Data Protection Authorities

Working with Data Protection Authorities

eBay strives to work closely with European Data Protection Authorities (DPAs) in order to ensure that we appropriately handle information received from both our users and employees. We will respond diligently and appropriately to requests from DPAs about the Corporate Rules and eBay’s compliance with privacy laws and regulations. DPAs should direct any requests to the eBay privacy team to ensure the appropriate party addresses the request.

For a variety of reasons, primarily EU-based user contracts with eBay entities in Luxembourg and our Luxembourg management team structure, eBay's lead DPA is Luxembourg’s National Data Protection Commission (CNPD). Most of our servers are located in the United States, where we process data on behalf of the EU Data Controllers.

eBay's Binding Corporate Rules and Code of Conduct

Please see the link for our binding corporate rules regarding safeguarding of information.

In 2009, Luxembourg’s National Data Protection Commission (CNPD) formally approved eBay’s Binding Corporate Rules (BCRs) for privacy compliance for both customers and employees. The data protection authorities in the other 13 EU Member States where eBay operates have accepted the CNPD’s findings and assessment under a mutual recognition procedure. BCRs are strict rules and procedures that ensure a consistent and high standard of protection for individuals’ privacy. The approval means that all the data protection authorities are satisfied that the eBay Inc. group BCRs provide an adequate level of protection for eBay customers’ and employees’ personal information.

The Corporate Rules are made binding upon global eBay subsidiaries by either unilateral declarations or undertakings made or given by eBay Inc., which are binding on the Employees of the Group, by incorporation of obligations contained in statutory codes within a defined legal framework (i.e., eBay’s Code of Business Conduct or CoBC) and by incorporation of the Corporate Rules within the general business principles of a Group backed by appropriate policies, audits and sanctions.

The CoBC is a requirement of companies that are listed on the Nasdaq, where eBay Inc., is publicly traded. Furthermore, the National Association of Securities Dealers (NASD) requires that the CoBC apply to all directors, officers and employees. Our senior executives and Board of Directors have reviewed and approved the CoBC and use it as guidelines for the oversight and management of the company.

Additionally, the Corporate Rules are made binding upon the Group by an agreement between eBay Inc., and all other eBay Entities (the Corporate Rules Agreement). The Corporate Rules Agreement, signed by eBay Entities, requires all members of the Group to comply with the Corporate Rules and provides EU Employees and EU Users that suspect a breach of the BCR with third party beneficiary rights.

By way of general comment, the Employee Handbook and the Corporate Privacy Policy (for Employees) and each subsidiary entities' Privacy Policy (for Users) include detailed information on the acts of processing carried out on the Data Subjects’ Personal Information.

For employees, section 8, Confidential Information, of the CoBC states:

“We all need to work together to safeguard confidential information and trade secrets – it takes only one slip to undermine our efforts to protect them. In the course of your work, you may have access to confidential information regarding eBay, our affiliates, suppliers, customers, and maybe even fellow employees. You may have access to personal data of users, such as contact information, financial data, or other sensitive information, whose use is governed by our Privacy Policy. Don’t disclose any confidential information or trade secrets except as necessary to perform your duties and through a non-disclosure agreement or other confidentiality provision approved by Legal. Because receiving confidential information creates risks for eBay, agree to receive such information only where necessary for our business purposes.

In addition, observe good security practices and keep confidential information secure from outside visitors and anyone else without a legitimate reason to see it. Don’t reveal this information outside eBay without prior management approval. All of us signed an Employee Proprietary Information and Inventions Agreement when we started at eBay. This Agreement defines your obligations in greater detail. Direct any questions about your responsibilities to Legal or HR.”