Data Privacy Requirements for Sharing Data on Webshop

Poster
Message
Ted
Germany Germany
Ted
Kudos: 104
Joined: Nov 26, 2015
Data Privacy Requirements for Sharing Data on Webshop
3 Dec 2015
Hi,

Maybe someone here can help. My US webshop will be using a fulfillment center& email provider &, of course, we are sharing customer data with them (no cc data, just addresses) but how should I handle this in the shop. Is adding this to the terms of use sufficient or does this need to be an added checkbox during the check-out?

Thanks for any help,
Ted
Herts, England United Kingdom
Andy
Kudos: 11,773
Joined: Jan 1, 2001
Re: Data Privacy Requirements for Sharing Data on Webshop
3 Dec 2015
Hi Ted,

I don't know the legal situation in the US but many, many online retailers in every part of the world use external providers for hosting, ecommerce technology, fulfillment, customer service and so on. I've never seen a checkbox for that.

I expect that it will probably be buried somewhere in sites' terms and conditions though - or at least a general statement that data will be shared with third-party service providers for the purpose of processing your order etc etc.

In general US data protection law is seen as much weaker then the EU's. A lot of the content online about ecommerce and the law is not that helpful in my opinion, but I found this to be one of the better ones:

www.venable.com/legal-consider...ommerce-businesses-04-04-2014/

For a definitive answer you would need to consult with a lawyer, of course.
Andy Geldman, Web Retailer
Please follow on Twitter, Facebook, LinkedIn or Google+
Ted
Germany Germany
Ted
Kudos: 104
Joined: Nov 26, 2015
Re: Data Privacy Requirements for Sharing Data on Webshop
3 Dec 2015
@Andy Thanks, Andy - helpful as usual. I thought it would just be a Terms of Use issue but someone brought up the checkbox & I thought I should make sure.
Canada Canada
lsp.prabhu
Kudos: 21
Joined: Nov 22, 2015
Re: Data Privacy Requirements for Sharing Data on Webshop
8 Dec 2015
@Ted

Hi Ted,

There's no requirement for a checkbox vs covering how private data is transferred to (and stored by) various third-party enablers of your business. That is just the format.

The main concept is to obtain consent from the data subject.

Another key point is that the onus is on you to ensure that your third-party service providers comply with all relevant data privacy laws, so you should be making enquiries about their data protection practices.

By the way, I co-authored a book on data privacy last year, which is specifically aimed at guiding SMEs through international privacy regulations. Some excerpts and blog posts are here:

Data Privacy: A Practical Guide

Feel free to get in touch should you have any specific questions. The first one is free

Regards
Leighton

2nd Office
Feedvisor
XSellco
Volo