Untying the knot — GDPR and wedding gift lists

In an interview for Lexis®PSL IP&IT, Head of Intellectual Property Simon Miles explains an issue that will give lawyers cause to consider both technical compliance and broader questions of human rights and privacy.

What risk to personal privacy do commercial online gift registries and wish lists represent?

The main risk for list owners is the ease with which these lists can be publicly accessed. On many prominent UK retailer websites, anyone can search for or even just accidentally stumble across someone’s gift list, by simply searching for one named party (including name variations) or the date of an event.

Gift lists often provide a wide-ranging snapshot of people’s private lives and personal tastes, which could potentially provide a resource to facilitate identity fraud or profiling, even though this would not strictly constitute personal data in the legal sense (as the prominent inclusion of say, a preferred style of crockery would not necessarily allow someone to be personally ‘identified’). There is scope for the contents of these lists to come within the scope of the legislation as ‘personal data’, as someone’s book choices on the list could indirectly indicate their religious or political beliefs, which constitute sensitive ‘special categories’ of data under the GDPR Regulation (EU) 2016/679. Such data is normally afforded stricter protections and safeguards under the legislation, but this will normally be negated if the data has already been made manifestly public (by publication online)…

To read the full interview, please click here.