The Home Depot Faces Criticism after Sharing Customer Data: Let's Talk Consent in the Digital Age

Data can be a point of contention in today’s digital world. As customers spend more of their days, and lives, online, they are faced with decisions over how they engage with brands and how much of themselves they are willing to share.

In 2023, it has become increasingly difficult to do anything online without granting brands access to our activity. By searching for a product or browsing a company's website, customers are directly, and indirectly, sharing their personal data. 

This exchange is largely recognized, but not necessarily widely accepted. Many customers know that they are sharing information, but beyond this surface-level recognition, a large percentage of customers lack a deep understanding of how their data is actually being used.

Alternatively, in the customer service space leaders often hail data as king. To deliver better experiences and interactions that feel personalized and meaningful for customers, brands rely on data. Leveraging customer preferences, identifying their history with the brand and delivering a seamless interaction all hinge upon access to granular data.

Therefore, from the brand’s perspective, this data exchange is favorable for customers — to a point. When it feels like boundaries are crossed, however, high levels of personalization feel less and less worth it to data-conscious customers. 

This argument came to a head recently in a case against home improvement retailer, The Home Depot. 

The Home Depot and the Case of ‘Implied Consent’

The Home Depot Canada recently came under fire after a customer found the retail chain had shared details of his in-store purchases with social media and tech conglomerate, Meta. According to an investigation by the Federal Privacy Commissioner, the retailer routinely shared customer data with Meta without proper consent. 

The Home Depot was leveraging Meta’s “Offline Conversations” feature, used to measure the effectiveness of Facebook advertisements. Here’s how it worked: when customers provided their email address in-store with the intention of receiving an e-receipt, the retailer forwarded a limited version of their email address and a summary of their purchase to Meta. While the data was limited to vague categories of items purchased, the retailer did not notify customers that it would be using or sharing this information when customers provided their email.

With this information, Meta would match the respective email addresses of Facebook users to create aggregated reports analyzing the effectiveness of The Home Depot’s ads on the platform. 

Philippe Dufesne, Privacy Commissioner of Canada, stated that The Home Depot’s activities were in clear breach of the Federal Personal Information Protection and Electronic Documents Act. He argued that because “It is unlikely that Home Depot customers would have expected that their personal information would be shared with a third party social media platform simply because they opted for an electronic receipt,” the brand did not obtain valid and meaningful consent.

In their response, The Home Depot argued that they were relying on ‘implied consent’ and cited ‘consent fatigue’ as the reason for not explicitly sharing this information with customers. In their official statement the brand said, “We value and respect the privacy of our customers and are committed to the responsible collection and use of information. We’ll continue to work closely with the Office of the Privacy Commissioner of Canada.”

The Problem with Data Consent

Consent is a tricky concept in the digital era. Although most customers know that brands are collecting data, many are not aware of the specific details they are collecting and the primary use of this insight. 

In fact, a majority of Americans are unaware of many aspects of data usage and are less than trusting of the brands they engage with online. In a new study, ‘Americans Can’t Consent To Companies’ Use of Their Data’, Researchers from the University of Pennsylvania argue that their findings “paint a picture of an unschooled and admittedly incapable society that rejects the internet industry’s insistence that people will accept tradeoffs for benefits...”

At the core of their argument, the researchers state that customers are underprepared and unaware of the commercial use of their data. With a 17 question test on consumer data security, the study was able to shine light on this lack of data literacy. True or False questions covering things like online behavior, smart technology on TV’s and IoT devices and facial recognition technologies tested the participants' knowledge of basic corporate and governmental internet practices. The results were grim — 77% of the 2,000 participants failed the test and only one participant received an “A” grade. 

But, this should not necessarily come as a surprise. Americans are admittedly not confident in their knowledge and protection of their online data. The study asked participants about their level of control over their data and here’s what the research found:

• 80% of Americans say they have little control over how marketers can learn about them online
• 80% agree that what companies know about them from their online behavior can harm them
• 28% trust that companies they visit online will handle their data the way they would want their data to be handled
• 80% believe that they would be naive to think that they can reliably protect their personal data online

These numbers represent an overwhelmingly negative view of data protection. Customers not only feel that they currently have little control over how companies are using their data, they feel they have no way forward in terms of reliably protecting and safeguarding their data in the future.

Further, customers have little faith in how companies will actually handle their data. While organizations paint their data collection and analysis practices as mutually beneficial, many customers don’t see it that way. In fact, 88% of participants disagreed with the statement “If companies give me a discount, it is a fair exchange for them to collect information about me without my knowing it.”  

Transparency, then, will be critical if brands want to recoup customer confidence in their data practices.

Data Protection in the Digital Age

The case of The Home Depot sharing customer data with Meta perfectly exemplifies the concerns of this study. By claiming implied consent, it seems The Home Depot was disregarding customers’ lack of awareness and leveraging unauthorized tactics to improve marketing strategies.

While it may not necessarily have purposefully kept this information private, the brand ultimately misled customers into thinking their information was solely being collected as a means to receive their virtual receipt. 

When considering the current gaps in customer knowledge about data policies, it is easy to understand why The Home Depot’s data sharing activities flew under the radar for years. And, it is cases like these that will keep customers out of the loop.

Unfortunately, it seems as though instances of this nature have caused customers to become highly skeptical of data practices. And, the more brands continually keep vital information from customers and lean on arguments like ‘implied consent’, the more we will see customer trust diminish. 

To actively improve experiences, companies need data. But obtaining and using that data in an ethical and transparent way is just as important as the end result. Therefore, companies must ensure they are treating data privacy as a mission critical priority moving forward.

Main image by rupixen.com

Second image by Andrea Piacquadio