There’s a new eBay privacy policy notice that refers to the new EU regulations that come into force on the 25th May and relate to holding the personal data of citizens in the European Union. It is effective immediately upon acceptance for new users and will be active from June 1st 2018 for all other users of eBay.
eBay has emailed all users today with this new information. And you can read the notice on eBay UK here. And there is an eBay Inc. portal for global users that explains the changes and what eBay is doing for users around the world, outside of the EU. As they note GDPR applies not just organisations which process data in the EU, but also any organisation that offers goods or services to, or monitors the behaviour of people inside the EU. GDPR applies even if the processing takes place outside of the EU.
Included on the eBay Inc. website is a link so that users can make information requests under GDPR to understand what information eBay holds and also request deletion. It does look like eBay will be processing GDPR request centrally in the USA.
Since the GDPR language was finalized in 2016, eBay has been taking steps to prepare for compliance with the new standards ahead of the May 25, 2018 implementation date. eBay is making enhancements to its processes, products, contracts, and documentation to help support the company’s, and our partner’s, compliance with the GDPR. While many of these changes will not be directly visible to customers, we’re providing greater clarity on the way eBay collects, uses, shares and manages personal information through our new and improved User Privacy Notice.
– eBay Inc.
There’s stack of information about GDPR out there and how it might affect marketplace merchants, including a number of posts from Tamebay. But there are still some unanswered questions that we hope to clarify for marketplace sellers in the next few weeks.
7 Responses
Too little and too late, Ebay, and not well thought through.
It is not just Ebay that will have to comply-it is also all the sellers.
I would like to know what Ebay is doing about the listings design.
I have changed to the new format shop front and looked to check where I could post the shop’s privacy policy statement. There is no facility for a custom page under the new format, and no tab on the listing (as there is for business policies, return policies). That would seem to be the natural place for it.
So where to put the statement??
The only place I can see is the listing description details, surely a clumsy solution for those trying to shorten descriptions for the mobile age. And yes, every listing would have to be amended individually.
basically it is fine to collect and process data *for the transaction that the buyer has initiated* and little else. That’s fine with both eBay and GDPR. However, storing the data and using it for other purposes afterwards would be against both eBay and GDPR rules. GDPR would require you ask for consent to process the data for anything else, and eBay won’t help you get that consent that because it would violate their terms of service for you to send marketing messages to eBay buyers directly.
So to use your example; Royal Mail, Linnworks etc are processing the data in order to make a transaction possible- i.e. you have to have addresses and emails etc to actually fulfil an order and deliver it, and you have to be able to manage the stock in your warehouse. That’s called “legitimate use”, and requires no consent…it’s a type of processing that is essential to the transaction that the user has explicitly chosen to initiate.
Marketing is not considered essential to the transaction and so requires consent.
I also sell on Etsy and they emailed me last week requesting that I add a privacy policy to my profile, giving an example that could be edited – simple. Pity Ebay couldn’t do somethin similar?