How The GDPR Is Still Ruining Christmas

from the privacy-what? dept

Late last year, I wrote about how the GDPR almost ruined Christmas in one German town, where it was determined that the annual tradition of kids putting their wishes on a tree in the center of town (to be fulfilled by local town officials) would violate the GDPR. Some people did figure out a "workaround" involving some pointless bureaucracy in getting parents to first sign "consent" forms to allow the town to do the same thing they've always done for years without a problem.

However, now we have another story of the GDPR ruining another Christmas tradition in a different way. This tradition? Taking back the awful presents people give you that you don't actually want. At least some retailers are telling people that doing so under the GDPR requires them to inform the original purchaser that you really didn't like their gift:

While the pilgrimage to take back garish jumpers and superfluous socks is a new year's tradition as familiar as taking down the Christmas tree, data rules now oblige internet retailers to tell a buyer when an item they have bought is returned - regardless of whether it was a gift.

In some cases, companies are warning customers that they should inform the gift-giver themselves that they are making the return - before the company has to let them know.

In one instant, a father returning a child's coat to Boden was told that the original buyer would be informed 'due to data protection regulations'.

I'm sure some can try to spin this as a way of forcing people to be a bit more honest about not liking the awful sweater their dear old aunt bought them for the holidays, but, really... how exactly is this protecting anyone's "data"? If anything, it seems to be violating more people's privacy in revealing what they do with the crap presents they never wanted in the first place.

The article notes that not all retailers are doing this, but it does appear many believe it's necessary:

Eleven of the 30 retailers approached by The Mail on Sunday said they would have to inform buyers if gifts they had bought were returned.

The article does quote some "data protection" officials saying that retailers don't need to do this, but at the very least it highlights the same thing we keep pointing out about the GDPR and other attempts to regulate the internet. When these grand sweeping regulations are written in ways that are so vague and broad -- with such massive punishment for getting things wrong -- no one should be surprised when the end result is utterly ridiculous.

Filed Under: christmas, gdpr, gifts, privacy, returns


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • This comment has been flagged by the community. Click here to show it
    identicon
    M Peachment (hang on, there's a call for me), 17 Jan 2019 @ 12:36pm

    Ploy by retailers to avoid returns.

    You don't appear to have made any effort to more than vaguely wonder on the key point, just rushed to use it as excuse for attack on GDPR.

    If is retailers doing it to avoid returns, which is my bet because what could possibly be the rationale, then you have the culprits completely wrong.

    With "journalists" like you spreading FUD on just bias, it's no wonder that there's confusion.

    If turns out your bias is wrong, you won't report that.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jan 2019 @ 12:51pm

      Re: Still lying l

      Looks who’s back to darken our doorstep.

      reply to this | link to this | view in chronology ]

    • icon
      Ben (profile), 17 Jan 2019 @ 12:56pm

      Re: Ploy by retailers to avoid returns.

      Yes, instead of just "GDPR bad" how about finding out what feature(s) of GDPR make these merchants believe they need to do this. There's nothing in the regs that I can think of that requires it.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 17 Jan 2019 @ 1:26pm

        Re: Re: Ploy by retailers to avoid returns.

        I could see Article 13 section 3 being interpreted that way. Returns could easily be assumed to be a different purpose than purchases, especially if the retailer is set up such that sales and returns are in different departments such that data has to be transferred from the sales department to the returns department in order to complete the transaction.

        reply to this | link to this | view in chronology ]

        • icon
          Ninja (profile), 18 Jan 2019 @ 1:23am

          Re: Re: Re: Ploy by retailers to avoid returns.

          This is... screwed up. GDPR is one of the shiniest examples of why the road to Hell is paved with good intentions.

          reply to this | link to this | view in chronology ]

          • icon
            Mason Wheeler (profile), 18 Jan 2019 @ 7:30am

            Re: Re: Re: Re: Ploy by retailers to avoid returns.

            What good intentions? It's been pretty clear since the beginning that it was driven principally by malice and the desire to harm American tech companies.

            reply to this | link to this | view in chronology ]

    • icon
      Gary (profile), 17 Jan 2019 @ 1:19pm

      Re: Ploy by Trolls

      So your pure speculation is somehow better than TD's opinion? Because "They want to reject returns" is just baseless and unsupported.

      I't the TD Blog - where Mike and others give their opinion. We can go to your website to see your super-better opinion, right? What is that link again? www.tinfoiliscommonlaw.com

      reply to this | link to this | view in chronology ]

    • icon
      Stephen T. Stone (profile), 17 Jan 2019 @ 2:10pm

      With "journalists" like you spreading FUD on just bias, it's no wonder that there's confusion.

      You have done nothing to clear up that so-called “confusion”, so how about you shut the hell up when the grown folks are talking.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jan 2019 @ 4:43pm

      Re:

      Not my problem you got coal for Christmas, blue.

      reply to this | link to this | view in chronology ]

  • identicon
    Personanongrata, 17 Jan 2019 @ 12:51pm

    There Shall be No Joy in Sombertown*

    How The GDPR Is Still Ruining Christmas

    The GDPR and it's anti-Christmas minions are mere pikers in comparison to the Burgermeister Meisterburger.

    "Toys are hereby declared: illegal, immoral, unlawful, and anyone found with a toy in his possession will be placed under arrest and thrown in the dungeon. No kidding!" ~ Burgermeister Meisterburger, mayor of Sombertown

    https://christmas-specials.fandom.com/wiki/Burgermeister_Meisterburger

    https://www.youtub e.com/watch?v=TX87QQLVD5k

    *Borrowed from Santa Claus is Comin' to Town

    reply to this | link to this | view in chronology ]

  • identicon
    DocGerbil100, 17 Jan 2019 @ 5:39pm

    Really...?

    Is this truly a widespread thing? This TD article quotes from an article in the Telegraph, which in turn seems to be quoting from an article (which I can't actually find) in the Mail on Sunday.

    The MoS is quoted by the Telegraph as saying 11 of 30 retailers approached have such policies, but is there much support for this?

    The only retailer actually identified in the Telegraph as having this GDPR policy is Bodens, a company with apparently just three high-street shops nationwide and some concession stands in two-dozen branches of John Lewis. They're not really what I'd call a household name - and before this article appeared, I'd never even heard of them.

    Perhaps if someone can find the original MoS article, there might be something a bit more compelling than the very thin and questionable evidence currently on show.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Jan 2019 @ 2:09am

      Re: Really...?

      They're an online retailer. You might as well call Amazon "not a household name" using their lack of stores as the same rationale.

      reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 18 Jan 2019 @ 2:19am

      Re: Really...?

      "Bodens, a company with apparently just three high-street shops nationwide and some concession stands in two-dozen branches of John Lewis"

      Why is their physical footprint relevant to an article specifically talking about online retail?

      https://en.wikipedia.org/wiki/Boden_(clothing)

      "Boden is a British clothing retailer selling primarily online and by mail order and catalogue"

      "They're not really what I'd call a household name"

      Why is the size and fame of the retailer relevant to them being confused by the legislation? I'd actually say that it's more important to see what's happening with less prominent retailers, since there's more of them and they may not have the legal resources available to clear their actual responsibilities, hence the overreaction.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jan 2019 @ 10:31pm

    Sorry, but this article is so lol. Just because some online merchant is stupid the GDPR is wrong? Really? Is this the argument?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Jan 2019 @ 1:34am

      Re:

      Not wrong. Just horribly open to abuse, which the proponents of GPDR repeatedly insisted wouldn't happen.

      To quote GLaDOS, "Nice job breaking it, hero."

      reply to this | link to this | view in chronology ]

    • icon
      Thad (profile), 18 Jan 2019 @ 7:39am

      Re:

      Just because some online merchant is stupid the GDPR is wrong?

      No, not just because of that.

      You'll find that, if you look on the lefthand side at the top of the page, there is a list of tags. Try clicking on the one that says "gdpr". You will find that this is not the first article Techdirt has published on the subject.

      Sorry, but this article is so lol.

      FYI, if you're under the age of 13, you're not supposed to be participating in online forums.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jan 2019 @ 11:59pm

    Oh, yeah. The online seller of my dishwasher told me, that they can only repair it when I send it to them, so they can have a look, fix it and return it to me in only 5 weeks. And they cannot do it any other way because.... Tada! GDPR.

    So, yeah, GDPR is used now to excuse any lunacy the companies (and towns, too) can come up with.

    reply to this | link to this | view in chronology ]

  • icon
    Jeroen Hellingman (profile), 18 Jan 2019 @ 12:49am

    Another instance of companies abusing the GDPR name

    If anything, the GDPR would require the opposite: since there is no legitimation for sharing the information of the return with the original purchaser, it would be illegal to inform him under the GDPR. This is just a misguided tactic of some traders who do not want to take back goods sold.

    reply to this | link to this | view in chronology ]

  • icon
    Jeroen Hellingman (profile), 18 Jan 2019 @ 1:00am

    It would make more sense to attack the GDPR on this horrible legal outcome: Google must remove sanctioned docter from search engine -- hereby undermining the safety of medicine.

    https://www.trouw.nl/home/google-moet-berispte-arts-verwijderen-uit-zoekmachine~a1fb7f03/ (in Dutch)

    reply to this | link to this | view in chronology ]

  • identicon
    Glenn, 18 Jan 2019 @ 4:21am

    Replace "Christmas" with "everything", and you'll be closer to the mark.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Cowherd, 18 Jan 2019 @ 5:11am

    Sounds more like some retailers figured on a novel way to discourage returns, taking advantage of the general public not knowing what GDPR is.

    reply to this | link to this | view in chronology ]

  • icon
    TripMN (profile), 18 Jan 2019 @ 8:05am

    Most of you have no idea on corporate compliance

    Its very interesting to see a bunch of people who are not in corporate compliance argue how this is a non-issue and doesn't have to do with GDPR. As someone who is in compliance and is an acting CISO for an American company, let me state a few things.

    1. GPDR is a very vague law that waves its hands around "complying" in a lot of vague and general ways that affects a bunch of highly technical industries where vague solutions are not an option. This makes complying in a way that makes the corporation bullet proof very hard. If someone complains and a government lawyer takes up the complaint, the company has to spend lots of time and money to prove they complied with every single little aspect of the law.

    2. The penalties for unsuccessfully guarding against a single complaint is €10M-20M or 4% of Gross Worldwide Product (whichever is bigger). For a huge percentage of the businesses in this world, that penalty would destroy the business. Even fighting it might destroy the business.

    3. GDPR Article 13 section 3 states:
    Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.

    I can very well understand this company's rules about return. They took the customer's information for the purpose of making a sale. A return is not a sale, and to look up the transaction, process it as returned, and then update that customer's information, it is quite easy to argue the return as a secondary purpose and therefore the business is required by law to notify the customer. I understand it sounds insane to many, but it's a sensible interpretation of the law that if they don't comply with may destroy their business.

    And just because someone is quoted as saying "there are other ways to comply with this law" doesn't mean any of those options are better. Lots of big businesses in the USA are still complying with the GDPR by blocking all EU traffic to their websites.

    reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 18 Jan 2019 @ 8:19am

      Re: Most of you have no idea on corporate compliance

      "Lots of big businesses in the USA are still complying with the GDPR by blocking all EU traffic to their websites."

      That's something that deserves reiterating. The law is so confusing that businesses thousands of miles away are blocking an entire continent of 500 million potential customers until they understand what they need to do to comply.

      If that doesn't explain how people who operate directly within the jurisdiction might also overreact, I'm not sure how to make it clearer.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.