eBay 2012 Annual Report Download - page 29

Download and view the complete annual report

Please find page 29 of the 2012 eBay annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 162

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162

where we operate. Security breaches, including any breaches of our security measures or those of parties with which we have commercial
relationships (e.g., our clients and third-party service providers) that result in the unauthorized release of users' personal information, could
damage our reputation and expose us to a risk of loss or litigation and possible liability. Our insurance policies carry low coverage limits, which
may not be adequate to reimburse us for losses caused by security breaches.
Our users, as well as those of other prominent Internet companies, have been and will continue to be targeted by parties using fraudulent
“spoof” and “phishing” emails to misappropriate user names, passwords, payment card numbers, or other personal information or to introduce
viruses or other malware through “trojan horse” programs to our users' computers. These emails appear to be legitimate emails sent by eBay,
PayPal, a GSI client, StubHub or one of our other businesses, or by a user of one of our businesses, but direct recipients to fake websites
operated by the sender of the email or request that the recipient send a password or other confidential information through email or download
malware. Despite our efforts to mitigate “spoof” and “phishing” emails through product improvements and user education, “spoof” and
“phishing” activities remain a serious problem that may damage our brands, discourage use of our websites and increase our costs.
Changes in regulations or user concerns regarding privacy and protection of user data could adversely affect our business.
We are subject to laws relating to the collection, use, retention, security and transfer of personally identifiable information about our users,
especially for financial information and for users located outside of the U.S. As an entity licensed and subject to regulation as a bank in
Luxembourg, PayPal (Europe) S.à r.l et Cie, SCA is subject to banking secrecy laws. In many cases, these laws apply not only to third-party
transactions, but also to transfers of information between ourselves and our subsidiaries, and between ourselves, our subsidiaries and other
parties with which we have commercial relations. In particular, the collection and use of personal information by companies has come under
increased regulatory scrutiny. The interpretation and application of user data protection laws are in a state of flux, and may be interpreted and
applied inconsistently from country to country.
Regulatory scrutiny of privacy and user data protection is increasing on a global basis, and a number of countries in which we operate are
actively evaluating changes to their privacy laws and regulations. The European Union recently proposed new data laws that give customers
additional rights and provide additional restrictions and harsher penalties on companies for illegal collection and misuse of personal information,
including restrictions on the use of Internet tracking tools called “cookies.” While the European Union directive on cookies has taken effect, the
manner in which member states adopt implementing legislation, and whether the European Union deems that legislation sufficient, continues to
evolve. To the extent implementing legislation by member states is more restrictive, it could negatively impact the manner in which we use
cookies for many of our services, ranging from advertising to anti-
fraud, and require us to incur additional costs or change our business practices,
which could harm our business. The European Union has also proposed a General Data Protection Regulation that would supersede the European
Data Protection Directive. In the U.S., the Federal Trade Commission, or FTC, and the White House have both proposed U.S. privacy
frameworks, and in 2012, legislation was introduced in the U.S. Senate which would have required organizations that suffer a breach of security
related to personal information to notify owners of the breached information and, in some instances, notify the Federal Bureau of Investigation or
U.S. Secret Service; similar legislation may be introduced and enacted in the future. Other countries in which we operate have recently adopted
and implemented privacy and data protection laws and regulations for the first time, or are in the process of doing so. Our current data protection
policies and practices may not be consistent with new laws and regulations or evolving interpretations and applications. It is unclear how the
application of existing privacy laws and regulations will impact mobile services and technologies, which are evolving rapidly. Complying with
these varying national requirements could cause us to incur substantial costs or require us to change our business practices in a manner adverse
to our business.
In addition, we have and post on our websites our own privacy policies and practices concerning the collection, use and disclosure of user
data. Any failure, or perceived failure, by us to comply with our posted privacy policies or with any regulatory requirements or orders or other
federal, state or international privacy or consumer protection-related laws and regulations (or, in the case of our GSI businesses, any such failure
or perceived failure on the part of GSI or GSI's clients) could result in proceedings or actions against us by governmental entities or others (e.g.,
class action privacy litigation), subject us to significant penalties and negative publicity, require us to change our business practices, increase our
costs and adversely affect our business. The FTC and state regulatory agencies have become more aggressive in enforcing privacy and data
protection laws and regulations. For example, the FTC recently entered into a number of consent decrees with a number of major online
companies, including Facebook and Google, to settle allegations of unfair or deceptive privacy practices. The FTC's consent decrees with
Facebook and Google require each of those companies to implement a comprehensive privacy program and undergo regular, independent
privacy audits for the next 20 years, among other requirements. In December 2012, California's attorney general filed a lawsuit against Delta Air
Lines for failing to include a privacy policy in its mobile apps.
27