Early in 2019, Amazon published a new Data Protection Policy for developers, which governs the treatment (e.g., receipt, storage, usage, transfer, and disposition) of the data provided and retrieved through the Marketplace APIs (including the Marketplace Web Service APIs).
As a result of the updated Data Protection Policy, Amazon will cease providing developers buyer Personally Identifiable Information (PII). The curtailment of PII to developers is rolled out on a developer by developer basis, and the implementation date for SellerLegend is as of June 6, 2019.
Amazon’s definition of PII is “any information that can be used on its own or with other information to identify, contact, or locate an individual (e.g., Customer), or to identify an individual in context. This includes, but is not limited to, a Customer name, address, e-mail address, phone number, gift message content, purchases, latitude/longitude of buyer addresses.
But … I subscribe to other software tools, and they still show me names and addresses. What gives?
Functionality-based restrictions
Amazon is applying the concept of ‘take only the data that you need’. In that respect, if a tool does not need PII data, it should not be able to access it.
In Amazon’s view, a system may need to retrieve PII data in only 2 specific cases:
If the system provides tax statements or tax invoices
If the system provides functions related to merchant fulfillment
In those two cases, Amazon will continue to provide PII data, however, the tool developer may only keep the PII data on their databases for a period not exceeding 30 days after the fulfillment of the related order. After 30 days post-fulfillment, the developer is required to remove the PII data form the system databases.
SellerLegend functionality does not fall in the 2 categories above, hence we receive no PII data at all
If the other software tool does have functionality which does fall in the 2 above categories, they will still receive PII data, but the PII data MUST be erased no later than 30 days after order fulfillment
The Amazon Vetting Process
As mentioned earlier, the access blocking of PII data to developers is happening over a long period of time
Amazon is currently vetting every developer in the world to check whether they comply with the new policies
This vetting is quite elaborate and takes place over a period of months
Until the vetting is completed, developers continue to enjoy unrestricted access to PII data
Once the vetting is completed, the developer receives a formal authority to continue using API services, but with the restrictions described above
If the other software provider has not completed their vetting, the will still display PII data, but understand that this may be temporary until they complete their Amazon Vetting
If a software provider shows curtailed PII data in some form or another, it means they have successfully passed the vetting hurdle
Why Did Amazon Do This?
The cynical among us will immediately think that Amazon wants to make Seller’s lives more difficult by curtailing their ability to
contact buyers by snail mail, or
use the PII data for Facebook retargeting or constituting Facebook audiences
associate reviews to orders
We rather believe that Amazon’s main motivation is one of security
If a developer suffers a breach and the buyer data is exposed, this affects the buyer whose details have been leaked, but it equally affects Amazon’s reputation, the seller’s reputation, and the developer’s reputation
The security motivation is apparent when reading the new policy in detail, where the majority of the vetting questions are about the technical, operational and administrative ability of the developer to secure the data according to best industry standards
If nothing else, this vetting exercise should have confirmed which developers are fit-for-purpose, while also improving the overall security measures across the tool development community
You Know, I Never Heard Any Of This. This Is Fake News.
You will no doubt be hearing more and more about this as the vetting process reaches its conclusion
In the meantime, here is a good podcast that presents a second and third opinion
What Are The Observed Outcomes Of The Amazon Developers Vetting
There may be more outcomes than the ones reported here, but this is what we have observed:
Amazon found the developer unable to demonstrate proper security and care of customer data, resulting in the developer forcibly or voluntarily (due to unaffordable remediation costs) losing all MWS API privileges (The equivalent of a Seller account being suspended with no further recourse)
The developer passes the vetting and is afforded either:
Continued access to PII data, but data must be deleted after 30 days post-order-fulfillment, or
Curtailed access to PII data (the SellerLegend case)
Please be reminded that total curtailment of PII data is not a consequence of lesser security handling. It is merely a consequence of the type of functionality offered by the system
If the tool you are using continues to show PII data, it would be prudent to inquire with the developer where they are at in their vetting process.
Some developers may resist deleting data after 30 days. While this may suit you greatly, remember that this is against Amazon policy.
Since you have given MWS access to the developer, you are responsible for their actions. If that developer system is breached, the developer is obligated to let Amazon know about it within 24 hours and provide them with details of the breached data, which will include your Amazon account details., which could potentially mean you may lose your Amazon selling privileges and see your account suspended.
How Does This Change Impact SellerLegend
Orders, Customer List, and Customer Cross-Sell will no longer carry buyer names and addresses
Searching Orders, Customer List, and Customer Cross-Sell by buyer name or address will no longer be possible
There will be no way to perform customer geo-tagging, therefore the screen Customer->Geotagging will be retired
Customer Watchlisting will not carry the customer name, only the encrypted email address
View Repeating Customers will only show the customer’s encrypted email address
Please note that the removal of PII data is not specific to SellerLegend. Indeed, this will be deployed over time to every 3rd-party developers. Dependent on the type of functionality