How The GDPR Is Still Ruining Christmas

from the privacy-what? dept

Late last year, I wrote about how the GDPR almost ruined Christmas in one German town, where it was determined that the annual tradition of kids putting their wishes on a tree in the center of town (to be fulfilled by local town officials) would violate the GDPR. Some people did figure out a “workaround” involving some pointless bureaucracy in getting parents to first sign “consent” forms to allow the town to do the same thing they’ve always done for years without a problem.

However, now we have another story of the GDPR ruining another Christmas tradition in a different way. This tradition? Taking back the awful presents people give you that you don’t actually want. At least some retailers are telling people that doing so under the GDPR requires them to inform the original purchaser that you really didn’t like their gift:

While the pilgrimage to take back garish jumpers and superfluous socks is a new year’s tradition as familiar as taking down the Christmas tree, data rules now oblige internet retailers to tell a buyer when an item they have bought is returned – regardless of whether it was a gift.

In some cases, companies are warning customers that they should inform the gift-giver themselves that they are making the return – before the company has to let them know.

In one instant, a father returning a child’s coat to Boden was told that the original buyer would be informed ‘due to data protection regulations’.

I’m sure some can try to spin this as a way of forcing people to be a bit more honest about not liking the awful sweater their dear old aunt bought them for the holidays, but, really… how exactly is this protecting anyone’s “data”? If anything, it seems to be violating more people’s privacy in revealing what they do with the crap presents they never wanted in the first place.

The article notes that not all retailers are doing this, but it does appear many believe it’s necessary:

Eleven of the 30 retailers approached by The Mail on Sunday said they would have to inform buyers if gifts they had bought were returned.

The article does quote some “data protection” officials saying that retailers don’t need to do this, but at the very least it highlights the same thing we keep pointing out about the GDPR and other attempts to regulate the internet. When these grand sweeping regulations are written in ways that are so vague and broad — with such massive punishment for getting things wrong — no one should be surprised when the end result is utterly ridiculous.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “How The GDPR Is Still Ruining Christmas”

Subscribe: RSS Leave a comment
M Peachment (hang on, there's a call for me) says:

Ploy by retailers to avoid returns.

You don’t appear to have made any effort to more than vaguely wonder on the key point, just rushed to use it as excuse for attack on GDPR.

If is retailers doing it to avoid returns, which is my bet because what could possibly be the rationale, then you have the culprits completely wrong.

With "journalists" like you spreading FUD on just bias, it’s no wonder that there’s confusion.

If turns out your bias is wrong, you won’t report that.

Anonymous Coward says:

Re: Re: Ploy by retailers to avoid returns.

I could see Article 13 section 3 being interpreted that way. Returns could easily be assumed to be a different purpose than purchases, especially if the retailer is set up such that sales and returns are in different departments such that data has to be transferred from the sales department to the returns department in order to complete the transaction.

Gary (profile) says:

Re: Ploy by Trolls

So your pure speculation is somehow better than TD’s opinion? Because “They want to reject returns” is just baseless and unsupported.

I’t the TD Blog – where Mike and others give their opinion. We can go to your website to see your super-better opinion, right? What is that link again?

Personanongrata says:

There Shall be No Joy in Sombertown*

How The GDPR Is Still Ruining Christmas

The GDPR and it’s anti-Christmas minions are mere pikers in comparison to the Burgermeister Meisterburger.

"Toys are hereby declared: illegal, immoral, unlawful, and anyone found with a toy in his possession will be placed under arrest and thrown in the dungeon. No kidding!" ~ Burgermeister Meisterburger, mayor of Sombertown

*Borrowed from Santa Claus is Comin’ to Town

DocGerbil100 says:


Is this truly a widespread thing? This TD article quotes from an article in the Telegraph, which in turn seems to be quoting from an article (which I can’t actually find) in the Mail on Sunday.

The MoS is quoted by the Telegraph as saying 11 of 30 retailers approached have such policies, but is there much support for this?

The only retailer actually identified in the Telegraph as having this GDPR policy is Bodens, a company with apparently just three high-street shops nationwide and some concession stands in two-dozen branches of John Lewis. They’re not really what I’d call a household name – and before this article appeared, I’d never even heard of them.

Perhaps if someone can find the original MoS article, there might be something a bit more compelling than the very thin and questionable evidence currently on show.

PaulT (profile) says:

Re: Really...?

“Bodens, a company with apparently just three high-street shops nationwide and some concession stands in two-dozen branches of John Lewis”

Why is their physical footprint relevant to an article specifically talking about online retail?

“Boden is a British clothing retailer selling primarily online and by mail order and catalogue”

“They’re not really what I’d call a household name”

Why is the size and fame of the retailer relevant to them being confused by the legislation? I’d actually say that it’s more important to see what’s happening with less prominent retailers, since there’s more of them and they may not have the legal resources available to clear their actual responsibilities, hence the overreaction.

Thad (profile) says:

Re: Re:

Just because some online merchant is stupid the GDPR is wrong?

No, not just because of that.

You’ll find that, if you look on the lefthand side at the top of the page, there is a list of tags. Try clicking on the one that says "gdpr". You will find that this is not the first article Techdirt has published on the subject.

Sorry, but this article is so lol.

FYI, if you’re under the age of 13, you’re not supposed to be participating in online forums.

TripMN (profile) says:

Most of you have no idea on corporate compliance

Its very interesting to see a bunch of people who are not in corporate compliance argue how this is a non-issue and doesn’t have to do with GDPR. As someone who is in compliance and is an acting CISO for an American company, let me state a few things.

1. GPDR is a very vague law that waves its hands around “complying” in a lot of vague and general ways that affects a bunch of highly technical industries where vague solutions are not an option. This makes complying in a way that makes the corporation bullet proof very hard. If someone complains and a government lawyer takes up the complaint, the company has to spend lots of time and money to prove they complied with every single little aspect of the law.

2. The penalties for unsuccessfully guarding against a single complaint is €10M-20M or 4% of Gross Worldwide Product (whichever is bigger). For a huge percentage of the businesses in this world, that penalty would destroy the business. Even fighting it might destroy the business.

3. GDPR Article 13 section 3 states:
Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.

I can very well understand this company’s rules about return. They took the customer’s information for the purpose of making a sale. A return is not a sale, and to look up the transaction, process it as returned, and then update that customer’s information, it is quite easy to argue the return as a secondary purpose and therefore the business is required by law to notify the customer. I understand it sounds insane to many, but it’s a sensible interpretation of the law that if they don’t comply with may destroy their business.

And just because someone is quoted as saying “there are other ways to comply with this law” doesn’t mean any of those options are better. Lots of big businesses in the USA are still complying with the GDPR by blocking all EU traffic to their websites.

PaulT (profile) says:

Re: Most of you have no idea on corporate compliance

“Lots of big businesses in the USA are still complying with the GDPR by blocking all EU traffic to their websites.”

That’s something that deserves reiterating. The law is so confusing that businesses thousands of miles away are blocking an entire continent of 500 million potential customers until they understand what they need to do to comply.

If that doesn’t explain how people who operate directly within the jurisdiction might also overreact, I’m not sure how to make it clearer.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...