EBay (EBAY)

Changes in regulations or user concerns regarding privacy and protection of user data could adversely affect our business.

We are subject to laws relating to the collection, use, retention, security and transfer of personally identifiable information about our users, especially for financial information and for users located outside of the U.S. In addition, as an entity licensed and subject to regulation as a bank in Luxembourg, PayPal (Europe) S.A.R.L. et Cie, SCA is subject to banking secrecy laws. In many cases, these laws apply not only to third-party transactions but also to transfers of information between ourselves and our subsidiaries, and between ourselves, our subsidiaries, and other parties with which we have commercial relations. New laws in this area have been passed by several jurisdictions, and other jurisdictions are considering imposing additional restrictions. The interpretation and application of user data protection laws are in a state of flux. These laws may be interpreted and applied inconsistently from country to country and our current data protection policies and practices may not be consistent with those interpretations and applications. Complying with these varying international requirements could cause us to incur substantial costs or require us to change our business practices in a manner adverse to our business. In addition, we have and post on our websites our own privacy policies and practices concerning the collection, use and disclosure of user data. Any failure, or perceived failure, by us to comply with

24

Table of Contents

our posted privacy policies or with any regulatory requirements or orders or other federal, state or international privacy or consumer protection-related laws and regulations could result in proceedings or actions against us by governmental entities or others, subject us to significant penalties and negative publicity and adversely affect us. In addition, as noted above, we are subject to the possibility of security breaches, which themselves may result in a violation of these laws.

Changes in regulations or user concerns regarding privacy and protection of user data could adversely affect our business.

We are subject to laws relating to the collection, use, retention, security and transfer of personally identifiable information about our users, especially for financial information and for users located outside of the U.S. In many cases, these laws apply not only to third-party transactions but also to transfers of information between ourselves and our subsidiaries, and between ourselves, our subsidiaries, and other parties with which we have commercial relations. New laws in this area have been passed by several jurisdictions, and other jurisdictions are considering imposing additional restrictions. The interpretation and application of user data protection laws are in a state of flux. These laws may be interpreted and applied inconsistently from country to country and our current data protection policies and practices may not be consistent with those interpretations and applications. Complying with these varying international requirements could cause us to incur substantial costs or require us to change our business practices in a manner adverse to our business. In addition, we have and post on our websites our own privacy policies and practices concerning the collection, use and disclosure of user data. Any failure, or perceived failure, by us to comply with our posted privacy policies or with any regulatory requirements or orders or other federal, state or international privacy or consumer protection-related laws and regulations could result in proceedings or actions against us by governmental entities or others, subject us to significant penalties and negative publicity and adversely affect us. In addition, as noted above, we are subject to the possibility of security breaches, which themselves may result in a violation of these laws.