Out-Law News 2 min. read

Privacy group says eBay breaches Data Protection Act


A complaint against online auction site eBay is being investigated by the Information Commissioner's Office over suspicions it is in breach of the Data Protection Act. The claims are made by pressure group Privacy International.

A complaint against online auction site eBay is being investigated by the Information Commissioner's Office over suspicions it is in breach of the Data Protection Act. The claims are made by pressure group Privacy International.

Privacy International has claimed that the difficulty in closing accounts with eBay puts the company in breach of the Act. It concedes that deleting an account is possible, but very difficult. Under the terms of the Data Protection Act, companies must allow people to delete or request that their personal information be deleted.

"We believe that these account deletion and disclosure arrangements – or their absence – breach key elements of the Data Protection Act," said a Privacy International statement. "No customer could reasonably be expected to invest the considerable time and effort required to investigate these sites, nor in our view should any responsible company create such obstacles. In our view it is in these companies financial interest to hide the account deletion function, and thus they have acted in an entirely self-serving manner that denies millions of customers an important right."

The ICO is investigating the group's claims. "We have received a complaint from Privacy International which we are now looking into," said an ICO statement. "The Information Commissioner's Office takes breaches of people's privacy very seriously and we are contacting eBay about this.”

EBay issued a statement saying that it "takes the safety and privacy of its users very seriously," and that its members were free to delete their accounts.

The ICO will also investigate Privacy International's claim that the company's sharing of bank, address, date of birth and telephone details with up to 10,000 organisations is, in Privacy International's words, "disproportionate and possibly insecure".

EBay shares the information with the members of its VeRO programme, a scheme that EBay says is designed to aid the investigation of fraud or other unlawful activity on the site.

"The VeRO Programme has membership of around 10,000 organisations and individuals," said a Privacy International statement. "We believe this blanket provision in EBay’s terms and conditions is disproportionate and possibly insecure, and we have also asked the Information Commissioner to investigate the nature of this relationship and the scale of disclosures of personal information to the programme’s members."

EBay could ultimately be fined if the ICO finds it in breach of the Act, but only if it disobeys the ICO. "The ICO can ask for more information about how they process their data with an Information Notice," said Daradjeet Jagpal, a specialist in data protection law at Pinsent Masons, the law firm behind OUT-LAW.COM.

"If they don't comply with the Information Notice they can issue an Enforcement Notice asking them to do certain things. If they don't comply with that then that is a crime," said Jagpal. "There are very few crimes under the Data Protection Act, but that is one." It carries a fine of up to £5,000, he said.

Individuals can also take action. "If someone can prove that they have suffered damage, or damage and distress, then they can bring a claim against eBay and seek compensation," said Jagpal.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.