Online shopping is convenient and easy, but it can also lead to a lot of unwanted mail and catalogs from companies you have never heard of. How do they get your details, and how can you stop them?

The data-broking business

When you buy something online, you may not realize that you are also giving away your data to third parties. Some online retailers may share or sell your name, email, postal address, or phone number to data brokers. These are companies that collect, analyze, and trade personal information for various purposes, such as marketing, profiling, or credit scoring.

Data brokers can use your data to create detailed profiles of your interests, preferences, habits, and behaviors. They can also combine your data with other sources, such as public records, social media, or surveys. They can then sell these profiles to other companies that want to target you with ads, offers, or catalogs.

According to the Information Commissioner’s Office (ICO), the UK’s data protection authority, data brokers must comply with the UK data protection laws, such as the General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This means they must inform you about their purpose and legal basis for processing your data and obtain your consent or legitimate interest in doing so.

However, the ICO also warns that some data brokers may not be transparent or fair about their practices and may use your data in ways that you are not aware of or do not agree with. For example, they may use your data for profiling or automated decision-making, which could affect your access to products, services, or opportunities.

How do you protect your privacy?

If you are concerned about your privacy and want to stop receiving junk mail from online shopping, there are some steps you can take to limit the amount of data you share and control how it is used.

• Read the privacy notices and terms and conditions of the websites you use. Before you buy something online, make sure you understand how the website will use your data and who they will share it with. Look for options to opt out of marketing communications or data sharing. If you are not happy with their policies, do not use their services or look for alternatives.
• Use a separate email address for online shopping. This way, you can avoid spamming your main email account with unwanted messages. You can also use a disposable email service that generates a temporary email address for each transaction. This will prevent data brokers from linking your purchases to your identity or other data sources.
• Register with the Mailing Preference Service (MPS). This is a free service that allows you to opt out of receiving unsolicited mail from companies that are members of the Direct Marketing Association (DMA). You can register online or by phone, and you can choose which types of mail you want to stop or receive. However, this service does not cover mail from companies that you have already given your consent to or from companies that are not members of the DMA.
• Contact the senders of the junk mail directly. If you receive mail from companies that you have never heard of or have no interest in, you can contact them and ask them to remove you from their mailing list. You can also ask them how they got your details and which data broker they used. You have the right to request this information under the UK data protection laws. You can also complain to the ICO if you think they have breached the law or your rights.
• Use a shredder or a recycling bin. If all else fails, you can always dispose of the unwanted mail safely and responsibly. You can use a shredder to destroy any mail that contains your personal or financial information, such as your name, address, or account number. This will prevent identity theft or fraud. You can also use a recycling bin to get rid of any mail that does not contain sensitive data, such as catalogs or flyers. This will help the environment and reduce waste.

The Future of Data Protection

The ICO is currently investigating the data broking sector and its compliance with UK data protection laws. In 2020, it issued an enforcement notice to Experian, one of the largest data brokers in the world, ordering it to make changes to its data processing practices. The ICO found that Experian was processing personal data without people’s knowledge or consent and was providing it to third parties for marketing purposes.

The ICO also published a report on the data broking industry, highlighting the risks and challenges it poses to people’s privacy and rights. The report calls for more transparency, accountability, and fairness from data brokers and more awareness, choice, and control for consumers.

The ICO says it will continue to monitor and regulate the data-broking sector and take action against any breaches or violations. It also advises consumers to be vigilant and proactive about their data protection and to exercise their rights and options.