Ben Brody, Protocol:
Here’s the thing though: I can’t remember ever having checked out at any of these merchants using my work email address, much less using it to sign up for marketing. A search of my account didn’t turn up any records. Annoyed with the most insistent emailers, I reached out to the sellers who reached out to me — except, as a reporter rather than as a customer — to figure out what was going on.
I wanted to know how all these merchants had gotten my professional contact info. What I discovered was both unsurprising in today’s world of relentless online marketing and aggressive consumer data sharing, and also a bit disquieting. It also had less to do with these small shops than I might have expected: Square’s parent company, Block, was selling access to customers’ inboxes, even if all we do is elect to receive a receipt from a single transaction (more on that below).
At the very least, this backroom marketplace of privacy violations is not what a customer would or should expect when they choose to get their receipt by email instead of a printed copy. Square is merely facilitating the transaction between me and that business; generating an entire email capture and resale market from its strategic placement is a breach of trust.
Brody points to the Square profile page where you can exercise more control and request a copy of your data. Square keeps profiles separate, so if you have used two different email addresses and a phone number, you will likely have three different profiles unless you have previously linked them. Still, this should not be something everyone should be expected to manage, and I bet Square is not the only point-of-sale company doing this sort of thing.