Be Sure You Are in Compliance with Amazon’s Latest PII Policy Changes
Amazon’s Marketplace Web Service (MWS) is a helpful API that allows its registered users to create their own applications for managing inventory, order data, fulfillment and reporting on the Amazon marketplace. This Amazon MWS API is, essentially, what makes managing your Amazon account from within SellerCloud possible.
While Amazon MWS is freely available to eligible registered sellers, users must comply with specific data protection policy (DPP) terms in order to remain in good standing. A key component of this compliance focuses on how users handle and store personally identifiable information (PII).
What Amazon considers Personally Identifiable Information (PII)
PII is defined by Amazon as information that is specific enough that it can be used to “identify, contact, or locate an individual (e.g., Customer or Seller), or to identify an individual in context.”
This includes specifics such as:
- complete mailing addresses
- phone numbers
- payment details
- purchase histories
PII extends to digital identifiers as well:
- email addresses
- IP addresses
- location data
- internet-connected device data
- MAC addresses
- digital fingerprints
- browser data
Amazon’s latest PII policy states that this information may only be stored as long as necessary to fulfill the relevant orders. There is also now a 30-day limit on PII storage.
It is worth noting that there are exceptions granted for PII that must be stored for regulatory purposes (e.g. tax records or other legally-required documentation). In these cases, PII is expected to be stored both securely and “cold” – in a way that is not immediately accessible by any software or program.
Rest assured, SellerCloud works to ensure that all of our software integrations remain in compliance with their respective services – Amazon MWS included. Our application is available for download on the official Amazon App store. That said, you will need to make sure you are doing your part to handle any PII you collect or already maintain.
A responsible move for Amazon customer privacy
There are plenty of MWS users bemoaning Amazon’s PII policy shift, but there are good reasons for it. While PII data can be valuable to sellers for marketing and customer service efforts, there is little need to retain this type of information.
Data and privacy breaches have become legitimate concerns in today’s world. As a result, digital consumers have become increasingly leery of what happens with their personal information. Amazon has a lot to lose if its user base loses confidence in how effectively their PII is being protected.
Perception matters. Even when customers buy from 3rd party sellers on Amazon, most still consider their transactions to be Amazon purchases. Should a third-party purchase lead to annoyances like unwanted marketing advances or more serious issues like identity theft, the customer is more likely to demand action from Amazon than from the offending seller.
By cracking down on PII retention, Amazon is safeguarding its customers against both solicitation and data vulnerabilities caused by careless third-party sellers. At the same time, Amazon is sending a clear message to sellers that PII is to be used for order fulfillment only.
A smart move for Amazon
Amazon’s third-party seller model hinges on Amazon serving as the ultimate middleman. By making it against the rules to stockpile customer data, Amazon is mitigating the risk of third-party e-commerce businesses leveraging their amassed customer data to market and/or sell directly to consumers (which would potentially cut Amazon out of future transactions).
Each interaction on Amazon – including browsing, surveys, contests, reviews, and completed purchases – produces a wealth of PII data. Amazon uses this data to maximum effect to personalize and optimize its platforms. However, this advantage is made even stronger when sellers aren’t allowed to keep or use it for themselves.
As with most policy shifts, Amazon is banking on the fact that their dominance as a marketplace serving millions of active users will compel sellers to toe the line. After all, Amazon wants it to be clear: all sales on their platform – even those by third-party sellers- are Amazon’s first and foremost. Regardless of the sellers, the customers will always belong to Amazon.
Failure to comply with this PII directive (or any other such policy for that matter) could result in account suspension or termination. Amazon knows that only a small percentage of its third-party e-commerce businesses are diversified or resilient enough to withstand even a temporary loss of access to Amazon customers. Compliance is the only option.
SellerCloud is optimized for compliance
Amazon MWS is a key component of SellerCloud’s effectiveness as an e-commerce management platform for Amazon sellers. Similarly, our positive, long-term relationship with Amazon is something we will never take for granted. As such, we take any change to the MWS DPP very seriously.
We have put in place numerous security safeguards that have been verified through audits by Amazon as well as other partners like Target Plus. This means you can be confident that our platform’s integrations with Amazon meet the strict security and PII requirements set forth by Amazon’s terms of service.
As far as PII is concerned, when you receive customer data through our API, you receive only the PII that is relevant to the transaction. That information is transmitted using encryption and specific PII is only stored as long as necessary to ensure the transaction was completed successfully.
Again, if you are retaining any existing PII from Amazon customers outside of the SellerCloud platform, you are still responsible for ensuring that it is handled in accordance with Amazon policies.Need to know more about either PII or how SellerCloud helps ensure your compliance with any number of Amazon seller policies? Reach out to us directly for any support or assurances you may need.