The General Data Protection Regulation (GDPR) is a European Union (EU) regulation governing data privacy, which places new requirements on individuals and businesses offering services both within and into the EU. The aim of the GDPR is to harmonize the existing patchwork of data privacy laws currently in place across most of Europe, including the 28 member countries of the EU and the 3 additional member countries of the European Economic Area (EEA).
The GDPR went into effect on May 25, 2018, and gives individuals in the EU more transparency, rights, and control around the way their personal information is used. It also provides rights for data deletion, access, and portability.
What changed on Etsy?
Safeguarding the privacy of our community of buyers and sellers has always been core to how we do things here at Etsy. Here’s a summary of the changes we’ve made:
More transparency around how personal information is used
- We’ve updated privacy features, giving more control over how personal information is used for marketing, advertising, and tracking on Etsy. EU members can access these new features under Your Account > Account settings > Privacy on web, mobile web, and on the Etsy buying apps.
Improved functionality for subject data access requests and portability
- Members can download a ZIP file of their personal information (bio, profile image URL, purchases, Messages, etc.) under Your Account > Account settings > Privacy.
- Sellers can download their shop data (financial information, shop address, active listings, etc) from Your Account > Shop Manager > Settings > Options > Download Data.
The data is available to download in both CSV and JSON formats. You can open JSON files in applications like Microsoft Excel or Firefox.
We’ll continue to review and update site features to address privacy requirements such as GDPR to give you more control over your information, as well as transparency into Etsy’s privacy practices.
How does this impact sellers?
As an Etsy seller if you sell in or into the EU, you may need to:
- Provide or delete your EU buyers’ personal information (should they request it) if you’re storing or using it outside of Etsy, and adhere to applicable rules on being transparent with how you use buyer information for things like analytics, marketing, or sharing with third parties.
- Consider consulting with a lawyer for guidance on how these new rules could directly affect you. For more information, read our updated House Rules.
My Etsy shop is not located in the EU. Does the GDPR still apply to my business?
If you’re a non-EU seller, certain GDPR changes may still apply to you. For more information, read our Seller Handbook article on GDPR.
Why are some changes only available to members in the EU?
GDPR is a regulation that relates to individuals in the EU and as such, we’re providing certain changes specific to EU members at this time. However, we’re committed to protecting all users’ information and privacy through our updated policies and global site changes.
Why did you send me an email notification when I’ve unsubscribed from marketing emails?
Since the GDPR requires material changes to Etsy’s policies, it is important to notify our members about these updates. We aim to limit the number of these all-member emails sent. This is a non-marketing message, but you can unsubscribe from marketing emails, promotions, or mailing lists using the unsubscribe link in each message, or in your Emails settings if you have an account.
What privacy updates are available on Etsy’s mobile apps?
With the exception of account deletion and data download features, Etsy’s buyer app contains all the privacy settings available on Etsy web and mobile web. Additionally, your mobile device may offer separate privacy features under the device’s settings, which provide more control over your app experience on Etsy, such as app location tracking and app notification options.