Amazon's Privacy Policy Now Allows Sale of User Info

StoryMan writes: "Amazon.com decides to revise its privacy policy and states that it considers consumer data a saleable asset. Story here at CNN." Michael notes that this only happens if Amazon.com is sold: essentially covering their butts in case they go bankrupt. Of course considering their burn rate, this doesn't make me feel better. I haven't shopped at Amazon since their one-click-shopping patent, but I'm sure they have plenty of stuff listed about me from an era when I happily shopped with them (mind you this is before Amazon diluted itself by selling so much crap, that buying books became a pain).

Jamie adds:

Note the language of the new privacy policy: "of course" your private information will be "one of the transferred assets."

Did you think your information would still be private five years from now, when the dozens of companies you've shopped at have all gone bankrupt one by one? Ha ha! Foolish consumer!

The first test case in bankrupt-privacy seems to be Toysmart, and the latest word on that is that a judge refuses to forbid such "asset transfers." We'll keep you posted on the Toysmart case, but for now, it doesn't look good.

Original policy null + void?

[DanstarIII]

This may have been covered before, but what about those of us who agreed to the original privacy policy? Shouldn't Amazon provide a way for us to completely remove our details from its system if we don't agree to it's new policy?

Re:Original policy null + void?

[MakeTheBadManStop!!!]

Change your info on the site - make it useless or point back to them... If you can't, send them repeated mail that you need your account information deleted, and explain why. Explain calmly, and rationally what the problem is and if they don't remove your information, take further action against them (can anybody say class-action suit - "but they haven't actually *done* anything with our information yet", you say.) Watch them amend this 'privacy policy' every couple months until it says "all of the information you gave here will be posted for public viewing on invasion.privacy.amazon.com/$userid". Bastards.

Re:Original policy null + void?

[arivanov]

Removing the information from the site and from the database are two different things. Very different.

Re:Original policy null + void?

[ziggy_az]

I simply replied to their email:

--
I hereby decline to accept your agreement, and direct you to remove any
and all information pertaining to me from your databases. Sale of
information pertaining to me may be done so only for a fee payable
directly to me. I hereby set that fee to be $10,000 US dollars for each
instance of my name and other information about me being attached to a
list being sold by Amazon.com. Sale of a list which includes information
about me constitutes acceptance of these terms.
--

I don't know if this is legally binding, but it seems like it may provide them incentive to remove my information, and makes clear that I will no longer do business with them because of this change.

What else is new?

[jjr]

Companies sell your data all the time. They do not need the internet for that. Credit card companies, mail order companies, magazines ... ect. They were doing this before the internet exploded. I received a mailing for thinkgeek (which I think is cool) where do you think they got my address from them I never purchased anything from them. They bought my name from somewhere because I was labeled as a linux geek. On the internet there is less information being given out then your Credit Card company. People are complaining about privacy when privacy died years ago.

Re:What else is new?

[gorilla]

That's assuming that you use your credit card etc.

I buy stuff using cash. Even in the bookstore where I usually buy 3 - 4 books a week, where the clerks recognize me, and ask me how my injury is healing, I don't get the discount card which would save me 10% every time.

If you want to have privacy, you have to protect it.

Re:What else is new?

[beagle]

On the internet there is less information being given out then your Credit Card company.

Not so - for me at least. I request that my name and address be removed from all mailing list sales and rentals by every vendor with whom I do business - and yes, it gets very tiring doing this.

In meatspace, we can request that our personal information not be shared, and there are laws that require companies to abide by that request. This isn't true in cyberspace, which is why people are so up in arms. There are companies like DoubleClick that don't tell you what they're doing and alluvasudden you're overwhelmed with junkmail and other targeted advertising.

I do not want targeted advertising. Look, you do not have to advertise to me. If I want your service, I'll seek you out.

I'd like to have the same rights to privacy in cyberspace that I do have in meatspace. That's all.

Notification.

[lizrd]

They sent out an e-mail to their customers this morning. I had just finished reading over this privacy policy when I checked /.. However the message they sent in no way indicated what changes had been made in the privacy policy, only that changes had been made. FYI: I am including the text of the message below.

Dear Customer,

We have just updated Amazon.com's privacy policy and, because privacy is important, we wanted to e-mail you proactively in this case and not just update the policy on our site, as is the common Web practice. Thanks for being a customer and allowing us to continue to earn your trust.

To read the updated Privacy Notice, visit:

http://www.amazon.com/privacy-notice

Thanks again for shopping at Amazon.com.

Sincerely,

Amazon.com

Furthermore, on the privacy notice page there is also no indication of what might have changed. I tried to read through it but it was too filled with links for their various services for me to be able to understand what they were saying.
________________
They're - They are
Their - Belonging to them

Not a surprise..

[DarkMan]

Following on from previous situations, where companies have gone bankrupt, and sold customer data [0], this is hardly a surprise. Has Amazon turned a profit yet?

However, this is an interesting case. In the UK (and Eurpoe generally) there is greater protection on what companies can, and can't, do with your personal data.

This means that the privacy policy for amazon.co.uk is different from amazon.com.

Arn't they the same company? Isn't this a little schitzophrenic?

A bad precedent being set?

[FattMattP]

This sets a bad precedent as companies will have a tight privacy policy to lure people in, then they will turn around and change it so they can sell the information. Privacy policies are quickly becoming useless, me thinks.

This is not that bad + Alternatives

[Tom7]

The one-click patent hurts. I avoid amazon.com when possible because of it.

I have a feeling that this article is just sensationalism, though. With the recent Toysmart case, this really seems like the sensible move on their part. I'm not too worried about amazon going out of business, anyway. Anybody care to explain why this is bad, except that it involves the words "private information"?

Some alternatives I use in avoiding amazon:

buy.com is almost always cheaper. Less in stock, worse web site, worse service, but cheaper.

fatbrain.com has excellent service and selection for technical books.

express.com has excellent service and selection for movies and games.

Clarification - User data sellable at ANY time

[Masem]

The /. blurb mistakenly says that user data will only be sold if Amazon is aquired or liquidated. This is not quite correct: unless what I've read so far is misleading, Amazon may sell your data at any time. I think they are specificially mentioning the sale of data if Amazon ceases to exist to substatiate it from the toysmart (or whatever that toy site was) case where even though their privacy policy said user data won't be sold, it was attempted to be aquired when the dot.com was sold.

Other online bookstores

[TeVi]

Check out www.noamazon.com for information about stopping Amazon, and links to other online bookstores which have better privacy policies.

Words to Amazon

[Desdinova77]

This is an email i sent to Amazon's cust srv. dept. at terms@amazon.com. It speaks softly but i have found that being 'nice' tends to get a better response. Dear Amazon, I noticed the change in your privacy policy specificly allowing that you will sell customer information as a part of a sale of a buisness unit. While i respect you for at least posting this information I would like to ask that you make some accomodations for those who have used your service prior to this change. Ideally it would be good if you purged the info ans started collecting fresh. At very least offer people a oppertunity to opt-out now that what we can expect from your company has changed. ============

This is great news!

[iamriley]

Amazon's finally going to make money. Buy your stock NOW!!!

(btw, I'm cancelling my account with them)

Amazon's records, way beyond what you give 'em...

[skribble]

It would seem that Amazons records of what you do extend way beyond what information you actually type in. Amazon is one of the few companies that *really* take advantage of tracking buyers habits.

This personal information is how Amazon is aboe to pop up that message saying stuff like "People who bought this book also liked X" and "This book is popular at X Corp, and in Iowa"

Amazon has put all you clicks and such to good use which is really just good business. However this also makes the information much more valuable.

Let's face it... Data is a commodity, and it makes business sense to treat it as such.

On the other hand, sense Amazon seems to attempt to compete with everybody else in the world, why would they want to sell off there competitive advantage.

It does anger me however if a company can just change such statement at will. That is what agrivates me the most!

This is even more disturbing -

[DreamingReal]

Concerns were brought to the forefront this year when Internet advertising broker DoubleClick was criticized for a plan to market a record of Web pages consumers have visited...

Forget that noise about Amazon - this line from the article bothered me even more. Has anyone else heard about this?

This is NOT the same as selling data I willingly provided to Toysmart or Amazon. One involves consent and the other does not. I agree with the /.ers who are saying the Amazon news is no big deal - it's not. Although changing user agreements after the fact is a bit underhanded, I'm not concerned about my personal data. Brick and mortar and credit card companies sell it all the time. If you don't like it then pay with cash and don't give Radio Shack your address. Or you don't shop online. Simple.

But DoubleClick's plan sounds so much more sinister. The thought of being stalked while I surf is disturbing enough - but I can't abide the possibility of receiving all kinds of spam (both regular and electronic) simply because I visited a site. I'm all for target marketing - that's why I don't mind giving my info to Amazon, Buy.com (when I buy something) and signing up for emailing lists of my choosing. But just because I go to a site looking for erotic pictures of Jennifer Lopez does not mean I am on the prowl for a new buttplug.

-------

Privacy policy only good as it gets

[Lucius+Lucanius]

By definition, a privacy policy is an arrangement to not reveal something. If it can be changed later without the customer's knowledge, what good is it?

Reminds me of the Seinfeld episode where he reserves a car, and when he gets to the rental place, finds out his reserved car is gone. Anybody can take a reservation, the whole point is to keep it, he reminds the clerk. It's the same with a privacy policy. What good is it if it is sold off later?

There seems to be no solution to this. nobody can guarantee that a company will stay in business, and there's no law that prevents a privacy policy from being changed (or they wouldn't be doing it).

Is there an industry standard which can be realistically followed, and is there an incentive for it?

LL.

Once you're in, you can never get out

[FatouDust]

This brings up an interesting issue. Why do all subscription/registration systems provide Sign Up Here! methods, but not Get Out Now! methods?

On occasion, I have signed up for various services online, from newsreaders to tea companies. Over time, for various reasons, I have decided to stop using some of these services. But at the website, I can't unregister. I have no way of completely removing my information and account. I have no way to ask that my name be at least deactivated and at best deleted from their databases. Why is this? Shouldn't I be able to get out as easily as I got in? Wouldn't it even be beneficial to these companies to save the cost of maintaining info on someone who is no longer interested or satisfied with their products?

DBA's out there...is it feasible, practical, to completely remove a user's record from your data on request? Obviously you can't nix the transactional records, but could you pull the salable information if I asked you to? When I call up and ask you to remove my info from your systems, do you? Do I have any way to verify that you have?

In Amazon's case (and many others, I suspect), I would have carefully checked the privacy policy before I first gave my details. But when major changes such as these come about, suddenly, I have no method to dissent. I can't get my information deleted, and I can't un-join now that the policy is no longer satisfactory.

At the very least, changes like these should only be allowed to be valid from the time of the change forward. So, transactions I made in the past, under a previous policy, would not be eligible for sale. Transactions going forward after notification, would be. Then, if I had the ability to delete my details, I would be satisfied (albeit not happy) with the process.

---
"The Constitution...is not a suicide pact."

Amazon is good.

[Stu+Charlton]

This is not flamebait, this is a happy amazon customer wishing to express his opinion on the matter.

I've been using Amazon.com since 1997. In that time I've bought hundreds of books, CD's, DVD's, VHS's and, more recently, electronics. I have no problems with Amazon keeping my customer info. This way, I actually get things that *I LIKE* on my front page whenever I log in. They have my preferences down quite well. I just bought a 61" TV from Amazon too, and received it in a week with free shipping. That's way better than the local Circuit City was going to do for the same price.

Rob, I have no idea what you're talking about when you say that book buying is so much more annoying now that they sell all kinds of crap. You search for the book, you add it to your shopping cart (or 1-click) and you're done. There's virtually NO difference in book buying now as opposed to before Amazon diversified. Opinions like the ones Rob stated seem to me to be rationalizations of "why we should hate amazon".

My experience that Amazon's customer service and quick delivery has always kept me pleased. WAY more so than Fat Brain or Barnes & Noble who have both delayed several orders by an inordinate amount of time without so much as sending me an email explaining the situation. FatBrain has especially horrible for this -- being out of stock, mis-estimating ship times, messing up shipping information, etc.

If Amazon goes bankrupt, of course I care that my info goes out, but how does this differ from old mail-order catalogues of the past? The technology is more sophisticated, but there is nothing stopping Sears, LL Bean or Eddie Bauer from keeping track of your purchase history. If they go bankrupt or are sold, there's nothing stopping that data from getting out. I care about my privacy, but I also understand that Amazon is not *freely* selling my info, they're just allowing for the possibility of this if they go belly up.

It's quite hypocritical how techies scream when politians want to apply a "new standard" to the Internet in terms of censorship, but themselves want to apply a "new standard" to the Internet for privacy laws.

If they want to try to patent 1-click, that's their choice, and it will be decided in the courts. In the court of customer service, they've won by my experience. It's just a matter if they can turn that into profits some day.

It doesn't matter

[Th3+D0t]

Your credit card company already has and has sold the information of everything you buy over the internet anyways. Why would companies even want Amazon's records if they already have the much better credit card records?
---