eBay

I 100% feel the same.

It says at the top banned payments could be affected if you don't provide it. 

Nobody will know for definite unless they've not given their NI and experienced it (or eBay release info about what happens if you don't and they haven't yet). 

I would suspect it would be a week, maybe longer to pass it over. If not then the account will probably be restricted, no more payouts and maybe you won't be able to list or sell anything (a bit like the restrictions eBay do of they ask for ID and it's not provided by a certain period of time). 

Precisely, ebay already has plenty of 'unique to me' info. some of it already supplied to HMRC and what is a UTR if not a Unique Tax Reference.

The point is that any hacker that gets hold of my UTR will find it pretty useless as it leads nowhere except to HMRC.  But my NINO plus all the other info. ebay has, + other info. held by other companies leads directly to my bank account, ISA and other savings accounts, State Pension, Private pension etc.  It is about the only truly private piece of information that hasn't been taken from me under the usual pretexts of anti-money laundering, site security or anti bank fraud (Know Your Customers) regulations.  I'm still slightly gob-smacked that the Chancellor (or whoever) so blithely said it should be used in this way.

But as has been said about ebay if it all goes wrong, they'll say "Sorry" and walk away.  So will the govt. and HMRC.

How much trust do I put in ebay to safeguard my private info.?  No more than I have in other on-line companies and banks, so many of which have suffered security breaches.  I can't quote directly, but someone posted on here that amazon has been fined more than once for selling account holders data.  Do I trust ebay not to do the same when both are US corporations who's only consideration is its bottom line and if they think they can get away with doing anything to strengthen it, regardless of laws.

I won't be giving my NINO to ebay.  I might (possibly) give it to ebid as they're a UK company, based in the UK and with UK citizens as directors.  They can't possible have any question marks about being subject to UK laws.  But so far as I'm aware they haven't made any announcements as to how they plan to carry out the new reporting regulations.  Apart from one brief thread on their boards NINOs haven't been mentioned over there at all (yet?). 

I would like to see HMRCs response to how they think they will enforce any UK data protection laws or even gain any oversight of my data once it's safely tucked away in San Jose.

This response is both to you and to @papso22 , who comented earlier.

I can understand people being a little suspicious of eBay, given that they have a track record of making errors.

However, I think both of you are going out of your way to find rather unlikely hypothetical problems.

In the case of papso, read everything eBay have posted regarding this; don't just home in on one comment, which you appear to be taking out of context. I agree they have not always been 100% clear, but read it all.

Regarding the more recent comment from @theelench , you're just looking for the worst-case scenario. Just put on your sensible head for a moment. Obviously, HMRC will ensure eBay take every care to safeguard our information, and there will (probably already) be procedures set down to deal with the unlikely event that these safeguards fail, even with eBay headquartered in The States. Neither of these organisations will be able to simply "walk away", as you suggest.

I'm not sure how much sway you think HMRC will have with the way ebay safguard our information, I'm not sure they will have any.

If ebay's hacked, it's hacked. If the safeguards fail, they have failed. I'd rather keep my info safe than blindly trust a company that has already been hacked.

Don't you think HMRC will be taking steps to ensure that selling platforms such as eBay treat NINO's with the utmost care? Any breach/hack could impact upon HMRC as much as it would impact eBay members.

Common sense should tell you that HMRC must have inspected eBay's procedures, to ensure that they are set up properly to deal with the necessary reporting (although that has been going on for some years on a voluntary basis). HMRC will certainly have inspected eBay's security procedures, and their proposals for safeguarding such sensitive data. They will have satisfied themselves that adequate provision is in place, and they will certainly take action against any companies who do not have sufficient safeguarding in place. I don't trust eBay 100%, but you'd need to be pretty naive to think that HMRC will just sit back and watch companies like eBay adopting a cavalier attitude to their data.

I think you are rather over-reacting. As you know, you don't really have a choice, if you want to keep selling online, but it's up to each individual in the end.

I have not only read everything ebay has put out about these new reporting rules, I have read the actual legislation and the international, guidance notes that set out the detail of how the new regulations will operate.

In each of my posts I was commenting on one very specific issue, that's not 'taking things out of context'.  I don't think I have identified any hypothetical problems but a very real potential issue caused by Ebay's clear misunderstanding of the rules.

I think you are expecting far too much of HMRC particularly as a NINO is not their data just because they issue it.  It belongs to the individual. They will not be checking the security processes in each entity that has to provide them with this information. 

---

@the_book_seekers wrote:

It is more likely that the regulatory bodies for Data Protection will be taking an interest in how the online companies store and protect NINOs rather than HMRC.

---

Yes, that is the Information Commissioner's Office's remit. Apparently, they do perform audits and can issue fines of up to £17.5m or 4% of global annual turnover, whichever is higher. Also note that UK sellers are contracted to eBay Commerce (UK) Ltd; it is illegal for that company to transfer any personal data to anyone including parent company eBay inc. without the proper data protection measures in place. Last year Meta Ireland (Facebook's Irish subsidiary) was fined €1.2bn by the Irish Data Protection Authority for breaching GDPR regulations by illegally transferring it's Irish user's personal data to it's American parent company.

---

@vinylscot wrote:

I don't trust eBay 100%, but you'd need to be pretty naive to think that HMRC will just sit back and watch companies like eBay adopting a cavalier attitude to their data.

 

 

---

It will be nothing to do with HMRC how ebay treat 'their' data -and it's actually MY data, not ebay's.

With all the new stuff HMRC will have to deal with chasing up tax evaders, avoiders and possible avoiders, I think they will have more than enough on their plate than to go checking  if ebay, Amazon, etsy, discogs, ebid etc are all keeping their users data safe.

There's nothing hypothetical about companies being hacked and having data stolen, it's such a regular occurrence that apart from McD I can't even remember the names of the more recent reported cases where customers' data has been lost.  Rather than my opinion being 'just looking for the worst for the worst-case scenario', it could be said that your opinion is hopelessly optimistic that such events are 'unlikely'.  The evidence shows it is not, but is so likely as to be an almost monthly occurrence.

As for US corporations playing fast and loose with regard to data protection legislation, @4_bathrooms  gives another example of Meta Ireland being fined to add to Amazon being fined for misusing personal data that they were supposed to be safe-guarding.  I don't think that that the victims got much comfort from them being fined after the event.  Nor do I trust ebay not to try doing something similar, if it thinks it can get away with it.

But back to my original question.

@papso22  (someone who's previous answers on this topic have been helpful and informative) replied saying "It will be NINOs from private account holders and UTRs from business account holders".    

I'm asking why is that?  The sticking point for many (including myself) is giving my NINO to ebay, not HMRC who already have it, when I and probably many others already have a UTR but are within the law and ebay rules operating private accounts.  Why should my data be put at risk just because I have a private account, while business sellers' is shielded by using a UTR ?

Is this because HMRC has directed ebay to collect NINOs from all private sellers?  Or is this, as they did before with verifying personal I.Ds only  with passports or driving licences because that was convenient for ebay (and allowed them to collect thousands of photo IDs), when in fact other forms of ID were acceptable if those without ebays 'requirements' made enough fuss?

As I said before, ebay will not be getting my NINO, but I will give them my UTR which to me fulfils HMRC requirements and protects my data security so, if possible, I would like some clarification on the point please.

May I ask why you would only be "marginally happier" about ebay having your UTR?

To me that seems far safer than a NINO being in their hands.  I can't think of it being used anywhere else other than HMRC for personal verification and is linked to nothing other than my personal tax account.  A far safer solution than a NINO, which is linked to and used as ID on various financial accounts as I said above.

Am I missing some other implications?

Well I can tell you of one of the latest hacks, my health board D&G. The hackers have released 3tb of staff/patients data on to the dark web.

As for ebay wanting either my UTR or NI number, Amazon already have both. They are both on the verification letter supplied by HMRC that Amazon required to comfirm my self employment status.

---

@theelench wrote:

May I ask why you would only be "marginally happier" about ebay having your UTR?

 

To me that seems far safer than a NINO being in their hands.  I can't think of it being used anywhere else other than HMRC for personal verification and is linked to nothing other than my personal tax account.  A far safer solution than a NINO, which is linked to and used as ID on various financial accounts as I said above.

 

Am I missing some other implications?

---

No, just me being over cautious!

The less info someone has about me the better - when Managed Payments was first brought up I had to get in touch with ebay to check that I had given my correct dob when I signed up - fortunately I had. On many non-official sites I give a false dob, as I really don't see why anyone needs to know that. 

Would not be so sure about those details being unique - i live outside my local village and in that village there is someone with the same initials and names as myself, we both live in The Bungalow (slight difference in the next line but often that is missed off by some companies anyway) and we both used to use the same dentist and doctor and strangely enough we have exactly the same date of birth!   I only found out because the dentist mixed up our records one time and then i needed a copy of some medical data for an insurance claim and there were things on there that did not relate to me.  Coincidence sometimes happens, might add that i do not originally come from round this area either..

---

@kath3735_wxmjn wrote:

Would not be so sure about those details being unique - i live outside my local village and in that village there is someone with the same initials and names as myself, we both live in The Bungalow (slight difference in the next line but often that is missed off by some companies anyway) and we both used to use the same dentist and doctor and strangely enough we have exactly the same date of birth!   I only found out because the dentist mixed up our records one time and then i needed a copy of some medical data for an insurance claim and there were things on there that did not relate to me.  Coincidence sometimes happens, might add that i do not originally come from round this area either..

---

I can absolutely assure you there is no one with my full name, full address and date of birth.