Working with Data Protection Authorities
eBay strives to work closely with European Data Protection Authorities (DPAs) in order to ensure that we appropriately handle information received from both our users and employees. We will respond diligently and appropriately to requests from DPAs about the Corporate Rules and eBay’s compliance with privacy laws and regulations. DPAs should direct any requests to the eBay privacy team to ensure the appropriate party addresses the request.
For a variety of reasons, primarily EU-based user contracts with eBay entities in Luxembourg and our Luxembourg management team structure, eBay's lead DPA is Luxembourg’s National Data Protection Commission (CNPD). Most of our servers are located in the United States, where we process data on behalf of the EU Data Controllers.
eBay's Binding Corporate Rules and Code of Conduct
Please see the link for our binding corporate rules regarding safeguarding of information.
In 2009, Luxembourg’s National Data Protection Commission (CNPD) formally approved eBay’s Binding Corporate Rules (BCRs) for privacy compliance for both customers and employees. The data protection authorities in the other 13 EU Member States where eBay operates have accepted the CNPD’s findings and assessment under a mutual recognition procedure. BCRs are strict rules and procedures that ensure a consistent and high standard of protection for individuals’ privacy. The approval means that all the data protection authorities are satisfied that the eBay Inc. group BCRs provide an adequate level of protection for eBay customers’ and employees’ personal information.
The Corporate Rules are made binding upon global eBay subsidiaries by either unilateral declarations or undertakings made or given by eBay Inc., which are binding on the Employees of the Group, by incorporation of obligations contained in statutory codes within a defined legal framework (i.e., eBay’s Code of Business Conduct or CoBC) and by incorporation of the Corporate Rules within the general business principles of a Group backed by appropriate policies, audits and sanctions.
The CoBC is a requirement of companies that are listed on the Nasdaq, where eBay Inc., is publicly traded. Furthermore, the National Association of Securities Dealers (NASD) requires that the CoBC apply to all directors, officers and employees. Our senior executives and Board of Directors have reviewed and approved the CoBC and use it as guidelines for the oversight and management of the company.
Additionally, the Corporate Rules are made binding upon the Group by an agreement between eBay Inc., and all other eBay Entities (the Corporate Rules Agreement). The Corporate Rules Agreement, signed by eBay Entities, requires all members of the Group to comply with the Corporate Rules and provides EU Employees and EU Users that suspect a breach of the BCR with third party beneficiary rights.
For employees, section 8, Confidential Information, of the CoBC states:
In addition, observe good security practices and keep confidential information secure from outside visitors and anyone else without a legitimate reason to see it. Don’t reveal this information outside eBay without prior management approval. All of us signed an Employee Proprietary Information and Inventions Agreement when we started at eBay. This Agreement defines your obligations in greater detail. Direct any questions about your responsibilities to Legal or HR.”