Shopping by appointment: What happens to your personal data?
In the Netherlands it is now possible to visit non-essential shops if you make an appointment beforehand. But when you book an appointment you have to provide a lot of personal data. Are shops allowed to ask you for all this data and what happens to it?
To book a retail time slot you have to provide in advance your name, telephone number, email address and sometimes even your address and retail preferences. Companies should inform their customers about what happens to this data in a privacy statement, as required by the General Data Protection Regulation (GDPR, in Dutch AVG). But who reads this small print?
According to Gerrit-Jan Zwenne, Professor of Law and Digital Technologies, it is not odd that companies want to acquire information about their customers. It enables them to build up a relationship with customers and facilitates communication. 'There is nothing wrong with that on the face of it', he says on Dutch news site AD. 'I can imagine they want to make use of this situation to collect contact details. But companies must be clear about this and explain what they do with this information.'
It is important to know what information is collected. The less obvious this is, the greater the need to explain why this information is requested and what will be done with it. Zwenne: 'An email address is a clear means of communication. A person’s age or year of birth can be used to put them in an age category. A date of birth might be needed to be able to send that person something on their birthday. But asking for an address is more complicated. An address can be used to acquire information on economic status or other background information. Providing this kind of data should always be optional.'