General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a comprehensive update to existing European Union laws that went into effect on May 25, 2018. The GDPR was designed to harmonize data privacy laws across Europe, to protect and empower all EU resident’s data privacy and to reshape the way organizations across the region approach data privacy.

eBay’s Commitment to GDPR

For more than 20 years, we have been committed to protecting the privacy and data of our hundreds of millions of global customers who use eBay’s trusted platforms. Millions of transactions happen everyday on our site, and we value the trust you place in eBay safeguarding your personal information. We embrace the GDPR as an opportunity to demonstrate and deepen our commitment to protecting your data.

What has eBay done to prepare for GDPR?

After the GDPR language was finalized in 2016, eBay took steps to prepare for compliance with the new standards ahead of the May 25, 2018 implementation date. eBay made enhancements to its processes, products, contracts, and documentation to help support the company’s, and our partner’s, compliance with the GDPR.  While many of these changes were not directly visible to customers, we provide greater clarity on the way eBay collects, uses, shares and manages personal information through our new and improved User Privacy Notice.

With these standards in place, here is what changed:

  • We created easy-to-recognize icons that will help highlight privacy topics to make it easier for you to see how we use your personal information.
  • We added some detail around what you can do with your data and how you can exercise your privacy rights on eBay.
  • We gave you additional information about when we delete your data.
  • We provided increased transparency around the different purposes for which we use your personal information.

Read our Privacy Principles and Privacy Notice to learn more about how we approach data privacy.

What is the GDPR and when did it come into effect?

The General Data Protection Regulation (GDPR) replaced the Data Protection Directive and harmonized the data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.  It became effective on May 25, 2018.

Who does the GDPR apply to?

The GDPR applies not only to organizations who process data in the EU, but also any organization that offers goods or services to, or monitors the behavior of people inside the EU. GDPR applies even if the processing takes place outside of the EU.

Which data elements fall under the GDPR?

The GDPR applies to information that directly or indirectly could identify an individual.  This includes information, such as names, addresses, phone numbers, date of birth, as well as IP addresses, cookie identifiers, device information, advertising identifiers, financial information, geo-location information, social media information, consumer preferences, etc. To read more about the personal information that eBay captures, please visit our User Privacy Notice.

What are eBay sellers GDPR obligations and steps to comply?

If you’re a seller based in the EU or a seller based outside of the EU who sells to buyers in the EU, you need to understand the requirements of GDPR and take steps to ensure you comply. To learn more about your obligations and compliance, please visit our GDPR Help Page.