Privacy Shield Invalidated: Commonly Asked Questions and What This Means for Nosto-powered Merchants

Privacy Shield Invalidated: Commonly Asked Questions and What This Means for Nosto-powered Merchants

Disclaimer: The content in this post is not – and should not be interpreted as – legal advice. For detailed information regarding the data transfers and GDPR, please seek legal counsel.

All transfers of personal data from the EU to anywhere outside of the EU must be protected by means approved by the European Commission. On the 16th July 2020, the Court of Justice of the EU (CJEU) decided to remove one of those means by invalidating what is known as the Privacy Shield- the Commission adequacy decision underlying the EU-US Safe Harbour arrangement (Case C-311/18, “Schrems II”). The Privacy Shield has been a common arrangement for allowing transfers of personal data from the EU to the US.

If you’re an ecommerce retailer wondering how the Schrems II decision impacts your business, here is a brief overview of commonly asked questions regarding the Privacy Shield invalidation and how Nosto continues to safeguard data for merchants.



Personal Data Within the Nosto Service

The personal data within the Nosto service is currently stored at the Amazon Web Services (AWS) data centre in North Virginia, US. As the personal data is located outside of the EU, we have naturally evaluated and decided upon the appropriate mechanisms for such transfers of personal data.

Despite the invalidity of Privacy Shield, there are still other legitimate mechanisms for transferring EU data to the US. The so-called standard contractual clauses (SCCs) issued by the European Commission are widely used across all industries and that is also what we have and will continue to rely upon with AWS. In a practical sense, the Schrems II decision has not impacted how we transfer the personal data we process on behalf of our customers. However, we have and will continue to keep a close eye on all developments in this area.



Privacy Shield Invalidation FAQs

Q: I heard that the Privacy Shield was shot down. What is Nosto doing to fix things?

A: Yes, the Privacy Shield was invalidated, but there are other means for legitimate transfers of EU personal data to other countries. Instead of Privacy Shield, Nosto has and will continue to rely on Standard Contractual Clauses.

Q: Where do you store my customer’s personal data and how can you be sure the transfer is legal now that Privacy Shield no longer exists?

A: We store the personal data at the Amazon Web Services data centre in North Virginia, US. We apply the Standard Contractual Clauses (as issued by the EU commission) for those transfers, so Privacy Shield has not had an impact on our transfers to AWS.

Q: I want my data to be in Europe. Will you be moving it here?

A: We are keeping a close eye on any developments in the area of privacy, especially in the aftermath of the Schrems II decision. However, as affirmed in the said decision, the Standard Contractual Clauses (as issued by the EU commission) afford adequate protection for personal data transferred outside of the EU.

Q: I don’t know much about privacy. I think my company is the data “Controller”, but how does that impact what I do with Nosto?

A: You are correct, when it comes to personal data, it is also important to distinguish between the different roles and responsibilities related to the processing of such data. A ‘Controller’ is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Whereas a ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. In the Nosto Service, the customer is the Controller and Nosto is in the role of the Processor.

The Schrems II decision puts Controllers in a position where they have to ensure that none of the processing of personal data on their behalf relies on Privacy Shield. As for the data processed on Nosto’s customers’ behalf in the Nosto Service, we can confirm that Nosto has not applied the Privacy Shield mechanism and that the Schrems II decision has no direct impact on such processing.



Didn’t find an answer to your question regarding the Privacy Shield invalidation or the handling of your personal data?

If you’re a Nosto-powered merchant, reach out to your Customer Success Manager for more information regarding the Privacy Shield invalidation. If you’d also like to review additional information regarding data privacy controls , check out Nosto’s data privacy overview.

Explore more articles

30% of Holiday Shoppers to Spend More if Their Chosen Presidential Candidate Wins, Research Reveals
Ecommerce 30% of Holiday Shoppers to Spend More if Their Chosen Presidential Candidate Wins, Research Reveals

Amazon is the top source for seasonal gift ideas, but this year shoppers will also start asking for tips from the likes of ChatGPT and Google Gemini  Nearly a third 1(30%) of US consumers will spend more this holiday shopping season if they get the confidence boost of seeing their chosen candidate voted in as […]

Read more
Nosto’s Future of Work Policy: Providing flexible working options for all employees
Culture Nosto’s Future of Work Policy: Providing flexible working options for all employees

At the start of the pandemic, Nosto – like many companies – quickly switched to a fully work-from-home arrangement, and soon witnessed the benefits and challenges that came with this. Better work-life balance was accompanied with feelings of isolation. Time saved from commuting came with decreased quality of coworker relationships.  As we began to think […]

Read more
How Oh Polly Drives Ecommerce Success with Nosto: Insights from eCommerce Expo 2024
Ecommerce How Oh Polly Drives Ecommerce Success with Nosto: Insights from eCommerce Expo 2024

At eCommerce Expo 2024, Nosto client and womenswear brand, Oh Polly, took the stage to discuss how AI-powered personalization and automated merchandising have transformed the brand’s online store and impacted its ecommerce team.  Millicent Morgan, Senior Marketing Manager EMEA/APAC at Nosto, moderated the conversation with Lauren Muir, Product Manager at Oh Polly, and Phil Gregory, […]

Read more
Peak season pulse: unwrapping shopper intentions for the 2024 holiday season
Ecommerce Peak season pulse: unwrapping shopper intentions for the 2024 holiday season

Get ahead of the competition with our exclusive research report, revealing key shopper intentions based on over 2,000 consumers for the 2024 holiday season.

Read more