eBay has a new privacy policy update, effective December 23, 2021.

We're updating our User Privacy Notice to reflect changes that will make it easier for you to understand the personal data we collect and to give you greater control over your personal data. This is part of our ongoing commitment to be transparent about how we use your data and keep it safe. The new updates will take effect on December 23, 2021, and no further action is required by you.

Notable changes:

  • Additional information about the personal data we collect, the purposes for which we use that data, and how we share and process personal data within the eBay Inc. corporate family and with other businesses and service providers.
  • Additional information in relation to international data transfers and the measures we take to safeguard those transfers.
  • A section referring to additional regional and State Privacy disclosures. This includes additional disclosures for residents of certain U.S. states, including California, and disclosures for specific regions or countries, including Brazil and mainland of People's Republic of China.

It's important to us that we keep your data safe and increase transparency about how we use it. You can learn more about eBay's Privacy Principles and User Privacy Notice at our Privacy Center.

As always, thank you for being part of eBay.
Your eBay Global Privacy Team

User Privacy Notice
In our User Privacy Notice we have compiled all essential information about our handling of your personal data and your corresponding rights for you. This User Privacy Notice is effective from December 23, 2021. View the previous User Privacy Notice.

The previous policy can be viewed here.

Just briefly glancing through the changes, it looks like mostly they are cleaning up language around payments to remove mention of PayPal and also a few updates for international policies to reflect differences between UK and EU requirements.

Also of note is the addition of the use of port scanning technology, something that had previously raised eyebrows last year when it was discovered that eBay may scan users computers for open ports that could allow remote desktop access.

I'll highlight a few of the more obvious changes below and update as I find more.


4.2 Personal data we collect automatically when you use our Services or create an eBay account

Old: Computer and connection information, such as statistics regarding your use of services from eBay, information on data traffic to and from websites, referral URL, information on advertisements, your IP address, your access times, your browser history data, your language settings and your weblog information.

New: Computer and connection information, such as statistics regarding your use of our Services, information on data traffic to and from websites, referral URL, information on advertisements, your IP address, your access times including accessed pages within our Services, your language settings and your weblog information.

4.3 Personal data we collect in connection with the use of cookies and similar technologies

Old: The user segment or category into which you as a user fall, for example: male, 20-49 years old, interested in cars.

New: The user segment or category into which you as a user fall, for example: female, 20-49 years old, interested in sneakers.

Old: Location data, including your general location data (e.g., IP address) and the precise location data of your mobile device. Please note that most mobile devices allow you to manage or disable the use of location services for all applications in the settings menu.

New: Location data, including your general location data (e.g., IP address) and, with your permission, the precise location data of your mobile device. Please note that most mobile devices allow you to manage or disable the use of precise location services for all applications in the settings menu.

Old: If you give us access to video content pages, your grant of access is your consent that we may, for at least two years, or until you withdraw your consent or are no longer connected to the social network, share with and collect from social networks information regarding your viewing of videos.

New: removed

5.1 We process your personal data in order to fulfil our contract with you and to provide you with our Services.

Old: Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

  • Other eBay users
  • eBay Inc. corporate family members
  • External service providers and shipping companies (such as DHL, UPS, etc.)
  • Payment service providers including the PayPal Inc. group of companies
  • External operators of websites, applications, services and tools

New: Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

  • Other eBay users
  • eBay Inc. corporate family members
  • External service providers, authentication partners, physical storage service partners, and shipping companies (such as DHL, UPS, etc.)
  • Government agencies or public authorities (including customs and tax authorities)
  • Payment service providers
  • External operators of websites, applications, services and tools

5.4 We process your personal data where necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. In order to reconcile our legitimate interests with your rights, we have introduced appropriate control mechanisms. On this basis, we process your data for the following purposes:

Old: Prevention, detection, mitigation and investigation of fraud, security breaches and other prohibited or unlawful activities, including the assessment of corresponding risks (e.g. through the use of captchas or the telephone number stored in your eBay account for two-factor authentication), unless there is a statutory obligation to this effect.

New: Prevention, detection, mitigation and investigation of fraud, security breaches and other prohibited or unlawful activities, including the assessment of corresponding risks (e.g. through the use of captchas, a port enumeration technology to identify user sessions using remote desktop tools or the telephone number stored in your eBay account for risk assessments and two-factor authentication), unless there is a statutory obligation to this effect.

Old: Automatic filtering and, where necessary, manual review of messages sent through our messaging tools to prevent fraudulent or suspicious activity or violations of our User Agreement or other rules and policies, including enforcing the prohibition of purchases and sales outside of eBay, as further explained below under Filtering of messages sent via our messaging tools (see section 11. Other important information regarding data protection).

New: Automatic filtering and, where necessary, manual review of messages sent through our messaging tools (including chat messages and emails sent to eBay alias email addresses) to prevent fraudulent or suspicious activity or violations of our User Agreement or other rules and policies, including enforcing the prohibition of purchases and sales outside of eBay, as further explained below under Filtering of messages sent via our messaging tools (see section 11. Other important information regarding data protection).

7 Storage duration and erasure

Old: Special categories of personal data
If we store special categories of personal data (i.e., personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data which is being processed for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation), a shorter retention period is usually appropriate.

New: Removed

8 Rights as a data subject

Old: You have the right to obtain from us the erasure of personal data concerning you, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims. The right to erasure may be limited by national law.

New: You have the right to obtain from us the erasure of personal data concerning you under certain conditions (e.g. when the personal data are no longer necessary in relation to the purposes for which they were processed or when they are no longer required for overriding legitimate grounds, such as the detection/prevention of fraud), unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims. The right to erasure may be limited by national law.

Old: You can exercise your rights as a data subject via our Privacy Contact page. In addition, you are of course free to contact us.

New: You can exercise your rights as a data subject via our Privacy Contact page. In addition, you are of course free to contact the eBay Privacy Team or the controller who is responsible for the processing of your personal data at any time (for further information, see section 2. Controller above). You can find all necessary information and contact details in our eBay Privacy Center.

The exercise of the above data subjects' rights (e.g. right to access or erasure) is generally free of charge. Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge an appropriate fee (at most our actual costs), in accordance with the applicable statutory regulations, or refuse to process the application.

9. Cookies & similar technologies

Old: We use cookies and similar technologies that remain on your device only as long as your browser is active (session cookies), as well as cookies and similar technologies that remain on your device longer (persistent cookies). Where possible, we take appropriate security measures to prevent unauthorized access to our cookies and similar technologies. A unique ID ensures that only we and/or selected third parties have access to cookie data. (removed)

New: We use cookies and similar technologies that remain on your device only as long as your browser is active (session cookies), as well as cookies and similar technologies that remain on your device longer (persistent cookies). We take appropriate security measures to prevent unauthorized access to our cookies and similar technologies.

Comments