Wed, Apr 17th 2024
The Swiss online giant, Digitec Galaxus, faces criticism from the Federal Data Protection Commissioner for not adhering to customer data standards.
The Federal Data Protection Commissioner (Edöb) has criticized the online retailer Digitec Galaxus for its handling of customer data. Among other things, the company violated the principle of proportionality by forcing customers to create an account.
The data protection officer Adrian Lobsiger announced on Wednesday that, following an extensive investigation, he had come to the conclusion that the obligation to create “a customer account for processing the order” at Digitec Galaxus was contrary to the principle of proportionality.
The Edöb therefore suggested that the online retailer offers a purchase without registration, i.e. a so-called guest purchase. Digitec Galaxus has accepted this recommendation and will submit proposals soon.
Lobsiger also demanded that the online store adapt its data protection processing so that it is clear which data is processed and passed on for which purposes.
Edöb recommends that the company adapt its privacy policy so that it does not include any data processing “on reserve”. Only data processing that has actually taken place should be listed. Digitec Galaxus has rejected this recommendation.
In March 2020, the Data Protection Officer was informed by a data subject that Digitec Galaxus AG customers must consent to all data processing in the privacy policy in order to place an order.
When a customer subsequently wanted to object to the storage and forwarding of her data and its analysis, she was refused by customer service. Due to further requests received from citizens and an initial response from Digitec Galaxus, the data protection officer opened a so-called fact-finding investigation in 2021.
Digitec Galaxus is part of the Migros Group and, according to Edöb, is the largest online department store in Switzerland.
©Keystone/SDA