Victims of eBay’s Massive Data Breach May Never Have Their Day in Court

eBay, the billion-dollar online auction company, has been hit with the second largest data breach in history, with more than 145 million users affected, the New York Times reported on Thursday. Although eBay insists that users’ financial information is safe, it confirmed that hackers were able to steal personal information including names, birth dates, email addresses, and passwords which could be used for identity theft. 

Unfortunately, victims may find that they cannot hold the tech giant accountable in court because of a forced arbitration clause buried in eBay's terms of service

Tech companies like eBay use forced arbitration clauses to evade privacy laws because they allow the company to kick violated users out of court and instead funnel them into a rigged forum run by an arbitrator selected by the company. This arbitrator is not required to have any legal training and does not even have to follow the law.

eBay’s forced arbitration clause also prevents users from joining forces in a class action, meaning that each user must take on eBay (and its lawyers) alone.  And because arbitration is a secretive process, victims and the public will likely not be able to learn of the extent of eBay’s negligence.

eBay’s subsidiaries like PayPal and StubHub also require users to surrender their right to go to court, so if this breach turns out to be larger than reported – and they often do –  those users are also out of luck.

Forced arbitration clauses are ubiquitous in the tech industry, but they are also controversial.  In 2009, Facebook users were so appalled by the practice that they successfully campaigned the social media Goliath to remove its forced arbitration clause. 

When forced arbitration eliminates the possibility of ever having to answer for data breaches in court, what incentive do tech companies have to protect your privacy?