We rely on third-party payment processors to process payments made by buyers on our marketplace. If our third-party payment processors terminate their
relationships with us or refuse to renew their agreements with us on commercially reasonable terms, we would need to find an alternate payment processor and may
not be able to secure similar terms or replace such payment processors in an acceptable time frame. Further, the software and services provided by our third-party
payment processors contain errors or vulnerabilities, be compromised, experience outages, or not meet our expectations. Any of these risks could cause us to lose our
ability to accept online payments, make payments to sellers, or conduct other payment transactions, any of which could make our platform less convenient and
attractive and adversely affect our ability to attract and retain buyers and sellers.
Risks Related to our Legal and Regulatory Environment
We store, process, and use data, some of which contains personal information. This subjects us to complex and evolving federal, state, and foreign laws and
regulations regarding privacy, data protection, and other matters. Many of these laws and regulations are subject to change and uncertain interpretation, and
could result in investigations, claims, changes to our business practices, increased cost of operations, and declines in user growth, retention, or engagement, any
of which could seriously harm our business, results of operations, and financial conditions.
We collect and maintain significant amounts of personal information and other data relating to our users and employees. Numerous federal, state and
international laws, rules, and regulations govern privacy and the collection, use, and protection of personal information and can expose us to enforcement actions and
investigations by regulatory authorities, and potentially result in regulatory penalties and significant legal liability, if our compliance efforts fail. For example, the
California Consumer Privacy Act, or CCPA, broadly defines personal information, gives California residents expanded privacy rights and protections, and provides
for civil penalties for violations and a private right of action for data breaches. In addition, California voters also approved the California Privacy Rights Act, or
CPRA. Among other changes, the CPRA established a dedicated privacy regulator in California, created a new category of “sensitive information” over which
California residents have additional rights, and requires businesses to implement data minimization principles. Future laws, regulations, standards, and other
obligations, including those related to the CCPA, and changes in the interpretation of existing laws, regulations, standards, and other obligations could impair our
ability to collect, use, or share information relating to consumers.
Laws, rules, and regulations concerning privacy, data protection, and data security evolve frequently and may be inconsistent from one jurisdiction to another
or may be interpreted to conflict with our practices. For example, in addition to the developments in California, a number of other states are considering privacy
legislation similar to the CCPA and/or other potential privacy laws. We expect that there will continue to be new proposed laws, regulations, and industry standards
concerning privacy, data protection, and information security in the United States, the EU, and other jurisdictions. We cannot yet fully determine the impact that these
or future laws, rules, and regulations may have on our business or operations. Additionally, we may be bound by contractual requirements applicable to our
collection, use, processing, and disclosure of various types of data, including personal information, and may be bound by, or voluntarily comply with, self-regulatory
or other industry standards relating to these matters.
Any failure or perceived failure by us or any third parties with which we do business to comply with these laws, rules, and regulations, or with other
obligations to which we may be or may become subject, may result in actions against us by governmental entities, private claims and litigations, fines, penalties, or
other liabilities, or result in orders or consent decrees forcing us to modify our business practices. Any such action would be expensive to defend, would damage our
reputation and adversely affect our business, results of operations, and financial condition.
Unfavorable changes or failure by us to comply with evolving internet, eCommerce, and government or payments regulations could substantially harm our
business, results of operations, and financial condition.
We are subject to general business regulations and laws as well as regulations and laws specifically governing the internet and eCommerce. These regulations
and laws may involve taxes, privacy and data security, consumer protection, the ability to collect and/or share necessary information that allows us to conduct
business on the internet, marketing communications and advertising, content protection, electronic contracts, or gift cards. Furthermore, the regulatory landscape
impacting internet and eCommerce businesses is constantly evolving which could expose us to enforcement actions and investigations by regulatory authorities, and
potentially result in regulatory penalties. For example, California has proposed legislation that would expand product liability of defective products to an online
platform even when the platform does not manufacture, sell, distribute, or take possession of the product. There is also pending federal and state legislation aimed to
combat the sale of stolen or counterfeit goods online, which would require us to take extra steps in collecting and verifying seller information. If such legislation
were to pass, our legal
33