/ Shopping

Are you concerned about e-receipt data misuse?

Our latest research has revealed that just 29% of people trust retailers not to misuse their email address when sending an e-receipt. Do you have concerns?

An e-receipt can be a good way to cut out clutter and allow you an easy way of searching through your old records should you ever need to refer to them.

Personally I’m all for digitising records like this – I find it much easier, and it’s good to know you have access to those records wherever you are, via your smartphone.

But according to our survey, I’m in the minority. Four in 10 felt there weren’t any benefits to them in receiving a digital receipt, while as many as 79% of people had at least one concern about them.

Top five e-receipt concerns

Top e-receipt concerns

Despite the benefits, I have to admit that I also share the top concern from that list. When I bought a new TV a few months back I was asked for my email address so they could sent the receipt.

I’ll give the store credit in this case – they did promise that my email address wouldn’t be used for any other purposes, but I couldn’t help but feel it’d be easy to end up receiving marketing comms I didn’t ask for.

Our mystery shop

When we sent shoppers to do a snapshot test on stores, they made it clear to staff that they wanted no marketing when handing over their email address for the e-receipt.

Except for one instance, the retailers did not send any subsequent direct marketing emails, but we did see several instances of some including promotional marketing of other products and services in the e-receipt itself.

We suspect that some retailers aren’t aware that having a marketing message in the e-receipt template counts as marketing.

Take a look at the examples we found in our snapshot mystery shop

Which? managing director of home products and services Alex Neill said:

More and more shops are offering e-receipts, which can be convenient for shoppers, but our investigation suggests not all shops are aware of the law.

Retailers must do everything possible to ensure shoppers can have confidence that they won’t be bombarded with unwanted marketing emails and that their personal details are safe

Which? has undertaken the ‘Control, Alt or Delete’ policy project to explore the consumer data landscape and help improve understanding of how online data is being collected and used.

Have you opted to take an e-receipt recently instead of a traditional paper one? If so, did you receive any subseqent marketing emails or promotions?


I’m one of the four in ten. I often get a receipt/invoice within an on line package but have never been offered anything else. I would have objections to any of the events shown on the sample receipt at the beginning of this post. The least knowledge about me that is shared, the better. My receipt is the on line order and confirmation of delivery. It’s all I need.

DerekP says:
27 December 2018

E-receipts can be harder to lose than paper ones.

Unless, of course, the email address in question becomes overburdened with spam.

While its less likely due to good security that E-receipts by big concerns could be hacked that certainly doesn’t apply to others .
Uber has had its e-receipts hacked as was Debenhams and many others –“funnily” my paper receipts have not been hacked I wonder why ? (joke ).

Being a belt-&-braces type of person I tend to print off any receipts and product guarantees that arrive on-line via e-mails following an on-line purchase. I keep them with the other documentation relating to the product [purchase order, user manual, servicing information, etc] so it is no problem for me to have a paper receipt; when buying in a store I prefer it because I have it in my hand immediately and it is not liable to get accidentally deleted, or miss-filed in the wrong folder, or even not arrive at all.

I generally decline to give retailers my email address, for the reasons mentioned in George’s introduction. It would be interesting to know which retailers exploit their customers.

Wavechange -nowadays it starts from the top-
Big Data acknowledged as the modern gatherer of customers data which is then sold to third parties –
The problem with LInkedin is that it has just been exposed for employing a computer bot company to blame Russia for some well publicized US election tampering , a lot of red faces all round .

If you are talking about individual companies that operate in the UK then that is not so easy as they wont admit it other than the usual -we place cookies on your browser/computer . Think Amazon/Walmart/Google enterprises /Microsoft/etc they all do it .
Just visiting a website gives them a long list of your likes / buying power/ in Amazon,s case they even put up your location for delivery . I have managed to block it to the general UK, Amazon makes use of very powerful tracking that originates in Israel.
All those data servers have local bases (EU ) but the data is transferred to Big Data servers in the USA so public security is reliant on the USA whose laws make us foreigners so open to more exploitation than US citizens.

The UK has the most open snooping laws in the world the envy of the USA .
As I have posted before dont think Cloud Storage is 100 % secure , its not that’s why companies like Amazon /Google etc are competing to store US military data on really secure cloud storage as the FBI/CIA / Homeland Security etc have found ordinary storage very leaky.

Although I object to some of the selling practices of Amazon [two-pin plugs, etc] and have had occasional delivery problems, I have been buying books from Amazon for years and cannot find any fault with their on-line processes. I find they have the fastest and most easily navigable website in the UK; I have never experienced any misuse of data; I have no objection to the website showing my default delivery address – it prompts me to check that it is correct or to alter it if I am ordering something for somebody else; it is of no significance to me where their tracking originates; and I find the suggestions and details of related or alternative goods quite helpful. Overall I think Amazon gives good service and has earnt the popularity ratings it gets – as evidenced in the Which? report on on-line retailers in the December 2018 Which? magazine. It would be much more expensive and more inconvenient to buy books any other way. For nearly all other products there is nearly always a bricks-&-mortar establishment within walking distance that can supply our needs.

I have an idea of what’s going on, Duncan, but see no easy way of avoiding surveillance by multinational companies. Having failed to receive satisfaction from Amazon over three safety issues I avoid using them unless there is no alternative.

I think there are big risks for people who are highly active on social media because on-line retailers and service providers can construct links to the individuals concerned and garner much more intelligence on their interests and requirements than with a customer like me who keeps a low profile, has very few on-line accounts, and makes no use of social media. My e-mail address is known to on-line retailers but I have never suspected any unauthorised access [in any case there would lean pickings if they did attempt it]. I have a high level of e-mail traffic but it is almost entirely within organisations I belong to and I consider it to be of very little commercial interest.

Wavechange talking of collecting data I thought my logger from the LHS of the webpage using a blocker after checking an update had been lost but its now accessed on a tab.
On looking at it it is even more comprehensive and now even behind the scenes network calls are being tabbed . On the Yandex browser I am using Yandex in Russia knows I am on the Which website I better watch I dont divulge any state secrets ( laugh ) .
There is no hiding place on the web.

A Dutch firm has investigated MS Office -2016 & Office 365 at the behest of the Dutch Ministry of Justice & Security.
They found your data is sent to Redmond USA servers fully accessible by US law enforcement ,as I keep saying .Those who scoff at this the USA now uses American Law as International Law demanding extradition to USA courts.
Anyway there is a PDF on it if you want to check deeper on the webpage-

DerekP says:
29 December 2018

Thanks Duncan. That’s an interesting share, even if it is published by a rival software house.

As we’ve noted before, the best way to avoid sneaky spyware is to only use fully free and open source software.

That said, many organisations seem effectively locked in to the use of M$ Office. But perhaps that could change…

Patrick Taylor says:
29 December 2018

” There is currently no way to object to these practices. If you use MS Office, you’re a willing participant.

That’s already enough to feel uneasy, but there’s more. Initially denied, Microsoft now admit to collecting personal data. With the help of audit logs (originally intended for admins), they can easily obtain email addresses, user ids, subject lines and much more. Time for data protection officers to get that rope ready and brush up on their hangman skills! Sure, Microsoft should (and must) collect data to improve their software or web-based services, but, this time, they’ve crossed the line. It seems they’ve completely forgotten that data collection must be governed by transparency and purpose.”

If you want to be safe from US snooping whether it be personal or business it would appear to be stupid to use M$ Office in anyway online. LibreOffice being free and non-US [EU] has a lot to be said for it.

For many years I have looked at file properties of Microsoft Office files that arrive by email. Many people do remove their name etc. but others do not. When I bought a house I never had any direct contact with the vendors but the estate agent forwarded a Word file with answers to my questions and the file properties indicated the file had been created on a computer registered to Capita. Looking at Exif data for image files is interesting too.

Were you working for the government or associated business/company Wavechange ?
They dealt with government business .

DerekP says:
30 December 2018

In my experience, the file properties on my own Word documents often give wildly inaccurate information, except where I’ve taken the trouble to make sure everything is correct.

Duncan – Not me, other than doing research funded by our government-funded research councils.

Derek – Yes it can be inaccurate but it has helped me investigate plenty of cases of copying by students who were too lazy to do work for themselves.

DerekP says:
30 December 2018

A long time ago, I was warned about the inclusion of (a) hidden or tracked deleted data and (b) random additional data in Word files. Hence, where I worked, we preferred to send PDF files to clients (and others).

Yes, but PDF files may also show the name/organisation and date of the file and additionally what software and version has been used for creation. Exchanging Word files can affect pagination and result in font substitution, so unless the file is to be edited, PDF is generally the best option for sending files.