eBay’s mission is to be the world’s favourite destination for discovering great value and unique selection
eBay has emailed all users today with this new information. And you can read the notice on eBay UK here. And there is an eBay Inc. portal for global users that explains the changes and what eBay is doing for users around the world, outside of the EU. As they note GDPR applies not just organisations which process data in the EU, but also any organisation that offers goods or services to, or monitors the behaviour of people inside the EU. GDPR applies even if the processing takes place outside of the EU.
Included on the eBay Inc. website is a link so that users can make information requests under GDPR to understand what information eBay holds and also request deletion. It does look like eBay will be processing GDPR request centrally in the USA.
Since the GDPR language was finalized in 2016, eBay has been taking steps to prepare for compliance with the new standards ahead of the May 25, 2018 implementation date. eBay is making enhancements to its processes, products, contracts, and documentation to help support the company’s, and our partner’s, compliance with the GDPR. While many of these changes will not be directly visible to customers, we’re providing greater clarity on the way eBay collects, uses, shares and manages personal information through our new and improved User Privacy Notice.
– eBay Inc.
There’s stack of information about GDPR out there and how it might affect marketplace merchants, including a number of posts from Tamebay. But there are still some unanswered questions that we hope to clarify for marketplace sellers in the next few weeks.
Too little and too late, Ebay, and not well thought through.
It is not just Ebay that will have to comply-it is also all the sellers.
I would like to know what Ebay is doing about the listings design.
So where to put the statement??
The only place I can see is the listing description details, surely a clumsy solution for those trying to shorten descriptions for the mobile age. And yes, every listing would have to be amended individually.
not sure why you feel you need to put something in your listings? The only communication you have with eBay customers is about a transaction they’ve initiated, which is legitimate use and requires no consent. You can email ebay customers but only if they’ve explicitly opted into your newsletter, which again makes it fine. You have no other need to store, retain or process customer data (in fact, it’s probably against the rules of eBay to do so) so I think you’re in the clear, Chris…
On your own website, it’s a different issue, but on eBay, there’s no need. Please correct me if I’m wrong, because obviously this is an important thing that I don’t want to mess up.
@fluffy Is it against eBay rules? If so why do they allow companies to collect data for processing, like Royal Mail / Linnworks / Channel Grabber etc…
I use WPLister which collects all data from eBay / Amazon orders and stores it in my website, at the same time it syncs my inventory between my website, eBay & Amazon.
Royal Mail Click & Drop collects the order information, name, address, email, telephone number, items purchased & amount spent, which we then use to print the labels.
basically it is fine to collect and process data *for the transaction that the buyer has initiated* and little else. That’s fine with both eBay and GDPR. However, storing the data and using it for other purposes afterwards would be against both eBay and GDPR rules. GDPR would require you ask for consent to process the data for anything else, and eBay won’t help you get that consent that because it would violate their terms of service for you to send marketing messages to eBay buyers directly.
So to use your example; Royal Mail, Linnworks etc are processing the data in order to make a transaction possible- i.e. you have to have addresses and emails etc to actually fulfil an order and deliver it, and you have to be able to manage the stock in your warehouse. That’s called “legitimate use”, and requires no consent…it’s a type of processing that is essential to the transaction that the user has explicitly chosen to initiate.
Marketing is not considered essential to the transaction and so requires consent.
Apart from that they can just have a check box pre purchase to agree to GDPR terms. Once ticked, job done…