question

ubix avatar image
1 Like"
ubix asked ·

Require Privacy Compliance

We develop a Desktop application that, among other things, downloads Order information and stores this on the Customer's system in their Database. Technically, the Customer is storing this data.

Are we in any way responsible for this, and if so, how can we justify forcing our Customer to delete information about an Order?

Something about this does not seem to add up, and in our case, we have no way to do this, so it is not clear what it means to us.


And worse, we have no way to contact anyone at Ebay to determine what this means, so it seems hard to see how it can be applied to us if we have no way to determine what it means or if it even applies.


For now we will ignore it. If somehow Ebay tries to shut us down without providing any avenue for us to directly inquire about it, my sense is that they will be tilting at windmills.


If Ebay is going to issue statements like this, we must have an avenue by which we can directly, and at no charge, inquire as to how we are affected and any details we need to know to comply.

As such, for now, this clearly cannot apply to us, as we cannot reach out and determine if in fact it does apply.


If this is incorrect, Ebay must provide us an avenue by which we can field inquiries to clarify the meaning of this email.

privacy policy
10 |600 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

jeremias2k avatar image
0 Likes"
jeremias2k answered ·

I just set up the requested URL to handle the account deletion requests. The URL returns http 200 in my browser, but the test button from my developer account tells me, that the URL returns http 400. Now I don't know how to proceed. I'm also not storing any eBay cutomer data, so I always return http 200 and do nothing.

·
10 |600 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

marob_36244 avatar image
0 Likes"
marob_36244 answered ·

We're in a similar situation to you however on the 'Required Privacy Compliance' email we received, there was a link to the marketplace account deletion page (https://developer.ebay.com/marketplace-account-deletion). On that page I noticed the following text:

Note: Some developers might not be storing any data from eBay for various reasons. For such developers, we will working on a way to apply for exception via the Developer portal. More details about this will be added soon. 

and

Once developers begin receiving and acknowledging the receipt of eBay marketplace account deletion/closure notifications, they need to take the appropriate action to delete the user data, or in case developers plan to retain data, it is only retained to meet specific and demonstrable legal requirements (e.g. tax, collections, AML regulations).  


Hopefully this means we can be excluded because we have no control over whether our users will allow our application to receive callbacks from the internet. We certainly have no right to determine when their customer's data should be deleted.

·
10 |600 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

ssisurplus avatar image
0 Likes"
ssisurplus answered ·

Yeah, the avenue seems to be these forums, where 4 out of 5 questions never get responded to. I haven't looked at the details of the push notification system, but I'm also in a similar boat as you and am trying to figure out what, exactly, we are supposed to be doing. People wanting their info removed is one thing, but aren't we entitled to our order history for things such as tax purposes, etc. (state the sale was in, etc.). i.e. do I have to update their previous order info with "EBay Customer" for name, etc. We didn't track ebay usernames for a long time, so without that info how can I know what info to remove for very old orders. If it's a matter of removing email addresses and phone numbers for a given user, I can accomplish that easy enough I guess, but worried that I'm going to have to set up some type of listener for this push notification method. Guess I'll find out more when I have time to invest into it, but additional info would be great.

So many questions with nowhere to turn.

·
10 |600 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.