Slashdot Mirror
Amazon's Privacy Policy Now Allows Sale of User Info
StoryMan writes: "Amazon.com decides to revise its privacy policy and states that it considers consumer data a saleable asset. Story here at CNN." Michael notes that this only happens if Amazon.com is sold: essentially covering their butts in case they go bankrupt. Of course considering their burn rate, this doesn't make me feel better. I haven't shopped at Amazon since their one-click-shopping patent, but I'm sure they have plenty of stuff listed about me from an era when I happily shopped with them (mind you this is before Amazon diluted itself by selling so much crap, that buying books became a pain).
Jamie adds:
Note the language of the new privacy policy: "of course" your private information will be "one of the transferred assets."
Did you think your information would still be private five years from now, when the dozens of companies you've shopped at have all gone bankrupt one by one? Ha ha! Foolish consumer!
The first test case in bankrupt-privacy seems to be Toysmart, and the latest word on that is that a judge refuses to forbid such "asset transfers." We'll keep you posted on the Toysmart case, but for now, it doesn't look good.
This may have been covered before, but what about those of us who agreed to the original privacy policy? Shouldn't Amazon provide a way for us to completely remove our details from its system if we don't agree to it's new policy?
Companies sell your data all the time. They do not need the internet for that. Credit card companies, mail order companies, magazines ... ect. They were doing this before the internet exploded. I received a mailing for thinkgeek (which I think is cool) where do you think they got my address from them I never purchased anything from them. They bought my name from somewhere because I was labeled as a linux geek. On the internet there is less information being given out then your Credit Card company. People are complaining about privacy when privacy died years ago.
________________
They're - They are
Their - Belonging to them
I don't want free as in beer. I just want free beer.
I have been watching this trend that companies seem to be following; Having the user sign up for , and promising that the data you submit to them will not be used for anything other that their own records. Now it seems companies are changing policies left and right. So where does that leave us? Personally I get enough unwanted e-mail from . This is absolutely ridiculous. For a while it seemed we were heading in the right direction, people almost regarding internet forms where one agrees to a policy as a sort of signature. What is the legality of this? As far as I know when I signed up with Amazon.com they agreed not to sell or give out my user info to anyone. Now because they feel they may need to they change their policy.
It must be incredibly frustrating for those individuals who founded or co-founded amazon to see it heading this way.
Maybe the marketing / legal department at amazon has already figured out how to splice crack into their genes. Sure seems like it.
S.t.e.v.e.
since they can't export personal data to countries with insufficient privacy law. The US does not have satisfactory privacy-protection, but if a company has a good enough privacy-statement, you CAN export personal data to that company. But this may be a big mistake by amazon.. not that they'll loose me as a customer.. I prefer my local bookstore.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
Following on from previous situations, where companies have gone bankrupt, and sold customer data [0], this is hardly a surprise. Has Amazon turned a profit yet?
However, this is an interesting case. In the UK (and Eurpoe generally) there is greater protection on what companies can, and can't, do with your personal data.
This means that the privacy policy for amazon.co.uk is different from amazon.com.
Arn't they the same company? Isn't this a little schitzophrenic?
This sets a bad precedent as companies will have a tight privacy policy to lure people in, then they will turn around and change it so they can sell the information. Privacy policies are quickly becoming useless, me thinks.
Prevent email address forgery. Publish SPF records for y
I believe they can do this with out breaching the privacy policy. For instance if company X wants to seel to Amazons' computers books buyers then amazon will contact those buyers with the offer and no data is transfered to outside parties so they did not sell your information to this company they sold the right to contact amamzon's user. I heard of this being done so privacy contracts are not breached.
The one-click patent hurts. I avoid amazon.com when possible because of it.
I have a feeling that this article is just sensationalism, though. With the recent Toysmart case, this really seems like the sensible move on their part. I'm not too worried about amazon going out of business, anyway. Anybody care to explain why this is bad, except that it involves the words "private information"?
Some alternatives I use in avoiding amazon:
buy.com is almost always cheaper. Less in stock, worse web site, worse service, but cheaper.
fatbrain.com has excellent service and selection for technical books.
express.com has excellent service and selection for movies and games.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
This is absolutely ridiculous! There has to be some law that protects a user from this. Or atleast they should not be able to sell the information they gathered about me, BEFORE The change. Because I had agreed to their previous privacy policy. Wouldn't this be breach of contract. I can see it now. Medical instituions and porn sites. GARAUNTEing your privacy, hell they can make absolutely ANY claim they want. Then after a couple of years, when they have gathered lots of information and are gonna get good chunks of money, they simply change their privacy policy and can do whatever they want??? .. This is called conning the customer.
Does this mean that I can put up a deal on my commercial website that says .. Join now and fill this survey out.. and we promise never to disclose this information to anyone, and we'll never use any information either to spam you, and on top of that we'll mail them a check worth $10 in three months time to the address and name filled out in the survey. Now you'd have to fill in the right information to get the check and be able to cash it. So now I have a whole ton of your information. Then 2 months later, I change my policy and some $hit like that and spam anyway because we no longer give an option to registered users to opt-out of our "news" mail.
Sorry, No sig!
These were not the terms I agreed to. These are very different terms. It seems like the tactic of updating with bogus info is probably the only viable thing most of us can do but this type of bait and switch on the part of dot-coms could put a big chill on e-business.
Wansu, th' chinese sailor
How can we totally -remove- our account info? Changing it is NOT good enough. We need to make a show of it and when they see a bunch of accounts being removed, realize something is up.
Wonder how Wall Street will react to this. It's up half a point so far.
BilldaCat
Check out www.noamazon.com for information about stopping Amazon, and links to other online bookstores which have better privacy policies.
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Amazon is learning a lesson, and has now made their sale of user data legit by their policy. If Amazon went under tomorrow, it would be hard for a judge to stop such a sale.
The biggest problem here is that the US has no regulation on privacy data, and there are very few mouths that are catching the ears of ppl in Congress to get stronger privacy info set up - possibly because the US Gov't has a rather juicy database as well that probably goes above and beyond the needs for maintaining taxes. The CNN article mentions an industry group that is formed to consider privacy issues, including Amazon and DoubleClick. I'm surprise they didn't invite Spamford to their party as well.
The only true way to go with privacy is the opt-in model, and making sure that your records with any company can be accessed by you and can be deleted at your request (Of course, in some cases, there might not be even information to be able to do part securely).
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
This is an email i sent to Amazon's cust srv. dept. at terms@amazon.com. It speaks softly but i have found that being 'nice' tends to get a better response. Dear Amazon, I noticed the change in your privacy policy specificly allowing that you will sell customer information as a part of a sale of a buisness unit. While i respect you for at least posting this information I would like to ask that you make some accomodations for those who have used your service prior to this change. Ideally it would be good if you purged the info ans started collecting fresh. At very least offer people a oppertunity to opt-out now that what we can expect from your company has changed. ============
Amazon's finally going to make money. Buy your stock NOW!!!
(btw, I'm cancelling my account with them)
If you can read this, then I forgot to check "Post Anonymously".
It would seem that Amazons records of what you do extend way beyond what information you actually type in. Amazon is one of the few companies that *really* take advantage of tracking buyers habits.
This personal information is how Amazon is aboe to pop up that message saying stuff like "People who bought this book also liked X" and "This book is popular at X Corp, and in Iowa"
Amazon has put all you clicks and such to good use which is really just good business. However this also makes the information much more valuable.
Let's face it... Data is a commodity, and it makes business sense to treat it as such.
On the other hand, sense Amazon seems to attempt to compete with everybody else in the world, why would they want to sell off there competitive advantage.
It does anger me however if a company can just change such statement at will. That is what agrivates me the most!
--- Nothing To See Here ---
Given your email addy, I'd guess you're with amazon.co.uk; under the Data Protection Act, you can ask them to do exactly this.
-- the most controversial site on the Web
The right to be anonymous and the right to privacy *are* *two* *separate* *matters!*
I might want to be anonymous, if I lived under an opressive government, or did something my neighbours would not like (or did something criminal). Privacy, I want regardless of wether someone has a database on me or not. If Amazon has an automated script that picks out books I'm likely to buy, that is not a privacy issue. If someone calls me in the middle of dinner to sell me books, it is a privacy intrusion, regardless of wether they got data from amazon or simply rolled up my number.
I want laws that regulate the *use* of personal data rather than the act of collecting it. If my data cannot be used by telemarketers, there is no longer any point for dotcoms to collect more than they need.
All opinions are my own - until criticized
Ok, what happens to people who have signed for an account *before* this change in policy?
As far as I know, when you sign up for such a service, you agree to the terms of usage displayed to you at that time. You are not forced to agree to the change in policy later on. Call up Amazon and request for an IMMEDIATE deletion of your account or change of personal info.
Of course, Amazon might tell you its done and still sell your info afterwards, when it goes bankrupt(yay!). The question is: How do you know your info has been deleted? What will prevent Amazon from selling information about customers who signed up *before* the change in policy?
Do you Americans have some law that can help ?
Thanks for reading
Forget that noise about Amazon - this line from the article bothered me even more. Has anyone else heard about this?
This is NOT the same as selling data I willingly provided to Toysmart or Amazon. One involves consent and the other does not. I agree with the /.ers who are saying the Amazon news is no big deal - it's not. Although changing user agreements after the fact is a bit underhanded, I'm not concerned about my personal data. Brick and mortar and credit card companies sell it all the time. If you don't like it then pay with cash and don't give Radio Shack your address. Or you don't shop online. Simple.
But DoubleClick's plan sounds so much more sinister. The thought of being stalked while I surf is disturbing enough - but I can't abide the possibility of receiving all kinds of spam (both regular and electronic) simply because I visited a site. I'm all for target marketing - that's why I don't mind giving my info to Amazon, Buy.com (when I buy something) and signing up for emailing lists of my choosing. But just because I go to a site looking for erotic pictures of Jennifer Lopez does not mean I am on the prowl for a new buttplug.
-------
We want some answers and all that we get
Some kind of shit about a terrorist threat
- Ministry
By definition, a privacy policy is an arrangement to not reveal something. If it can be changed later without the customer's knowledge, what good is it?
Reminds me of the Seinfeld episode where he reserves a car, and when he gets to the rental place, finds out his reserved car is gone. Anybody can take a reservation, the whole point is to keep it, he reminds the clerk. It's the same with a privacy policy. What good is it if it is sold off later?
There seems to be no solution to this. nobody can guarantee that a company will stay in business, and there's no law that prevents a privacy policy from being changed (or they wouldn't be doing it).
Is there an industry standard which can be realistically followed, and is there an incentive for it?
LL.
This brings up an interesting issue. Why do all subscription/registration systems provide Sign Up Here! methods, but not Get Out Now! methods?
On occasion, I have signed up for various services online, from newsreaders to tea companies. Over time, for various reasons, I have decided to stop using some of these services. But at the website, I can't unregister. I have no way of completely removing my information and account. I have no way to ask that my name be at least deactivated and at best deleted from their databases. Why is this? Shouldn't I be able to get out as easily as I got in? Wouldn't it even be beneficial to these companies to save the cost of maintaining info on someone who is no longer interested or satisfied with their products?
DBA's out there...is it feasible, practical, to completely remove a user's record from your data on request? Obviously you can't nix the transactional records, but could you pull the salable information if I asked you to? When I call up and ask you to remove my info from your systems, do you? Do I have any way to verify that you have?
In Amazon's case (and many others, I suspect), I would have carefully checked the privacy policy before I first gave my details. But when major changes such as these come about, suddenly, I have no method to dissent. I can't get my information deleted, and I can't un-join now that the policy is no longer satisfactory.
At the very least, changes like these should only be allowed to be valid from the time of the change forward. So, transactions I made in the past, under a previous policy, would not be eligible for sale. Transactions going forward after notification, would be. Then, if I had the ability to delete my details, I would be satisfied (albeit not happy) with the process.
---
"The Constitution...is not a suicide pact."
"Life. Don't talk to me about life."
This is not flamebait, this is a happy amazon customer wishing to express his opinion on the matter.
I've been using Amazon.com since 1997. In that time I've bought hundreds of books, CD's, DVD's, VHS's and, more recently, electronics. I have no problems with Amazon keeping my customer info. This way, I actually get things that *I LIKE* on my front page whenever I log in. They have my preferences down quite well. I just bought a 61" TV from Amazon too, and received it in a week with free shipping. That's way better than the local Circuit City was going to do for the same price.
Rob, I have no idea what you're talking about when you say that book buying is so much more annoying now that they sell all kinds of crap. You search for the book, you add it to your shopping cart (or 1-click) and you're done. There's virtually NO difference in book buying now as opposed to before Amazon diversified. Opinions like the ones Rob stated seem to me to be rationalizations of "why we should hate amazon".
My experience that Amazon's customer service and quick delivery has always kept me pleased. WAY more so than Fat Brain or Barnes & Noble who have both delayed several orders by an inordinate amount of time without so much as sending me an email explaining the situation. FatBrain has especially horrible for this -- being out of stock, mis-estimating ship times, messing up shipping information, etc.
If Amazon goes bankrupt, of course I care that my info goes out, but how does this differ from old mail-order catalogues of the past? The technology is more sophisticated, but there is nothing stopping Sears, LL Bean or Eddie Bauer from keeping track of your purchase history. If they go bankrupt or are sold, there's nothing stopping that data from getting out. I care about my privacy, but I also understand that Amazon is not *freely* selling my info, they're just allowing for the possibility of this if they go belly up.
It's quite hypocritical how techies scream when politians want to apply a "new standard" to the Internet in terms of censorship, but themselves want to apply a "new standard" to the Internet for privacy laws.
If they want to try to patent 1-click, that's their choice, and it will be decided in the courts. In the court of customer service, they've won by my experience. It's just a matter if they can turn that into profits some day.
-Stu
now, why is this in the "from the time-to-cancel-accounts? dept."?
you cancel an account, I doubt it gets deleted from their database. it's probably just flagged as inactive.
truth be told, it is an asset that can be resold. UNLESS they specifically told you when you signed up that they wouldn't resell this information. If so, and they do resell it, then those are probably grounds for a civil suit.
I personally can't remember if they stated in the submission form whether they stated that they wouldn't resell this information, so I can't say whether there is grounds for any suit. Also, they said that it's only in the case of bankruptcy, and I don't see that happening. Also, merger/takeover doesn't count as bankruptcy.
I use a cell phone, and never answer the (emergency only) land line. Oh, and I had applied for this cell phone from another cell phone, and then cancelled the first one. They have no number other than my new cell to contact me. Solicitors are not allowed to call cell phones because it incurs a user cost also. I use a P.O.Box, so that people can't tell where I live, and I intend on changing it every year so that I won't get any mailings I don't want. It makes it somewhat inconvenient, since all of my bills go there, but I figure I can always update the information when necessary. I didn't forward any of my school information to the new workplace I have.
Basically, I'm making it as difficult as possible for anyone to track me for a prolonged period of time. If they're going to collect information about where I am, I can endeavor to change that fact.
yours,
yours,
kbs
In order to be in business at all these days, companies have keep a huge database of stuff. Not just the normal things, like what you sold, when, and for how much. Remember, we use book-entry settlement to buy and sell things: checks, credit cards, direct-debit/deposit, even ostensible credit-card transaction gateways like PayPal. Book-entry transaction settlement means that a company has to know who the they did business with as well -- down to their customers address, and, sooner or later, their biometrics as well.
The reason for this is that we have to send someone to jail if they lie about a book-entry transaction, or, frankly, those transactions won't clear, much less settle, and we're back to the days of personal store credit and bales of paper bearer certificates, all of which cost much more to use than just calling the cops.
So. You're in a finance department, say at Amazon. You've got a huge database with all this stuff in it, names, addresses, phone numbers, who bought what and for how much. You pay an enormous amount of money keeping it around, massaging it, storing it, reporting on it. It's gotten so necessary to have, in fact, that because it's all there, the government now wants to see it all, once a quarter, so they can tax and regulate you with it. A fine kettle of fish, indeed.
So, what are you going to do to make money with all that information, to cover some of its enormous cost? You call the Marketing guys, of course, and get them to sell it...
I expect, by the way, that the cheapest way to do transactions, particularly on the net, will be digital bearer transactions, with cryptographic protocols like blind signatures, or X-Cash, or MicroMint, or Mojo, or something like that, but I'm supposed to say that, because it's my job.
In the meantime, don't be surprised if anyone with a database full of book-entry transaction history sells that information, for whatever they can get for it, and that they will even create legislation allowing them to do that, probably with the word "Privacy" in the title somewhere.
This especially holds true for the book-entry transaction companies themselves, like VISA/Mastercard, or, unfortunately, even PayPal itself. Because, even if by law a company can't directly sell that that information, they can, at the very least, always merge, right?
_________
---------- Financial Crypto is the Only Crypto That Matters
it is possible that amazon germany isn't allowed anymore to send personal data to amazon US. see my earlier post for a very short explanation.
countries in the EU actually have laws protecting your privacy...
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
Maybe...
We reserve the right to make changes to our site, policies, and these conditions of use at any time.
IMO, privacy policies are a frappin' joke. They don't mean shit if the terms can be changed at a corp's discretion.
-------
We want some answers and all that we get
Some kind of shit about a terrorist threat
- Ministry
I called their customer service number because there is no link I could find on the web site for cancelling one's account.
Toll-free in the U.S. and Canada: (800) 201-7575
Outside the U.S. and Canada: (206) 266-2992
I was on hold for quite a long time (about 15 minutes) so they appear busy. Their computer system was running slowly, too; it took several minutes to locate my account record.
The customer service person was completely unfazed by my request to delete my account information and my complaint about the revised privacy policy. I suspect mine was not the first call for that purpose today.
I ordered $ 194 worth of books at amazon last Thursday, and I have to admit, I'm not impressed anymore - and I've been a loyal customer for years.
3 F-39902617-prod5
To start, despite all the books I ordered being "Usually ships in 24 hours", my order was not shipped until Saturday - two days after the order. I remember when orders were almost invariably shipped a few hours after being placed.
It added somewhat to my irritation that, although the order was placed on the 24th and shipped on the 31st, it claimed delivery would be between the 31st and the 5th. Since shipment via UPS ground almost invariably takes three days, this was an absurdly pessimistic range. My order actually arrived, to my relief, on the 30th - just when I thought it would.
Finally, out of the ten-odd items I ordered, instead of sending me William Goldman's sequel to Adventures in the screen trade, they sent me a well-written but surely unrelated SAP: The Inside Story. I'm not inclined to send it back, since that's more trouble than it's worth, but I'm not inclined to appreciate what they did, either. Any suggestions as to what to do about this would be appreciated.
Now, I wouldn't be that upset about this if it weren't for the fact that poor service from Amazon now appears to be a common complaint. See this review:
http://www.epinions.com/book-review-217D-2788EE
After seeing their current service, I have to agree entirely. It's sad to see this kind of decline in a one-time king of customer service, despite their recent privacy problems. But there it is.
D
----
First off, there is lots of information being passed around on you as we speek. There is NO notification that you get when this happens, and there is nothing you can do to stop it. Its to late your information is out there being analized, sold and reanized all the freekin time. No company ever tells you when they sell you informaion - this also go's for the government.
Amazon.com is the only company decent enough to let you know what they are doing with your information, and yes if you don't like there policy then you don't have to shop there. That's why the sent out the press release in the first place, but to bash Amazon.com because its doing what every other company does (including the Government) is just plain retarded. You don't see any other companies with the guts to do what Amazon has done... so give the company some damn credit, even you never buy something from them again.
You better keep shopping with us, or we'll go out of business and tell the whole WORLD what you've been buying!
- Isaac =)
Your credit card company already has and has sold the information of everything you buy over the internet anyways. Why would companies even want Amazon's records if they already have the much better credit card records?
---
I am the dot in slashdot.org
More seriously, though, most privacy policies are garbage. I'm not a big fan of regulation, but there has got to be something that enforces good practices here, since the vendors clearly don't give a shit.
sulli
sulli
RTFJ.