Privacy and Data Protection advice for eCommerce

Posted in Blog, Lessons and tagged , , , , on by .

Privacy and data protection are becoming big issues for all internet users, but especially if you are running an eCommerce business. But it isn’t all bad news – increasing trust in online shopping means more people will be confident in sharing their payment details, and many of the changes coming up can be implemented reasonably easily.

The important thing is that you’re aware of what will be required to abide by the laws which affect your country, and also any global changes which include how search engines and internet browsers will work in the future, so your business isn’t negatively affected. And we’ll help by keeping you updated on what we’re doing, and sharing the best privacy and data protection advice for eCommerce from around the web.


New EU Regulations for May 26, 2012:


If your business and website are located in the European Union, you need to be aware of the new regulations which were introduced in May 2011, but will begin to be enforced from May 26, 2012. You can get detailed information via the Information Commissioners Office, but we’ll attempt to summarise them for you – just keep in mind that we’re not lawyers.

The rules basically mean that by May 26, 2012, you’ll need to have a clear privacy policy in place to cover user data and tracking, particularly via cookies (the small files that are sent to a user to enable tools such as Google Analytics or advertising services to work). And you’ll also have to get consent of your users before any cookies are used.

That privacy policy needs to explain the purpose of any cookie and how any data is stored – is it a first party cookie (served by a website to provide a service which is part of the website – e.g analytics or login details), or a third party cookie (if you serve advertising, for example).

Some cookies will be automatically served when someone visits your site, such as analytics, so you’ll need to mention this and explain how they can be removed by a user. And for anything else, you’ll need to provide a way for users to opt out.

The good news is that even after enforcement starts, the Information Commission aren’t going to come knocking on your door straight away as long as you’ve started making efforts to comply. So even if you’re not sure how to offer user consent for everything, having your privacy policy in place will show you’re trying to get everything sorted.

One good example is obviously on the Information Commissions own website, so it’s worth taking a look at their own privacy policy and how they alert users with a checkbox in the header to ask for consent.


Changes for Search Engines and Browsers:


The search engines and browsers your customers are using have also started to implement new privacy rules and restrictions on what information you can get from them. We’ll be publishing a guide to the latest changes to search, and in particular, Google and Google Analytics data, so let us know if you’ve got any specific questions or queries you’d like to see.

And if you want to make sure you’re keeping up with this series of articles, you can sign up to the Jigoshop weekly email newsletter to make sure you never miss a thing!


* Important disclaimer – we make eCommerce software rather than practising law in any way, so please do keep that in mind and if in doubt, check the official websites, such as ICO, and do take legal advice to make sure you’re covered.