Many delivery providers need to be able to contact the person they are delivering to. This is standard practice. The same is true for many non-trivial payment providers (such as PayPal/Klarna).
This data is shared for the legitimate interests of the customer. You've bought something and asked to a) pay for it, and b) have it delivered. I think it's reasonable to expect that the companies involved in this can contact you for the purposes of fulfilling your request.
This is all done under GDPR. The companies hold the data only for as long as they need, for the purposes explicitly requested by the user. This will all be included in privacy policies.
> It also seems that you could set up your own relay allowing those providers to contact your customers.
This might be technically possible, but introduces many concerns such as deliverability and spam ratings. Relaying email in this way is non-trivial when you're doing it at scale. For services sending ~100k emails a month or more, this requires careful planning because it's very easy to become filtered as spam.
1. You already gave those downstream vendors your contact information so they can, you know, ship your package to your home and charge your credit card.
2. 99.99% of all users probably want to be emailed tracking information or payment confirmation information. Adding such a checkbox only adds friction to their funnel in order to please an incredibly small minority of people using their site.
Thanks for that . A couple of things: 1. I don’t think an E-mail address is really necessary in order to ship a package or charge a credit card. 2. Friction and convenience used to be acceptable reasons to collect personal info without consent but maybe that’s starting to change. I highly doubt the 99.99% figure but having no data of my own I won’t dispute it. I trust that you have seen such an opt-in rate for sharing E-mail addresses in your past user research.
> I don’t think an E-mail address is really necessary in order to ship a package or charge a credit card.
For credit cards, no it's not (but would be for pay-later, PayPal perhaps, Alipay, AmazonPay, maybe).
For shipping, most shipping companies have the option to handle the customer communication. When creating an order you provide them an email address and/or phone number, and they will send notifications. Many use these channels to provide the user the ability to reschedule deliveries, select delivery windows, change their delivery address, etc. This process is often also white-labelled so you may not realise that it's actually with the delivery company.
These details are not stored long term, only for the purposes of doing the delivery, any applicable returns process, and any insurance claims, etc.
It is possible to not do this, but assuming the retailer wishes to provide the same level of communication it means a much deeper level of integration, as tracking data needs to be ingested by the retailer. Given the industry has no standards for this, and "integrations" are SFTP + cron jobs once a day + CSVs, this can be pretty difficult, error prone, and result in a poor UX where you don't actually have the granularity of data to send an email when the package has been delivered.
> Friction and convenience used to be acceptable reasons to collect personal info without consent but maybe that’s starting to change.
We have found that it is within the user's expectation that we will share contact details to the third parties necessary to complete their order in this manner. It's in our privacy policy that we do this. We also check that all of our suppliers understand their GDPR responsibilities.
This data is shared for the legitimate interests of the customer. You've bought something and asked to a) pay for it, and b) have it delivered. I think it's reasonable to expect that the companies involved in this can contact you for the purposes of fulfilling your request.
This is all done under GDPR. The companies hold the data only for as long as they need, for the purposes explicitly requested by the user. This will all be included in privacy policies.
> It also seems that you could set up your own relay allowing those providers to contact your customers.
This might be technically possible, but introduces many concerns such as deliverability and spam ratings. Relaying email in this way is non-trivial when you're doing it at scale. For services sending ~100k emails a month or more, this requires careful planning because it's very easy to become filtered as spam.