October 8, 2002 5:39 PM PDT

State presses Amazon for privacy response

Consumer protection regulators in Massachusetts are urging Amazon.com to respond to criticisms of its privacy policy.

As previously reported, privacy advocates Junkbusters and the Electronic Privacy Information Center Tuesday sent a letter to consumer protection regulators in 14 states, the District of Columbia and the Federal Trade Commission, charging that Amazon was not doing enough to protect customers' privacy.

In a response also sent Tuesday, the Massachusetts Attorney General's Office said it did not endorse changes recommended by the privacy groups. However, the office did say that it had forwarded the privacy groups' letter to Amazon and was awaiting the company's own response.

"We are interested in receiving Amazon's reply to the concerns you raise," the attorney general's office said in its letter, a copy of which was seen by CNET News.com.

Representatives for Amazon.com and for the Massachusetts Attorney General's Office did return calls seeking comment.

In the letter, Junkbusters and EPIC said that Amazon's recent update to its privacy policy did not go far enough. The groups urged state regulators to force Amazon to get customers' consent before transferring personal records if the company is sold.

The groups said that Amazon should allow customers' to view and delete records and suggested the company should submit to an independent audit of its compliance with its privacy policies.

The criticism of Amazon's privacy practices dates back to the last time the company updated its privacy policy, in September 2000. As part of that change, Amazon warned customers that it might transfer its personal data "in the unlikely event" that the company or its assets were acquired. The company had previously promised that it would not sell or rent users personal information, without exception.

Last year, a group of state regulators led by Massachusetts began investigating Amazon's privacy practices and discussing them with the company. Amazon's latest update to its privacy policy came as a result of those discussions.

Amazon has said that its latest revisions was not a "material change" to its privacy statement.

Massachusetts has its say
The Massachusetts Attorney General's Office said in its letter that Amazon had committed to protecting customers' privacy.

"In response to the states' concerns, Amazon clarified its privacy policy to state that it will never be made 'less protective of customer information collected in the past without the consent of affected customers,'" the Massachusetts Attorney General's Office said.

The attorney general's office added that it didn't think an audit of Amazon's privacy practices was "necessary," as Amazon had been responsive to concerns raised by state regulators. Still, the office said that it was eager to hear Amazon's response to the privacy groups' audit recommendation as well as whether the company would consider allowing customers to view their own personal information collected by Amazon.

"We agree with you that these are very valuable tools for consumers, and that these tools may greatly enhance the ability of consumers to protect their privacy," the attorney general's office said.

Long a concern for consumer advocates, online privacy took center stage in June 2000 when failed toy e-tailer Toysmart attempted to sell its customer records as part of a bankruptcy proceeding. After the Toysmart controversy, a number of e-tailers, including Amazon, modified privacy statements to allow the transfer or sale of customer records in case of bankruptcy or acquisition.

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.