Connect with Joseph Steinberg
Data Collection


Online Retailers That Cancel Purchases Continue To Utilize Personal Information Gathered During The Attempted Transactions

Online Retailers That Cancel Purchases Continue To Utilize Personal Information Gathered During The Attempted Transactions

While we have become somewhat accustomed to the data collection practices of online retailers seeking to analyze our purchase histories in order to better target their marketing efforts, many people may not realize that even some well-known retailers also use data provided by people whose purchases the retailer itself cancelled.

To understand the significance of the issue, please consider a recent experience of mine:

The week of Black Friday weekend, I ordered a new refrigerator from an online retailer. The price that I paid, while still reasonable, was the best that I had seen advertised for the particular model that I wanted, and the vendor from which I ordered the appliance was (and is) a respectable online retailer of decent size. At the time of the purchase, I paid for delivery and installation as well – and received from the online store a confirmation of the date on which it would place the appliance in my home.

Several days later, however, the retailer notified me that it had to move the installation date back by a couple weeks – something which, while certainly not desirable, was also understandable, especially during the COVID-19 pandemic; I was fully prepared to accommodate the schedule change. A few days later, however, the retailer cancelled the order altogether, informing me then that the price at which I had purchased the fridge was erroneous; if I wished to purchase the item, I would need to purchase it at the much-higher price now “appearing correctly” on the merchant’s website.

While I was both disappointed (as I had missed out on other Black Friday sales on refrigerators as a result of believing that I had already purchased one), and suspicious (if there was a price mistake, why did the retailer not notice it when it had twice arranged and confirmed delivery?), there is little doubt that, as typically appears in the “small print” terms and conditions sections of retailers’ websites, the retailer had the right to cancel a transaction if an online purchase was made at a price that was inadvertently set too low.

After cancelling the transaction, however, the retailer in question continued to use for its own marketing purposes the information that it garnered from me as part of the now-cancelled transaction – targeting me with all sorts of relevant email-based promotions, including one that, somewhat ironically, encouraged me to purchase one of the new refrigerators that it had on sale.

Should such marketing be considered acceptable, ethical, or even legal? Should a party that cancelled a transaction really be allowed to keep information that it received as part of that transaction? Is it truly sufficient for a retailer that cancelled a transaction to just refund the purchase price and associated sales taxes, if, as part of the now-cancelled transaction, the retailer received both liquid currency and valuable, usable information?

While I will leave the relevant legal issues to attorneys and lawmakers to discuss, the use of personal information as described above seems to be, at best, a form of unjust enrichment — the information clearly has value, and the party providing it did so only because the recipient offered to sell a particular item at a particular price – an offer which, after being accepted by the provider of the data who provided the data under such conditions, the receiver of the data refused to honor. Furthermore, if we allow parties to use data collected in such a fashion is it not possible that we will encourage scammers to offer items for sale at “erroneous” prices specifically in order to collect data without having to deliver anything?

It is time that we establish clear standards governing the storage and use of data collected as part of a cancelled transaction.

Continue Reading

More in CyberSecurity




* indicates required