Amazon to revamp privacy policy

The online retailer's planned update is in response to concerns raised by customers, consumer advocates and state regulators.

3 min read
Online retail giant Amazon.com plans to revamp its privacy policy in an attempt to address concerns raised by customers, consumer advocates and state regulators.

As part of its revision of the policy, which it plans to post "in the next few weeks," Amazon plans to clarify the circumstances under which it might sell or share customer information, the company said in a letter sent to state regulators Monday. The company also plans to list the companies with which it offers joint or co-branded services and to provide more information on the types of customer information it collects from other sources, the company said in its letter.

"In sum, we believe the changes to our privacy notice will make our privacy practices and policies more transparent to customers and easier to understand," the company said in its letter.

Massachusetts Attorney General Tom Reilly hailed Amazon's decision, saying in a statement that the company had agreed to "wide-reaching changes" in its privacy policy.

"I'm really pleased that this company recognized our concerns and is taking actions to protect consumers," Reilly said in the statement.

But Amazon representatives emphasized that the company was not making any "material changes" in its policies or practices.

"There's no significant change here from what we did in September of 2000 except the wording," Amazon spokeswoman Patty Smith said.

Amazon ignited a firestorm of criticism when it last updated its privacy policy in September 2000. Under the current policy, Amazon warns customers that it might transfer their personal data "in the unlikely event" that the company or its assets are acquired. The company's previous policy said Amazon would not "sell, trade or rent your personal information to others" and did not make an exception for the case of a transfer of business control.

The change was protested by customers and consumer advocates. The Electronic Privacy Information Center (EPIC) charged that the change represented an unfair business practice and urged the Federal Trade Commission to investigate. The FTC later decided not to take action against Amazon.

After that decision, a group of state regulators, including the attorneys general of 12 states, began scrutinizing Amazon's privacy practices and has discussed them with the company.

The updates to Amazon's policy came as a result of these discussions, said Glenn Kaplan, an assistant attorney general with Massachusetts, which led the talks with Amazon. The agreement is not binding and has no enforcement mechanism, but the states expect Amazon will comply with it.

"The agreement promises that Amazon will make certain changes to its privacy policy," Kaplan said. "We're confident that they will carry through on their commitments. To the extent that they don't, we're back in a position of looking at their practices and policies to see if they fall under consumer protection laws."

By clarifying the companies with which it has marketing relationships and listing the ways that it collects data from outside sources, Amazon is doing a service for customers that goes beyond its obligations under federal law, said Chris Hoofnagle, legislative counsel for EPIC. But the company still hasn't addressed the issue that sparked the uproar about its initial privacy policy change: whether it should sell its customer lists in the case of an asset sale, Hoofnagle said.

"There are important reforms to their privacy policy, but the core issue here is Amazon should not be allowed to sell its customer data that it collected under the previous privacy policy," Hoofnagle said. "Amazon made an important guarantee in the area of intellectual freedom when comes to not selling book lists and that guarantee should be enforced."