You don't need consent if the data is being collected for a specific purpose. It's not clear cut, but IMHO cart abandonment would be acceptable. The user has entered their email on your cart, signifying their intention to make a purchase, and cart abandonment email is just following up from that.
Say you phoned a company to enquire about some new windows and receive an estimate, if they call you back a few days later you wouldn't be that surprised. However you wouldn't want them to phone you every month until you buy from them, or to give/sell your phone number to another company without consent (maybe you need roofing too?).
> You don't need consent if the data is being collected for a specific purpose. It's not clear cut, but IMHO cart abandonment would be acceptable. The user has entered their email on your cart, signifying their intention to make a purchase, and cart abandonment email is just following up from that.
This is based of an assumption that cart abandonment is some sort of mistake. What I would guess usually happens (based on my experience with shopping online) is that stopping just one step shy of actual payment is the only way for the customer to get the total cost of orders, that includes discounts and shipping costs. When I close the page at this point, it doesn't mean I got distracted - it means that once I finally got to see the actual costs, I decided not to proceed.
> Say you phoned a company to enquire about some new windows and receive an estimate, if they call you back a few days later you wouldn't be that surprised.
I wouldn't be surprised, but I wouldn't be happy about it either. If I asked for an estimate, I asked because you didn't publish the costs up-front, and I need them to make my decision (whether by comparing with my budget, or the price offered by competition). If I wanted to buy from you, I'd call again.
You would need to show that a person entering their email into an input expected that email to be stored by the other party without submitting the form.
It was my understanding that the “specific purpose” had to be “the technical functioning of the site or service” (and also any transactional mail, like sending order receipts), not literally any specific purpose. Selling your details to the highest bidder is a specific purpose after all.
If the company calling you back isn’t unsolicited (ie I asked them to or they told me they would and I said OK), then its an expected part of the interaction. Cart abandonment emails are not expected or even necessary (from the customers point of view). If I called a company and they called me back days later, without telling me they would or asking if I mind, I would absolutely report them for that too. (At least in my country, data protection says they can’t do this)
Cart abandonment is just like any other marketing and honestly, I report any cart abandonment emails I receive as GDPR violations to my local data protection commission.
You are correct, the consent exceptions are only for functionality vital to the operation of the site, such as a cookie to store your shopping cart - not for marketing in any form.
Say you phoned a company to enquire about some new windows and receive an estimate, if they call you back a few days later you wouldn't be that surprised. However you wouldn't want them to phone you every month until you buy from them, or to give/sell your phone number to another company without consent (maybe you need roofing too?).