Privacy Shield Invalidated: Commonly Asked Questions and What This Means for Nosto-powered Merchants

Privacy Shield Invalidated: Commonly Asked Questions and What This Means for Nosto-powered Merchants

Disclaimer: The content in this post is not – and should not be interpreted as – legal advice. For detailed information regarding the data transfers and GDPR, please seek legal counsel.

All transfers of personal data from the EU to anywhere outside of the EU must be protected by means approved by the European Commission. On the 16th July 2020, the Court of Justice of the EU (CJEU) decided to remove one of those means by invalidating what is known as the Privacy Shield- the Commission adequacy decision underlying the EU-US Safe Harbour arrangement (Case C-311/18, “Schrems II”). The Privacy Shield has been a common arrangement for allowing transfers of personal data from the EU to the US.

If you’re an ecommerce retailer wondering how the Schrems II decision impacts your business, here is a brief overview of commonly asked questions regarding the Privacy Shield invalidation and how Nosto continues to safeguard data for merchants.



Personal Data Within the Nosto Service

The personal data within the Nosto service is currently stored at the Amazon Web Services (AWS) data centre in North Virginia, US. As the personal data is located outside of the EU, we have naturally evaluated and decided upon the appropriate mechanisms for such transfers of personal data.

Despite the invalidity of Privacy Shield, there are still other legitimate mechanisms for transferring EU data to the US. The so-called standard contractual clauses (SCCs) issued by the European Commission are widely used across all industries and that is also what we have and will continue to rely upon with AWS. In a practical sense, the Schrems II decision has not impacted how we transfer the personal data we process on behalf of our customers. However, we have and will continue to keep a close eye on all developments in this area.



Privacy Shield Invalidation FAQs

Q: I heard that the Privacy Shield was shot down. What is Nosto doing to fix things?

A: Yes, the Privacy Shield was invalidated, but there are other means for legitimate transfers of EU personal data to other countries. Instead of Privacy Shield, Nosto has and will continue to rely on Standard Contractual Clauses.

Q: Where do you store my customer’s personal data and how can you be sure the transfer is legal now that Privacy Shield no longer exists?

A: We store the personal data at the Amazon Web Services data centre in North Virginia, US. We apply the Standard Contractual Clauses (as issued by the EU commission) for those transfers, so Privacy Shield has not had an impact on our transfers to AWS.

Q: I want my data to be in Europe. Will you be moving it here?

A: We are keeping a close eye on any developments in the area of privacy, especially in the aftermath of the Schrems II decision. However, as affirmed in the said decision, the Standard Contractual Clauses (as issued by the EU commission) afford adequate protection for personal data transferred outside of the EU.

Q: I don’t know much about privacy. I think my company is the data “Controller”, but how does that impact what I do with Nosto?

A: You are correct, when it comes to personal data, it is also important to distinguish between the different roles and responsibilities related to the processing of such data. A ‘Controller’ is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Whereas a ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. In the Nosto Service, the customer is the Controller and Nosto is in the role of the Processor.

The Schrems II decision puts Controllers in a position where they have to ensure that none of the processing of personal data on their behalf relies on Privacy Shield. As for the data processed on Nosto’s customers’ behalf in the Nosto Service, we can confirm that Nosto has not applied the Privacy Shield mechanism and that the Schrems II decision has no direct impact on such processing.



Didn’t find an answer to your question regarding the Privacy Shield invalidation or the handling of your personal data?

If you’re a Nosto-powered merchant, reach out to your Customer Success Manager for more information regarding the Privacy Shield invalidation. If you’d also like to review additional information regarding data privacy controls , check out Nosto’s data privacy overview.

Explore more articles

Boosting Ecommerce Success: Key takeaways from NES Midsummer 2024
Ecommerce Boosting Ecommerce Success: Key takeaways from NES Midsummer 2024

This July, we were back with our annual NES Midsummer events in New York and London, celebrating our Nordic heritage and fostering connections with online brands and ecommerce partners alike! This year’s festivities included several engaging panel discussions that delved into the intricacies of customer experience, CLTV, unified commerce, and scaling businesses internationally. Here’s a […]

Read more
Ecommerce Personalization Statistics: The Data Points You Need to Know in 2024
Ecommerce Ecommerce Personalization Statistics: The Data Points You Need to Know in 2024

What is ecommerce personalization? Ecommerce personalization is where online stores customize the shopping experience for individual users based on their behavior, preferences, and other personal data. The goal is to create a more engaging and relevant shopping experience that increases customer satisfaction, sales, and loyalty. Some key ways of using ecommerce personalization are through: 1. […]

Read more
Nosto’s Future of Work Policy: Providing flexible working options for all employees
Other Nosto’s Future of Work Policy: Providing flexible working options for all employees

At the start of the pandemic, Nosto – like many companies – quickly switched to a fully work-from-home arrangement, and soon witnessed the benefits and challenges that came with this. Better work-life balance was accompanied with feelings of isolation. Time saved from commuting came with decreased quality of coworker relationships.  As we began to think […]

Read more
Nosto named in Most Loved Workplaces for LGBTQ+ 2024 and Newsweek’s list of the top 100 global Most Loved Workplaces for 2024
News & Press Nosto named in Most Loved Workplaces for LGBTQ+ 2024 and Newsweek’s list of the top 100 global Most Loved Workplaces for 2024

Leading Commerce Experience Platform (CXP) selected due to openness and transparency, systemic collaboration, and respect for diversity New York, March 19, 2024—Nosto, the leading Commerce Experience Platform (CXP), today announced that it has been ranked in Newsweek’s Top 100 Global Most Loved Workplaces® list, as well as being certified as one of the world’s Most […]

Read more