eBay · eBay Privacy Notice · View original document ↗

Cross-Border Data Transfers

Medium severity Medium confidence Explicitdocumentlanguage Common · 83 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity eBay recorded 2 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for eBay Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Depending on where you live and what eBay services you use, different eBay legal entities around the world act as the controller of your personal data, which means your data may be transferred across international borders.

This analysis describes what eBay's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Cross-border data transfers mean your personal information may leave your home country and be processed under different legal standards, which is particularly significant for EU users given GDPR's strict transfer restrictions.

Interpretive note: The specific transfer mechanisms used for cross-border data flows between eBay affiliates are not detailed in the available document excerpt, creating uncertainty about the adequacy of those safeguards.

Recent Activity

This document changed recently

Medium May 1, 2026

eBay's updated privacy notice now provides more structured and detailed information about what personal data it collects, why it processes that data, and how it handles cross-border transfers. The addition of explicit data protection officer contact information and a clear table of contents makes the privacy framework more accessible and transparent. You can review the new notice to understand what data categories eBay collects and contact the designated data protection officer with privacy concerns.

View change record →

Clause Stability Stable

0
Changes
3
Months Monitored
May 10, 2026
First Seen
May 22, 2026
Last Seen
This clause type exists across 3350 other provisions on other platforms.

Change history

added May 12, 2026

New provision in first tracked version.

View full change record →

Consumer impact (what this means for users)

Your personal data may be transferred to and processed by eBay entities in the United States, Luxembourg, Germany, the UK, Switzerland, Singapore, or other locations depending on your region and the services you use. EU/EEA users in particular should be aware that transfers outside the EEA must be supported by appropriate safeguards such as Standard Contractual Clauses.

How other platforms handle this

Grindr Medium

Your personal information may be transferred to, stored, and processed in the United States or other countries outside of your country of residence, which may have data protection laws that are different from those in your country.

Peloton Medium

Your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers and partners operate. By using our Services, you acknowledge that your personal information may be transferred to countries outside your country of residence, in...

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

See all platforms with this clause type →

Monitoring

eBay has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Which eBay Affiliate is responsible for the collection and processing of your personal data in connection with the provision of the Services depends on how you use our Services.

— Excerpt from eBay's eBay Privacy Notice

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: Cross-border data transfers from the EU/EEA engage GDPR Chapter V requirements, which require that transfers to third countries (including the USA) be supported by adequacy decisions, Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or other recognized transfer mechanisms. The UK GDPR imposes equivalent requirements for transfers from the UK. eBay's reference to global data protection principles and data transfers to eBay Affiliates suggests reliance on intra-group transfer mechanisms, but the specific mechanism used is not detailed in the available excerpt. GOVERNANCE EXPOSURE: Medium. The multi-entity controller structure creates complexity in mapping which entity holds which data and which transfer mechanisms apply to each data flow. eBay Commerce entities processing payment data for sellers across multiple jurisdictions create a particularly complex transfer matrix that warrants careful documentation. JURISDICTION FLAGS: EU/EEA users are protected by GDPR Chapter V; Schrems II compliance remains a live issue for EU-to-US transfers, requiring transfer impact assessments (TIAs) in addition to SCCs. UK users are subject to the UK GDPR International Data Transfer Agreement (IDTA) framework for transfers to third countries. Australian users may have rights under the Privacy Act 1988 regarding offshore data transfers. CONTRACT AND VENDOR IMPLICATIONS: Intra-group data sharing agreements must satisfy GDPR Article 28 or Article 26 requirements depending on whether eBay affiliates act as processors or joint controllers. Transfer mechanism documentation (SCCs, BCRs, or adequacy reliance) should be current and accessible for regulatory inspection. COMPLIANCE CONSIDERATIONS: Compliance teams should maintain a current record of cross-border data flows between eBay affiliates and confirm that transfer mechanisms are in place and up to date, particularly following any changes in adequacy decisions or SCCs. Transfer impact assessments for US-bound transfers should be documented and reviewed periodically.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • State AG
    State Attorneys General may have jurisdiction over cross-border data transfer practices affecting residents of their states, particularly where transfers result in reduced privacy protections
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
UK GDPR
United Kingdom
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
eBay Privacy Notice
Entity
eBay
Document last updated
May 5, 2026
Tracking information
First tracked
May 10, 2026
Last verified
May 10, 2026
Record ID
CA-P-008799
Document ID
CA-D-00256
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
eecb7cb887ecc8c91eb3d59fbb033add1299a620d3c0325c86a8d86571cc93a6
Analysis generated
May 10, 2026 11:09 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: eBay
Document: eBay Privacy Notice
Record ID: CA-P-008799
Captured: 2026-05-10 11:09:19 UTC
SHA-256: eecb7cb887ecc8c9…
URL: https://conductatlas.com/platform/ebay/ebay-privacy-notice/cross-border-data-transfers/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does eBay's Cross-Border Data Transfers clause do?

Cross-border data transfers mean your personal information may leave your home country and be processed under different legal standards, which is particularly significant for EU users given GDPR's strict transfer restrictions.

How does this clause affect you?

Your personal data may be transferred to and processed by eBay entities in the United States, Luxembourg, Germany, the UK, Switzerland, Singapore, or other locations depending on your region and the services you use. EU/EEA users in particular should be aware that transfers outside the EEA must be supported by appropriate safeguards such as Standard Contractual Clauses.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 83 platforms. See the full comparison.

Is ConductAtlas affiliated with eBay?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by eBay.