Enriching Our Fortifying Our Approach to Data Strengthening Our Global Privacy Hygiene Program & Policy Infrastructure Global Data The EDG Program aims to proactively drive consistent Our Global Privacy Program guides and supports the and standardized internal data management practices business based on our Data Management Principles Management and processes to strengthen trust and confidence and Privacy by Design practices and helps to ensure in PayPal’s data, support future business growth and that our privacy program is in compliance with the & Privacy Practices achieve Company objectives. We deploy data quality evolving global privacy landscape and regulatory measurements and monitoring to protect critical data guidance. The Global Privacy Program includes the We work to embody a data- and privacy-aware identified across the Company. execution of the privacy risk assessment process, culture that prioritizes responsible use of data through PayPal’s EDG Program supports end-to-end data preparation of the Annual Privacy Plan, privacy transparency, education, enterprise standards and management, from collection to disposal. The team monitoring and testing, issue management and training. innovation. PayPal has established a tiered governance collaborates with functions across the business Based on our Data Management Principles, PayPal structure to drive data management best practices and and helps establish practices in accordance with strives to maintain strong oversight and standards on accountability across the Company. For information on our industry-aligned enterprise data management central tenets of data privacy, including notice and how we empower and educate our customers on data framework, which includes data quality, accountability, transparency, choice and consent and data lifecycle privacy see Social Innovation. 17 stewardship and risk management. Our Enterprise Data management. Our program is focused on driving Our Enterprise Data Governance (EDG) Program, Governance Policy and associated documents align awareness and enabling our teams to consider these Our Board and senior management review the Annual included in the office of the Chief Information Officer, with this overarching framework. principles in strategies and decision-making processes Privacy Plan and management provides periodic advances our enterprise data management and Also in 2022, the Data Management Oversight function related to the collection, use, minimization and sharing reporting to the ARC Committee, the ERMC and others governance activities. Our EDG Program partners with 18 as appropriate on the strategy, implementation and developed additional internal policies to enhance of data. All employees, contractors and third parties are the Global Privacy and Data Management Oversight our data management risk oversight and regulatory required to follow the Enterprise Record Retention policy effectiveness of privacy risk management, including function, led by our Chief Privacy Officer, which is compliance controls, including formalizing policies that defines our practices on the storage and retention reports on emerging trends and topics, privacy-related independent from the business, provides oversight as on open banking and data localization. The team also of data. See our Legal Hub and Privacy Statement for audits and examination highlights and privacy impact part of the ERCM Program, and is ultimately overseen by developed risk statements to identify, establish and additional information. assessment results and escalations. the Board through its ARC Committee. document accountability, controls and risk mitigation PayPal’s internal audit function conducts independent practices on relevant data management risks. “Establishing trust in technology requires maintaining reviews of the data management and privacy programs data responsibly, and with the utmost integrity. At and assesses the effectiveness of governance, risk Data Management Principles PayPal, our Enterprise Data Governance Program does management and controls. Additionally, all PayPal this through the implementation of robust systems, employees and contractors are required to complete oversight and controls that promote accountability, annual training on privacy and data management, and, Management Notice & Choice & Security Data Lifecycle Data Quality Stewardship Standardization transparency and risk management. By Transparency Consent Management17 66 in 2022, PayPal held its first annual data stewardship incorporating privacy into our design training. process, and maintaining a strong culture of compliance, our program seeks to uphold the highest standards of data management.” Archie Deskus EVP, Chief Information Officer Spring, TX, U.S. 17 Data lifecycle management includes collection, use, retention, disposal, sharing, transfer, access and quality. 18 As noted in our Privacy Statement, we will only share customer information with third parties if the information is necessary for the business and the customer is properly informed.