With GDPR enforced correctly on ecommerce sites sending emails and remarketing to abandoned carts is going to be more restrictive to do legally.
Abandonded Cart Issue.
Ecommerce sites love tracking their visitors from the moment they land on a site to the time they leave and well after. We know a shopper remarketed to within hours if not minutes of abandoning their cart are likely to close the sale. The longer its left to remarket to them the less the chance of converting the visitor to a customer. So this is a very lucrative and automated marketing tool used on most ecommerce sites. Current tactics used to lure the shopper back into the site are not possible if GDPR is applied correctly to an ecommerce store.
Data Collection.
The issue is with data collection. To collect data about a shopper / visitor explicit permission has to be gained. This permission has to be clear and the purpose the store is collecting the information has to be clear to the shopper. The consent needs to be freely given, specific and informed and you must be able to prove that. This is where the issue happens getting the explicit permission. So are you going to insert beside the tick box looking for permission ?
- We are collecting your details so if you abandon your cart we will market the contents of the cart to you over the following days.
- We are collecting your data so as we can email you about this cart and then keep you on the list for other marketing we do.
- We are collectiing your data so as we can remarket to you for 30 days no matter where you login on the internet.
I cannot imagine any shopper opting into this unless they are angling for a discount.
While is it “poosible” in theory , in practise it is pretty much a non-runner.
Some stores are offering a solution where they are putting a tick box right beside the guest shopper email address asking for permission to re-market to them. This may fall foul if the permission if it is not recorded and explicit. However all the solutions I have seen for this have a small link to terms and conditions and the shopper has to click on the link to read the terms of clicking the box. Who reads these terms and is that legal ? In our view there needs to be text with the click box explaining exactly what it is for and for there to be an option to continue shopping and not check the box.
ReMarketing Issue.
When a visitor lands on your site, if there are tracking cookies on the site that are tracking them, you have to give the visitor the option to opt into these for the cookie to activate. The issue is that some online stores are doing a global cookie opt in that is to cover everything. This may not be explicit permission and therefore this will be not GDPR compliant. Cookies are where most sites fall foul. They are added fast by developers and most store owners simply forget about them, until a GDPR audit takes place.
Is Guest Shopping allowed under GDPR ?
Explicit permission has to be recorded. The visitor can revoke this permission in the future. For the visitor to revoke this permission in a self service method they will need to have an account on the system. A guest shopper normally has no way of accessing previous purchases or their account on an ecommerce site. To access this information they have to create an account. Creating an account normally means the user supplies a password at the checkout to be used for future access to their account. Ecommerce sites will have the same set of information for a customer regardless of them creating an account or not.
Solutions :
- Review logging abandoned cart information and add in permission tick boxes as you are collecting information of private people and you need to record their explicit consent. If you are going to attempt to recover carts you will need to make an explicit permission dialogue beside the customers email address making it clear that you will contact them to resell if they insert their email address. The length of time you will hold this information if they do not become a customer is important to define.
- If you are placing tracking cookies on your website you need to get explicit permission for each one. Less tracking cookies lead to a faster loading site so its good practice to run with the minimum. There are lots of ways of collecting stats on your website that do not share the information outside your webserver with other data collection agencies.
- Have a process where a customer can self serve to convert a guest account to a customer account for the purpose of withdrawing or altering their permissions.
- Concentrate your reselling efforts on your existing customers. We know it is easier to sell to an existing customer than a new one.
- Contact your existing customers every 6 months so as to keep them up to date with your offerings and to allow you to contact them again in the next 6 months. Make sure you have a record of contacting these customers.
- Make sure your cookie policies are up to date and the consent needs to be freely given, specific and informed.
- Ecommerce sites should offer guests shoppers a way to convert to an account so as to securely change their account details and permissions.
These are opinions and are not intended to be used for legal purposes. The purpose of this article is to alert ecommerce store owners to the dangers of permissionless remarketing.
Further reading :