The online shopping has long since drawn inpatient trade, especially among younger customers.More and more companies are therefore offering their goods on the Internet via their own web shop and are also operating active marketing in hard -fought competition.
Since web shops and order systems are becoming increasingly intelligent and user-friendly, there are also more (data protection) legal questions about the processing of personal data of the customers-before, as well as after ordering.Of course, the same applies to data processing by registering in a web shop or on a platform.
The so-called "shopping cart dropout" e-mail includes a relatively new feature, which is supposed to approach those affected, which previously placed products in the virtual shopping cart of the website, but ultimately did not complete the purchase process.
Technical problems such as the loss of the internet connection or a server failure can count on the causes of demolition, but also personal moments, for example if the price in the overview appears too high or you would rather "sleep a night over it".Sometimes something suddenly comes between when shopping.In all of these constellations, the final act was missing, so that the purchase is not completed.
The reason for the shop operator may also ask the reason for the fact that the order did not come to the end of the order: this person may be remembered by email to the shopping cart or the obvious interest in the products in order to still be remembered in order to do soTo bring about the purchase contract or reactivate the customer?Can the successful conclusion of the purchase contract still be achieved?
Data protection and competition law
The peculiarity in such cases is that the customers must have already (as part of the order) have already specified their email address, otherwise this automatic function would not be conceivable, but it would not be possible due to the lack of the orderactual purchase has come.Therefore, all subsequent activities of the operator cannot refer to the purchase contract.
Therefore, such a memory by email is considered advertising and is generally only permitted as an additional data processing.The legal basis of the "implementation of pre-contractual measures" (Art. 6 Para. 1 Sentence 1 lit. b GDPR) does not basically consider the protection of protection from competition law to be used for such an e-mail after the ordering process, in particular not with oneTemporary distance of 1-2 days.
Such an electronic message with reference to the shopping cart could only be considered under very strict requirements according to the exception in accordance with Section 7 (3) UWG, which in the rarest cases should be available and that is also subject to the competitive risks (or thencould be considered inadmissible; see Köhler/Bornkamm/Feddersen/Köhler, UWG § 7 marginal no. 204a).Because only in the cases of Section 7 (3) UWG, this advertising speech is not considered an unreasonable nuisance and would then not be in need of consent, but could possibly be processed in the "legitimate interest" in accordance with Art. 6 Para. 1 S. 1 lit. f GDPRwill.
This provision is ruled out anyway when the first order is terminated, since no prior purchase contract has yet been concluded.Because this exception basically and under narrow conditions provide a previously concluded purchase contract, the reference to the processing of the email address collected for such advertising and direct advertising for "own similar goods and services" that the data subject (recipient*in) did not object.The reference to the later action is particularly important and should be missing regularly when ordering and shopping function.
As a result, this means that an automatic email then with the memory of the products in the shopping cart and, if applicablestating the email address in this processing of your personal data voluntarily with such a function.This approval would be to be implemented analogously to a newsletter with an actively clicking checkbox and the so-called Double-Opin process.Other constellations would certainly be conceivable, all of which are risky.The burden of proof of this effective consent bears the sender.
The legal situation may have to be assessed differently if it had to be registered on the website clearly before using the shopping cart and the email address would have to be confirmed.By installing your own profile/account before using the web shop, the required consent to the later "shopping cart dropouts" e-mails could be obtained in advance and documented, so that the full shop experience could then be designed.This could certainly be advertised as a positive function for users on the website.
On the other hand, the cases of the "guest order", in which almost hardly any corresponding, express consent can be obtained, are problematic, mostly not even the email address is specified.And there is also a similar legal uncertainty with registered but not logged in.
More memory emails
Such topics are also not entirely new and, in the broadest sense, comparable to functions such as the automatic "customer satisfaction survey" by email after successful order/delivery or the email to remember the registration process that has not yet been completed on a website if, for examplethe email address has been specified, but a registration has not yet been completed or has been completed.
As with the shopping cart dropout, when you stop registering a account on a website, the question arises whether and how long this personal data can still be processed.This data processing could even be considered inadmissible due to the legal basis according to the GDPR if necessary, then this data would also have to be deleted according to the basic character of the data protection law.
Among other things, the Berlin Commissioner for Data Protection and Freedom of Information in the 2019 activity report dealt with the data protection question of the processing of the personal data already specified in the event of a registration termination and found:
Various buttons in the registration ("Cancel and delete" and "Save data" in order to continue registration later ") were recommended to meet the specific request of the users and to regulate how the further data processing should be designed.But many cases, such as the technical error or demolition of the internet connection, cannot be solved in this way, so that such functions would only be partially effective.It is also questionable whether such an additional selection actually improves consumer protection.
Various technical solutions on websites are certainly possible based on a account with login area automatic emails to remember and reactivation.Nevertheless, the e-mails are required for the crab's cart, the customer satisfaction survey or memory of the registration that has not yet been completed in almost all cases of the previous, express and informed approval, which is evident.In a user panel with prior registration, such functions could be activated via checkbox.In theory, it would also be conceivable via the cookie banner stating an email address with active approval and a double-optin process before using the web shop with reference to the data protection declaration.
It would be risky to rely on such actions on the exceptional character of Section 7 (3) of the UWG and to process in the legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.
In any case, data protection and in particular competition law risks remain that the company (the dealer) has to bear.