Privacy Shield Invalidated: Commonly Asked Questions and What This Means for Nosto-powered Merchants

Privacy Shield Invalidated: Commonly Asked Questions and What This Means for Nosto-powered Merchants

Disclaimer: The content in this post is not – and should not be interpreted as – legal advice. For detailed information regarding the data transfers and GDPR, please seek legal counsel.

All transfers of personal data from the EU to anywhere outside of the EU must be protected by means approved by the European Commission. On the 16th July 2020, the Court of Justice of the EU (CJEU) decided to remove one of those means by invalidating what is known as the Privacy Shield- the Commission adequacy decision underlying the EU-US Safe Harbour arrangement (Case C-311/18, “Schrems II”). The Privacy Shield has been a common arrangement for allowing transfers of personal data from the EU to the US.

If you’re an ecommerce retailer wondering how the Schrems II decision impacts your business, here is a brief overview of commonly asked questions regarding the Privacy Shield invalidation and how Nosto continues to safeguard data for merchants.



Personal Data Within the Nosto Service

The personal data within the Nosto service is currently stored at the Amazon Web Services (AWS) data centre in North Virginia, US. As the personal data is located outside of the EU, we have naturally evaluated and decided upon the appropriate mechanisms for such transfers of personal data.

Despite the invalidity of Privacy Shield, there are still other legitimate mechanisms for transferring EU data to the US. The so-called standard contractual clauses (SCCs) issued by the European Commission are widely used across all industries and that is also what we have and will continue to rely upon with AWS. In a practical sense, the Schrems II decision has not impacted how we transfer the personal data we process on behalf of our customers. However, we have and will continue to keep a close eye on all developments in this area.



Privacy Shield Invalidation FAQs

Q: I heard that the Privacy Shield was shot down. What is Nosto doing to fix things?

A: Yes, the Privacy Shield was invalidated, but there are other means for legitimate transfers of EU personal data to other countries. Instead of Privacy Shield, Nosto has and will continue to rely on Standard Contractual Clauses.

Q: Where do you store my customer’s personal data and how can you be sure the transfer is legal now that Privacy Shield no longer exists?

A: We store the personal data at the Amazon Web Services data centre in North Virginia, US. We apply the Standard Contractual Clauses (as issued by the EU commission) for those transfers, so Privacy Shield has not had an impact on our transfers to AWS.

Q: I want my data to be in Europe. Will you be moving it here?

A: We are keeping a close eye on any developments in the area of privacy, especially in the aftermath of the Schrems II decision. However, as affirmed in the said decision, the Standard Contractual Clauses (as issued by the EU commission) afford adequate protection for personal data transferred outside of the EU.

Q: I don’t know much about privacy. I think my company is the data “Controller”, but how does that impact what I do with Nosto?

A: You are correct, when it comes to personal data, it is also important to distinguish between the different roles and responsibilities related to the processing of such data. A ‘Controller’ is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Whereas a ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. In the Nosto Service, the customer is the Controller and Nosto is in the role of the Processor.

The Schrems II decision puts Controllers in a position where they have to ensure that none of the processing of personal data on their behalf relies on Privacy Shield. As for the data processed on Nosto’s customers’ behalf in the Nosto Service, we can confirm that Nosto has not applied the Privacy Shield mechanism and that the Schrems II decision has no direct impact on such processing.



Didn’t find an answer to your question regarding the Privacy Shield invalidation or the handling of your personal data?

If you’re a Nosto-powered merchant, reach out to your Customer Success Manager for more information regarding the Privacy Shield invalidation. If you’d also like to review additional information regarding data privacy controls , check out Nosto’s data privacy overview.

Explore more articles

BFCM Holiday Shopping Statistics 2024
Ecommerce BFCM Holiday Shopping Statistics 2024

The frenzy of Cyber weekend 2024 has now passed! And we’ve wrapped up our annual breakdown of ecommerce performance. Analyzing over a hundred million website visits to over a thousand Nosto-powered stores, here’s your breakdown of how retail’s most anticipated weekend looked for ecommerce this year. Overall weekend performance Percentages represent year-on-year increases and decreases. […]

Read more
What’s New in Nosto: Enriching Product Recommendations with User-Generated Content
Product updates What’s New in Nosto: Enriching Product Recommendations with User-Generated Content

User-generated content (UGC) is becoming all the more important for ecommerce brands to nurture trust and influence shopping decisions. In fact, in a survey last year, 92% of ecommerce marketers stressed how UGC influences purchasing decisions—with 85% saying it’s now critical to their business. While Nosto’s long enabled brands to showcase UGC across their stores, […]

Read more
30% of Holiday Shoppers to Spend More if Their Chosen Presidential Candidate Wins, Research Reveals
Ecommerce 30% of Holiday Shoppers to Spend More if Their Chosen Presidential Candidate Wins, Research Reveals

Amazon is the top source for seasonal gift ideas, but this year shoppers will also start asking for tips from the likes of ChatGPT and Google Gemini  Nearly a third 1(30%) of US consumers will spend more this holiday shopping season if they get the confidence boost of seeing their chosen candidate voted in as […]

Read more
Nosto’s Future of Work Policy: Providing flexible working options for all employees
Culture Nosto’s Future of Work Policy: Providing flexible working options for all employees

At the start of the pandemic, Nosto – like many companies – quickly switched to a fully work-from-home arrangement, and soon witnessed the benefits and challenges that came with this. Better work-life balance was accompanied with feelings of isolation. Time saved from commuting came with decreased quality of coworker relationships.  As we began to think […]

Read more