• by Ray Schultz , Columnist, January 14, 2019

Planning to return an unwanted Christmas gift to the store?

Don’t do it if you live in the UK — retailers are required to inform the giver, according to a new GDPR analysis by The Telegraph.

It is the latest absurdity to pop up eight months after the GDPR took effect.

In another Yuletide flap, German children who traditionally put their wishes for Father Christmas in a tree now have to get parental consent to share the information under national law. The town of Roth found a way to easily do it.  

Ha ha — is the EU trying to destroy Christmas?

All jokes aside, email marketers could themselves burdened with ever more detailed — and indecipherable — rules regarding consent and erasure of data.

The UK’s Information Commissioner’s Office (ICO) denies that gift returns must be reported. But The Telegraph insists that GDPR data rules require that purchasers be told when a product — say, “garish jumpers and superfluous socks” — has been returned.”

The Telegraph approached 30 retailers, and 11 said they were informing buyers about returned gifts. 

Retailers are also advising unhappy gift recipients to tell the giver they are returning the item before the store tells them.

According to The Telegraph, a father returning a child’s coat was warned that the buyer would be “informed due to ‘data protection regulations.’ 

Boden issued this statement, it adds: "If the recipient wishes to exchange the items or obtain a refund, we are obliged to inform the original buyer of any changes to our records and any refund would need to be given to the original buyer — this is for various legal and fraud prevention reasons.” 

It’s not clear whether recipients can exchange items, or if they also lose that right.

Is Boden overreacting? Hard to say, but it certainly doesn’t want to be hit with staggering fines for failure to comply with such a nasty requirement.  

Meanwhile, observers fear that the U.S. is headed for GDPR-type laws. 

“Businesses will have to gear up to comply with new data privacy laws both in the U.S. and abroad if they want to successfully compete in our global economy,” writes Christina Walker, global director of channel sales and programs at Blancco, in an article on the Channel Partners site.

She advises that businesses will have to comply with the California Consumer Privacy Act, which takes effect next January 1, 2020 -- even if they are not based in California. 

“Noncompliance could possibly threaten their ability to do business in the most populous state in the U.S.,” she adds.

Walker also warns that at least 34 states and Puerto Rico now require private and governmental entities to destroy or make personal data unreadable and undecipherable. Almost all of these states' laws require digital data, but Arizona's specifies paper records only. And the Federal Trade Commission has tough rules on data disposal (although it may not be enforcing them during the shutdown). 

Consumer privacy must be protected. But let's hope that U.S. authorities -- including the federal government if a national privacy law is ever enacted --  don't mandate over-the-top rules that are almost impossible to follow.