E-commerce sites: How should the GDPR be applied?

13 November 2019
image single post header

The duties of e-tailers, the rights of e-consumers


Originating in the United States and imported into France since 2014, Black Friday and Cyber Monday have grown considerably in the space of 3 years, to such an extent that the famous Friday of sensational sales was considered by the French version of the e-commerce site Amazon as “the most intense day in [its] history” last year. This famous 24 November 2017 was indeed marked by a record number of bank transactions: 42.8 million, 13% more than the previous year. Of the 79% of consumers who wanted to take advantage of these two days of offers, 89% planned to use the internet (e-commerce sites) and spend an average of 187 euros there.

This is a consistent development in a country where e-commerce generated €81.7 billion in 2018. But even though there are now 37.5 million of them buying online, the French are still sceptical and distrustful about the use that online sellers make of their personal data. According to a study by Obsconso, while 67% of them do not trust brands to comply with the RGPD, 81% find the collection of their personal data by e-tailers worrying. However, companies must respect numerous obligations concerning users’ personal data. An apprehension that leads 59% to provide false data and 76% to give up content or services that are too demanding in terms of information requested.

Fears and reticence are justified, however, in the face of retailers who are fond of personal data: 50% of French companies practised predictive marketing in 2017. This strategy aims to gather information on the profile of customers, their needs and desires in order to anticipate their future behaviour in order to provide them with personalised offers, optimise their user experience, but also prepare restocking according to demand. To achieve this, companies use Big Data technologies, applied to data from loyalty programmes, web browsing and smartphones. Data deemed relevant is then extracted and analysed using algorithms.

A recent example illustrating this attraction of retailers to data collection is the drive-to-store platforms Teemo and Fidzup. While Teemo offers in-app tools to collect various information about users for commercial targeting, Fidzup specialises in the installation of boxes designed to pick up wifi signals from smartphones. Installed in retail outlets, they measure traffic while collecting some behavioural data. However, due to the entry into force of the RGPD, these two companies have been served with formal notice by the CNIL for failing to comply with the obligations to collect the “General Regulation on the Protection of Personal Data” and to define a data retention period. This year is therefore special: it is the first in which, like these two companies, e-commerce sites are obliged to comply with the requirements of the GDPR. This will obviously have consequences for the user experience of e-consumers.


Concrete changes for e-commerce sites

General terms and conditions of sale and legal notices have been mandatory on e-commerce sites for some time. Since the GDPR, it is appropriate for e-shops to create or update their terms and conditions regarding the privacy policy of the data collected.


Updated information about personal data


Certain information about the use of your personal data needs to be updated, the main ones being

  • the uses that will be made of it;
  • the duration of their conservation;
  • the commitment to sufficient security;
  • a reminder to Internet users of their rights (access, modification, deletion, etc.) as well as an explanation of the procedure for requesting the exercise of their rights;
  • where applicable, the use of Google Analytics for the purpose of tracking traffic;
  • if applicable, the notification of and reasons for the use of cookies as well as how to refuse their storage.

In addition, each user must check a box that is not pre-ticked indicating that he/she accepts the GTC before each purchase.

80% of consumers prefer the companies that they trust the most in terms of managing their personal data, a fact that highlights the link between compliance with the RGPD and professional reputation.

In order to reconcile these two elements, Fair&Smart offers companies solutions for managing the collection of the General Data Protection Regulation and for responding to requests to exercise their rights.

If you would like to learn more about Fair&Smart and our personal data management solutions, click on the button below:

Let’s contact us!


Follow us on social networks: