Junkbusters and the Electronic Privacy Information Center (EPIC) argue that the e-tail giant isn't doing enough to protect the privacy of its customers and must allow customers to view and delete their personal records.
Amazon still holds the option of selling its customer database, refuses to give customers access to all the data it holds on them and refuses to delete their past purchase records, the privacy groups charge. Amazon should be made to reverse all these stands--and submit to an independent audit of its compliance with its privacy policies, the groups say.
"This is necessary because the company's actions have shown that it should not be trusted," the groups say in the letter, a copy of which was seen by CNET News.com.
Junkbusters and EPIC are focusing on Amazon because of its pre-eminence as an online bookseller, said Junkbusters President Jason Catlett. Customers' reading habits should be kept private, and Amazon is not doing its part to ensure that they are, Catlett said.
"It's a very fundamental freedom to read without fear of having what you look at held against you," Catlett said. "It's simply not right that people's reading habits are kept forever against their will, particularly when Amazon has decided that it might sell them in the future."
Amazon representatives did not immediately return calls seeking comment.
EPIC and Junkbusters led the criticism of the change, charging in asent to the Federal Trade Commission that the change represented an unfair business practice. The FTC later not to take action against Amazon.
After the FTC dropped the matter, a group of state regulators began investigating Amazon's privacy practices and discussing them with the company. The upshot of those discussions was an agreement by Amazon last month to clarify some of its privacy statements. Among the changes Amazon made was to add details on the circumstances under which it might disclose customers' personal information and to list some of the companies with which it shares information.
One of the changes Amazon made was to the section on what it will do with customer records in the case of a business transfer. The company added that although such records are considered assets that are generally included in a business transfer, the records remain "subject to the promises made in any pre-existing Privacy Notice."
In their letter, the privacy groups take issue with that line, calling it hypocritical.
"Amazon promised customers never to sell their information; now it is saying that it may do so, recently adding the 'clarification' that the buyer will be subjected to the same promises that it originally made, and then abrogated," the groups say in their letter. "This is plainly hypocrisy. We also believe that it constitutes and unfair and deceptive trade practice under federal and state law."
Amazon has said that its latest revisions did not "material change" its privacy statement. The company has said in the past that it takes customers' privacy seriously.
Long a concern for consumer advocates, online privacy took center stage in June 2000 when failed toy e-tail Toysmartto sell its customer records as part of a bankruptcy proceeding despite previously promising never to sell that data. After the Toysmart controversy, a number of e-tailers, including Amazon, modified their privacy statements to allow them to transfer or sell their customer records in case of bankruptcy or a sale of their business.