May 22, 2022

Volume XII, Number 142

Advertisement
Advertisement

May 20, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

German Supervisory Authorities: Online Traders Must Allow Guest Access for Customer Orders

In a resolution as of 24 March 2022, the Conference of German Supervisory Authorities in Data Protection (Datenschutzkonferenz – “DSK”) provided guidance for data protection-compliant online trading of goods and services. The key message is that online customers must be given the option of a guest access for their orders. According to the DSK, online traders (controllers) therefore must enable online purchasing without customers having to create an account.

The DSK recalled that the principle of data minimization also applies in online trading. Customers must be free to decide in each case if they want to enter their data for each order and thus be treated as a temporary guest, or if they are willing to enter into a permanent business relationship that is linked to an ongoing customer account.

The DSK is of the opinion that without guest access or an equivalent ordering option, consent would not be provided voluntary. An ordering option can be considered equivalent if it does not entail disadvantages for the customer. The effort required to order and access this option must be equivalent to that of a customer account.

The DSK further pointed out that a customer account allows online traders to evaluate the contract history for advertising purposes as well as to store information about means of payment. Such processing would require informed consent.

According to the DSK, there may nevertheless be special circumstances that justify the setting up of a customer account as necessary for the performance of a contract, e.g. for specialist retailers regarding certain professional groups. But even then, the principle of data minimization must be observed, e.g. by automatically deleting the customer account after a short period of inactivity.

© Copyright 2022 Squire Patton Boggs (US) LLPNational Law Review, Volume XII, Number 133
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Dr. Annette Demmel Data Privacy & Cybersecurity Attorney Squire Patton Boggs Berlin, Germany
Partner

Dr. Annette Demmel is a partner in our Data Privacy & Cybersecurity Practice Group in Berlin. For 20 years, Annette has advised national and international businesses in privacy law, technology law, telecommunications law, intellectual property law, media law and competition law.

In particular, she leads the implementation of privacy compliance programs and centralized software systems, and provides advice on policy and regulatory issues arising in the electronic communications and internet sectors. Annette also advises clients on legal issues relating to profiling and online...

49 30-72616-8226
Advertisement
Advertisement
Advertisement