What is data privacy and why is this important for ecommerce?...

If you have ever sold goods by phone or a website, paid using payment terminals or internet banking, or delivered products or services through social networks (Facebook, Instagram, etc.,) then you have most likely done ecommerce. Covid-19 has shown almost everyone that it’s time for businesses to have an online presence. 

Although not a novelty, ecommerce has particularities and requirements that must be taken into account to properly operate, most of them related to data privacy. Sanctions for non-compliance to some of those requirements can lead to fines of tens of thousands of dollars or even temporary suspension of the business. 

In this article, we deep-dive into the connection between ecommerce and data privacy, and why this is of utmost importance when setting up an online business – the three aspects described below are the most important ones to consider.

What is data privacy?

The protection of personal data is a fundamental right also enshrined in the Treaty of Lisbon. The Charter of Fundamental Rights of the European Union states that Everyone has the right to the protection of personal data concerning him or her. Such data must be processed correctly, for the purposes specified and on the basis of the consent of the person concerned or on the basis of another legitimate reason given by law. Everyone has the right of access to data collected concerning him or her and the right to obtain rectification thereof. 

These rights apply to all persons, regardless of nationality or place of residence. The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of health are permitted only with the express consent of the persons concerned if national law so permits.

Why is data privacy important when migrating a physical store online?

Simply creating the website and displaying the goods for sale is not a sufficient condition for a legal trade. Now more than ever, the development of wireless networks involves wireless users in a very dynamic and nomadic environment. Users are required to access “home” resources transparently and securely from Internet cafes, airports, shopping malls and other companies. 

A way to guarantee the privacy of personal and sensitive data is to anonymize it. Anonymization refers to the process of irreversibly transforming data to prevent the re-identification of individuals. This means that if a company releases an anonymized dataset, it’s theoretically impossible to re-identify a person from it, either directly or indirectly. Anonymization represents the highest form of privacy protection. However, perfect anonymity of data is rarely achieved, as it would render the data almost useless.

Generally speaking, the webpage of any online seller should include a few key pieces of information that modern times have made a must-have. A strong solution to these requirements must be able to meet the following security requirements:

• Confidentiality: protects the content of transactions against unauthorized reading by persons other than the receivers specified by the sender.
• Authentication: allows the recipient of a message to securely determine the sender’s identity.
• Data integrity: in the network, it provides the receiver of a transaction with the certainty that the received message is identical to the message sent by the sender.
• Prevention of non-recognition of the transaction by the sender (Non-Repudiation) – guarantees the integrity and origin of the transactions from the point of view of the sender and not of the recipient. 
• Selective application of some services: it is often necessary to cover parts of the transactions, for example, those containing the credit card number of a customer. This must not be clear to the seller.
• Electronic signature in electronic commerce: the end of this century was dominated by the computer revolution on the Internet, considered to be the third industrial revolution. The essential element of change is to replace paper and handwritten signatures with new services adapted to the new information society. At present, electronic key cryptographic systems are used for electronic signatures in ecommerce transactions. This type of signature has the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation under which it was created. Take a look at our data regulations article to see how those laws differ from country to country. 

A final note on data privacy and ecommerce

The confidence and future of ecommerce in high-security conditions depends on the evolution of the electronic signature. The scalability and reliability of the secure file transfer protocol (SFTP) application depend on the communication speed of the existing protocol implementations, the power of the database engines, the security of the physical connections, etc. Ecommerce is a growing field worldwide, thanks to the special facilities it offers to business partners and the technological advances that make it possible to use it, and every online business owner should be aware of and apply the right data privacy legislations to the website and protect the customers’ information. 

Written by Sorana Gheorghiade

Sorana takes care of VTEX’s marketing content. She is passionate about the success stories of our customers and the innovative solutions we bring to their businesses.