"Protecting cross-border flows of data is incredibly important to global retail operations and the invalidation of the Privacy Shield creates operational and legal challenges."NRF President and CEO Matthew Shay
WASHINGTON – How to legally transfer customer and employee data across the Atlantic now that the EU-U.S. Privacy Shield has been invalidated by the European Union’s highest court was a key issue of discussion as EuroCommerce and the National Retail Federation held their latest Retailer Exchange Meeting this week.
“Retailers have a long history of nurturing customer relationships and meeting consumer expectations,” NRF President and CEO Matthew Shay said. “The safekeeping and responsible use of consumer data to improve the shopping experience is indispensable to the trust retailers earn with their customers. At no time in history has that trust been at a greater premium than in the current environment with the pandemic, when retailers have accelerated their digital relationships with customers to serve them in new ways during these challenging times. Protecting cross-border flows of data is incredibly important to global retail operations, and the invalidation of the Privacy Shield creates operational and legal challenges for retailers to seamlessly serve their European customers and maintain their workforces in EU member states. We are prepared to work with EuroCommerce to provide constructive input on these issues toward a pragmatic and workable solution that ensures the continued free flow of transatlantic data.”
“Data is the lifeblood of retail, both in its relations with its supply chains, ensuring that the goods which people need find their way onto shelves at the right time and the right quantities, but also in respect of its customers, to ensure that it serves their needs and gains insights into constantly changing consumer expectations,” EuroCommerce Director-General Christian Verschueren said. “The increasing digitalization of these processes, the development of the Internet of Things, the use of AI, robotization and technologies such as blockchain have transformed how retailers do business. This has been accompanied by the rapid shift, accelerated by the impact of the COVID-19 pandemic, to online and omnichannel purchases, which has further underlined the importance of data to our sector. This means, in turn, that data needs to be able to move across borders efficiently, and where personal data is involved, to be handled in a way which engenders trust and ensures that customers can be confident that their data is properly protected and used responsibly.”
The Privacy Shield was agreed to by the European Commission and the U.S. Department of Commerce in 2016 to replace the 15-year old Safe Harbor agreement for transatlantic data flows that had been invalidated in 2015 in the Schrems decision by the European Court of Justice, the EU’s highest court. In its Schrems II decision this summer, the same court struck down the Privacy Shield after just four years, leaving the transfer of data under the program in legal limbo. The ruling assured the validity of existing European Commission-approved standard contractual clauses, or SCCs, that serve as an alternative transfer mechanism for businesses, but set additional conditions on their use that calls into question the continued reliance on SCCs by global retailers.
EuroCommerce and NRF normally meet in person in Brussels but met virtually on Wednesday and Thursday because of the pandemic. The organizations’ members addressed the Privacy Shield and other issues among themselves, with experts from outside companies and with senior EU officials including Justice Commissioner Didier Reynders, who is responsible for data protection.
At the meeting, NRF and EuroCommerce members agreed to continue and strengthen their cooperation in the coming year through joint work and dialogue focusing on a number of key issues with major implications for transatlantic data flows and for the retail sector, including:
- European Commission work on the modernization of standard contractual clauses
- EU policymakers’ and the U.S. Commerce Department consideration of a successor to the Privacy Shield
- The work of the European Data Protection Board on guidance for additional safeguards for EU data outside its borders
Separately, members also agreed to work together to address solutions to current issues in connection with payments.
The two organizations have worked together on data issues for the last five years and in 2018 jointly issued a Retail Approach to Implementing Critical Elements of the GDPR.
The National Retail Federation, the world’s largest retail trade association, passionately advocates for the people, brands, policies and ideas that help retail thrive. From its headquarters in Washington, D.C., NRF empowers the industry that powers the economy. Retail is the nation’s largest private-sector employer, contributing $3.9 trillion to annual GDP and supporting one in four U.S. jobs — 52 million working Americans. For over a century, NRF has been a voice for every retailer and every retail job, educating, inspiring and communicating the powerful impact retail has on local communities and global economies.
EuroCommerce is the principal European organisation representing the retail and wholesale sector. It embraces national associations in 31 countries and 5.4 million companies, both leading global players such as Carrefour, Ikea, Metro and Tesco, and many small businesses. Retail and wholesale provide a link between producers and 500 million European consumers over a billion times a day. It generates 1 in 7 jobs, providing a varied career for 29 million Europeans, many of them young people. It also supports millions of further jobs throughout the supply chain, from small local suppliers to international businesses. EuroCommerce is the recognised European social partner for the retail and wholesale sector.