TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

BUSINESS
Playing for Iraq's jackpot

Coke & smoke bite Dow

Sun Microsystems posts tiny profit

(MORE)

MARKETS	4:30pm ET, 4/16
DJIA	144.70	8257.60
NAS	3.71	1394.72
S&P	10.90	879.91

SPORTS
Jordan says farewell for the third time

Shaq could miss playoff game for child's birth

Ex-USOC official says athletes bent drug rules

(MORE)

All Scoreboards

WORLD

Quake help not fast enough, says Indian PM

U.S.

Bush: No help from Washington for California power crunch

POLITICS

Bush signs order opening 'faith-based' charity office for business

LAW

Prosecutor says witnesses saw rap star shoot gun in club

ENTERTAINMENT

Can the second 'Survivor' live up to the first?

HEALTH

Heart doctors debate ethics of testing super-aspirin

TRAVEL

Nurses to aid ailing airline passengers

FOOD

Texas cattle quarantined after violation of mad-cow feed ban

ARTS & STYLE

Ceramist Adler adds furniture to his creations

(MORE HEADLINES)

MAINPAGE WORLD U.S. WEATHER BUSINESS SPORTS

TECHNOLOGY

computing personal technology

SPACE HEALTH ENTERTAINMENT POLITICS LAW CAREER TRAVEL FOOD ARTS & STYLE BOOKS NATURE IN-DEPTH ANALYSIS LOCAL
EDITIONS:
CNN.com Europe change default edition
MULTIMEDIA:
video video archive audio multimedia showcase more services

E-MAIL:

Subscribe to one of our news e-mail lists.
Enter your address:

DISCUSSION:

chat
feedback

CNN WEB SITES:

CNNfyi.com
CNN.com Europe
AsiaNow
Spanish
Portuguese
German
Italian
Danish
Japanese
Chinese Headlines
Korean Headlines

TIME INC. SITES:

CNN NETWORKS:

CNN anchors
transcripts
Turner distribution

SITE INFO:

help
contents
search
ad info
jobs

WEB SERVICES:

Analysis: Who cares about Amazon.com's privacy policy?

From...

by Glenn McDonald

(IDG) -- Privacy is a big concern among Netizens, right? When Amazon.com changed its privacy policy, saying it may well reveal your book-buying habits (and other information), consumer advocacy groups howled. Amazon.com recoiled, defended itself, and then ... resumed business as usual.

Perhaps the Web is killing our attention spans. Or perhaps, as privacy groups warn, we're letting down our guard. Amazon.com did not retract its policy, and that could set a gloomy precedent, some consumer advocates say. Even more foreboding, they add, is the relatively muted response by consumers and the government.

Amazon.com 'clarifies' policy

On September 3, Amazon.com alerted its 20 million customers to a "clarification" of existing privacy policy. Primarily, the online bookseller says it may trade personal data about its customers with other companies without first checking with its patrons.

MORE COMPUTING INTELLIGENCE

IDG.net home page

PC World home page

Honesty wasn't Amazon's best policy

Cashing in on privacy

Toysmart, FTC overruled on sale of customer data

Reviews & in-depth info at IDG.net

E-Business World

TechInformer

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletters

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

In fact, Amazon.com claims it could have done so all along, although it never did market its customer data. Also, the company says it receives consumer profiles from other companies and merges the information with its own customer databases for marketing purposes. And Amazon.com's message acknowledges privacy-protection options for customers, such as cookie-blocking.

Amazon.com also says it reserves the right to count customer information as an asset, particularly valuable if the company merges or is acquired.

Privacy groups immediately protested that the update is actually a serious change in policy. Considering customer information a corporate asset would let Amazon.com transfer private records to another company without customers' consent, critics say.

Learning from Toysmart.com

Amazon.com's move is probably a reaction to the recent travails of Toysmart.com, says Jason Catlett, president of antispam organization Junkbusters. During bankruptcy proceedings, the online toy seller ran afoul of both the Federal Trade Commission and several state attorneys general when it claimed information about 250,000 customers as an asset that could be sold. Toysmart.com still hasn't found a buyer, so for now the sale--and the objections--are on hold.

"Amazon wants to protect themselves from later [customer] lawsuits that claim, 'We weren't told,'" Catlett says. "They also want to leave the door open if they need to sell off a division or claim bankruptcy. They know that their consumer database is one of their most valuable assets, so they want to give themselves max flexibility--which means less privacy for customers."

Amazon.com spokesperson Bill Curry contends that claiming customer information as an asset is a standard retail practice.

"We feel it's what any company would do, that it's part of their business," Curry says. "In the event that there's a sale in the future, the customer records go with the company, as part of the company. We're being forthright in disclosing it, and we're getting criticism for being candid."

Consumer apathy troubles privacy groups

Given Amazon.com's high profile as a leading Internet retailer, the new policies set a foreboding precedent, says Sarah Andrews, a policy analyst at the Electronic Privacy Information Center (EPIC). The lack of consumer and government response to these changes is equally disturbing, she adds.

"I'm disappointed by the lack of FTC action, but I'm not surprised," Andrews says. "It just goes to show that they're not really a dedicated privacy agency. This is something they should jump on. They shouldn't wait for groups like us to take the lead."

Junkbusters' Catlett agrees. "It shows that we're on a downhill slope. Companies, as they go into bankruptcy or find out more about the legal risks, tend to erect reinforcements around their posteriors. That's bad for the consumer."

Privacy advocates push on

So what, exactly, should consumers demand from companies that compile personal information about them? Junkbusters' Catlett has a three-point platform: "Privacy policy should undertake never to disclose information without affirmative consent," he says. It should "provide complete access by the individual to the data held about them"--a common policy in European Union commerce. And a company should "allow any customer to order personal information destroyed," he says.

While Junkbusters and EPIC agree there's a need for comprehensive privacy standards, they don't expect progress so long as the government remains inactive. EPIC's Andrews isn't holding her breath.

"The FTC has said nothing [regarding Amazon.com's policy change], and we even feel it wouldn't be worth it instigating a complaint with them," she says. Instead, EPIC is considering working with state attorneys general, who Andrews says are more receptive.

Regarding the need for legally mandated privacy standards, Catlett is succinct: "We need a standard that's legally guaranteed below which no merchant can sink."