October 8, 2002 1:00 AM PDT

Privacy groups target Amazon again

Two privacy groups are urging state and federal regulators to force Amazon.com to live up to its privacy promises.

Junkbusters and the Electronic Privacy Information Center (EPIC) argue that the e-tail giant isn't doing enough to protect the privacy of its customers and must allow customers to view and delete their personal records.

In a letter to be sent Tuesday to consumer protection regulators in 14 states, the District of Columbia and the Federal Trade Commission, the two groups praise state regulators for discussing privacy issues with Amazon and with getting the company last month to commit to clarifying its privacy policy. But that revision, completed last week, did not resolve the primary "inadequacies" of the policy, the privacy groups say.

Amazon still holds the option of selling its customer database, refuses to give customers access to all the data it holds on them and refuses to delete their past purchase records, the privacy groups charge. Amazon should be made to reverse all these stands--and submit to an independent audit of its compliance with its privacy policies, the groups say.

"This is necessary because the company's actions have shown that it should not be trusted," the groups say in the letter, a copy of which was seen by CNET News.com.

Junkbusters and EPIC are focusing on Amazon because of its pre-eminence as an online bookseller, said Junkbusters President Jason Catlett. Customers' reading habits should be kept private, and Amazon is not doing its part to ensure that they are, Catlett said.

"It's a very fundamental freedom to read without fear of having what you look at held against you," Catlett said. "It's simply not right that people's reading habits are kept forever against their will, particularly when Amazon has decided that it might sell them in the future."

Amazon representatives did not immediately return calls seeking comment.

Amazon drew criticism from consumer and privacy groups the last time it updated its privacy policy, in September 2000. Under that policy, Amazon warned customers that it might transfer its personal data "in the unlikely event" that the company or its assets were acquired. Previously, the company said it would not "sell, trade or rent your personal information to others" and did not make an exception for the case of a transfer of business control.

EPIC and Junkbusters led the criticism of the change, charging in a complaint sent to the Federal Trade Commission that the change represented an unfair business practice. The FTC later decided not to take action against Amazon.

After the FTC dropped the matter, a group of state regulators began investigating Amazon's privacy practices and discussing them with the company. The upshot of those discussions was an agreement by Amazon last month to clarify some of its privacy statements. Among the changes Amazon made was to add details on the circumstances under which it might disclose customers' personal information and to list some of the companies with which it shares information.

One of the changes Amazon made was to the section on what it will do with customer records in the case of a business transfer. The company added that although such records are considered assets that are generally included in a business transfer, the records remain "subject to the promises made in any pre-existing Privacy Notice."

In their letter, the privacy groups take issue with that line, calling it hypocritical.

"Amazon promised customers never to sell their information; now it is saying that it may do so, recently adding the 'clarification' that the buyer will be subjected to the same promises that it originally made, and then abrogated," the groups say in their letter. "This is plainly hypocrisy. We also believe that it constitutes and unfair and deceptive trade practice under federal and state law."

Amazon has said that its latest revisions did not "material change" its privacy statement. The company has said in the past that it takes customers' privacy seriously.

"Amazon.com knows that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly," the company says in its privacy policy.

Long a concern for consumer advocates, online privacy took center stage in June 2000 when failed toy e-tail Toysmart attempted to sell its customer records as part of a bankruptcy proceeding despite previously promising never to sell that data. After the Toysmart controversy, a number of e-tailers, including Amazon, modified their privacy statements to allow them to transfer or sell their customer records in case of bankruptcy or a sale of their business.

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.