With the advent of self-service checkouts and online shopping in recent years, electronic receipts have become a ubiquitous and convenient aspect of retail in Canada.
They offer an eco-friendly alternative to printed receipts and allow consumers to easily track their purchases without fear of losing a small piece of paper.
However, the practice raises questions about consumer privacy, the Office of the Privacy Commissioner of Canada (OPC) said on Thursday. A recent OPC investigation revealed how appliance chain Home Depot has been sharing consumer information with Meta, which runs Facebook, for years without informed consent.
And e-receipts are just one of the tools retailers and tech companies are using to extract consumer data.
Consumers may not be able to stop companies from violating laws designed to protect them, but there are steps they can take to protect their data. Here are ways to protect your personal information.
DO NOT SHARE YOUR DATA
Please be aware that almost every time you share information about yourself with a merchant or social media platform, you may unknowingly agree to a variety of terms and conditions, which may include sharing data between platforms.
The easiest way to prevent tech and retail companies from selling your information to third parties is to not share it with them at all,” says Terry Cutler, cybersecurity expert, author and CEO of Cyology Labs, CTVNews.ca by phone. interview. Thursday.
“Don’t wear it. It’s so easy,” Cutler said. “Some people want to receive a copy of their receipt (by email), but once they choose this service, their email may be passed on to Facebook for later redirection.”
In addition to rejecting email receipts, suspicious consumers can unsubscribe from newsletters that promise to share deals and discounts, shop online, use services like Facebook Marketplace, or reveal anything about their online shopping habits. social networks.
But the reality is that consumers are getting used to the convenience of online shopping, electronic receipts and saved login and credit card details. These amenities may be subject to a fee.
“Consumers want convenience,” Cutler said. “But they don’t think about security.”
If you know you’re going to use services that require your personal data in exchange for a better experience, Cutler said, you need to be clear about what you’re agreeing to and how to protect yourself from breaches that could compromise your privacy. and safety safety. .
UNDERSTANDING THE CONDITIONS
In a consumer safety guide posted on its website, OPC recommends that consumers make it a habit to read the privacy policies of the websites and applications they use. Cutler agrees.
“Unless (consumers) start reading the terms and conditions of what companies do with their information, they won’t know anything,” he said.
Websites that collect personal information usually provide an accessible link to their privacy terms and may even require users to agree to the terms before submitting their information. If you find something in the terms that you do not agree with, or if the company cannot answer your questions about how your information will be used and protected, you should think twice before using their services.
PROTECT YOUR DEVICES
To protect your online privacy, it’s always a good idea to make sure your computer, smartphone, and other mobile devices are password protected. Also, make sure your devices are equipped with the latest antivirus software, spam protection, and a firewall to protect against cyberattacks designed to steal your information.
PROTECT YOUR PASSWORDS
Anyone, even your favorite online store or web service, can become a victim of a data breach. This means that anything you share in good faith, such as contact details, address, credit card information, or saved passwords, can be stolen and used if the company’s database is compromised by pirates.
“If you use login services and this company gets hacked, chances are your passwords will be leaked to the dark web,” Cutler said. “And then hackers can get into your account and take over it.”
According to OPC, one way to prevent identity theft is to use different passwords for different websites, accounts, and devices. Cutler says users should also use two-factor authentication whenever possible, especially when saving passwords online.
“Here you enter your username and password and then use the six-digit code on your phone to log in,” he said. “So if a cybercriminal manages to get your information and try to log into your account, it won’t work.”
Cutler’s company has also developed a free app called Fraudster that uses push notifications to alert users to new scams and cyberattacks online.
KNOW YOUR PRIVACY SETTINGS
Mobile devices, browsers, websites, apps, and online games often have customizable privacy settings that give users the option to make them more or less secure.
On mobile devices, these settings can include the ability to control everything from location tracking to a password-protected screen lock. Browser settings often allow users to control things like cookies and pop-ups, while apps, websites, and social media platforms usually allow users to control what personal information they make public.
OPC warns users that they should never rely on the default settings, but should instead spend time configuring them.
HOME WAREHOUSE: CASE STUDY
The line between disclosure and deception can sometimes be very thin, as OPC found in its Home Depot investigation.
Home Depot began collecting customer email addresses at store checkouts for the purpose of providing electronic receipts in 2018, investigators say. They didn’t disclose to customers that their email addresses, as well as details of their in-store purchases, were shared with Meta for use in developing targeted ads.
Home Depot told OPC it relied on implied consent to disclose customer information. The company has stated that its privacy statement, available on its website and printed at points of sale upon request, adequately explains how it will use the information it collects.
But OPC dismissed that argument, saying Home Depot didn’t make its privacy statement available to shoppers at the checkout and consumers wouldn’t know they would find it. The OPC also found that Home Depot’s privacy statement did not clearly explain the practices in question.
“When Home Depot customers were invited and agreed to receive an electronic receipt, they were never told that their information would be shared with Meta or how it would be used by any company,” Privacy Commissioner Philippe Dufresne said in a press release. Thursday.
“This is where Home Depot failed. Consumers need clear information at key points in transactions so they can make informed decisions about how their personal information should be used and give informed consent.”
OPC says its investigation prompted Home Depot to stop sharing customer email addresses with Meta starting in October, and that the company has promised to get strong customer consent if it ever introduces the practice again.