots of big businesses in the USA are still complying with the GDPR by blocking all EU traffic to their websites.
[ link to this | view in chronology ]
Re: Most of you have no idea on corporate compliance
That's something that deserves reiterating. The law is so confusing that businesses thousands of miles away are blocking an entire continent of 500 million potential customers until they understand what they need to do to comply.
If that doesn't explain how people who operate directly within the jurisdiction might also overreact, I'm not sure how to make it clearer.
[ link to this | view in chronology ]