Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy

Toysmart Can Sell Customer Data - With Limitations 58

jmozena writes "Disney's failed Toysmart.com has gotten the go-ahead from the Federal Trade Commission to sell its customer database as part of a bankruptcy sale, as long as the buyer agrees to abide by Toysmart's privacy policy. The FTC also found that Toysmart violated the Child Online Privacy & Protection Act (COPPA) of 1998 by collecting information from children under 13 without their parents' consent, and is filing a complaint in federal court to get Toysmart to destroy that information before any sale. This is the first time the FTC has filed a complaint under COPPA. The FTC press release is here."

EasyKill adds: "[here] is a link to the zdnet story about the FTC allowing Toysmart to sell some of their customer database, albeit under limited circumstances. I don't think this is a good thing, but it could be worse."grahamwest also points out this CNNfn story on the decision.

You may also be interested in the story emmett posted when the plan to sell this data first came to light, and the followup hemos posted about the involvement of the FTC. For once, I think I (mostly) agree with the FTC.

This discussion has been archived. No new comments can be posted.

Toysmart Can Sell Customer Data - With Limitations

Comments Filter:
  • The ruling they have made now could only be the beginning of a policy where customer databases are seen as any other form of capital, wich in case of bankrupcy can be sold off.

    Uhm, no. In fact, the FTC has set a very different precedent. The database cannot be simply "sold off" for quick cash, it must be sold as part of the whole company.

    It even makes sense. You send your private data to ToySmart. ToySmart as a whole is sold. Whoever owns ToySmart now has the data.


    My mom is not a Karma whore!

  • There's an amusing business model... Internet research companies offer great prizes and incentives in exchange for personal information, which people accept because of their model privacy agreement. Then they "discover" that they don't have enough capital to continue, go bankrupt, and sell their database for pennies to Microsoft/Disney/NikeCorp... which just happens to be the company that spun them off a few months ago.

    - Michael Cohn
  • > The ruling they have made now could only be the beginning of a policy where customer databases are seen as any other form of capital, wich in case of bankrupcy can be sold off.

    Ummm... I hate to break this to you, but customer databases have always been considered assets of companies, and bought and sold to the highest bidder. The big difference these days is the size of the databases, and the ease with which they can now be cross referenced and merged with other databases to create complex customer profiles.

    I think the concerns about privacy are at least partly valid, but I don't think we should be surprised that companies are trying to collect and use this information in order to more effectively market their otherwise perfectly legitimate products.

    --

  • (snicker)
    Companies don't do the right thing, or the wrong thing. Companies do the most profitable thing. People are moral creatures, companies aren't. The only time a company will do what a person would consider the "right thing", is if enough of the leadership can be convinced that there's no extra profit in doing the wrong thing instead of what they (one would hope) personally think is the right thing to do...
  • by dr_hodad ( 162098 ) on Saturday July 22, 2000 @04:35PM (#913611)
    While I shouldn't be surprised, it is distressing to see that most of the 4-5 rated posters clearly didn't read the FTC agreement. Ah . . . where to begin?

    Morgaine complains . . .
    If customer data is now deemed to have a direct and independent monetary value rather than merely in association with a product, maybe the coporations that are gathering that data from us ought to be paying for it -- ie. paying us.

    The FTC agreement makes it clear that customer data cannot be sold independently. Rather, it must be sold with the entire company, and then only to an entity that will be continuing the business. If this is a Bad Thing under bankruptcy, then we must also conclude that a healthy company that changes ownership (or for that matter issues stock) must throw away all it's customer data before the sale.

    jesterzog adds . . .
    The problem I have is that Toysmart [is] selling what they shouldn't technically own. As a customer I would never have said that they can give my details to anyone else without my direct consent

    But that's exactly what did when you cashed in that $50 internet coupon

    They had restricted use of [my personal info] for inside purposes only

    Yes, but a change in ownership (of the entire company, which is what the FTC agreement requires) shouldn't mean they can't keep using that info for "inside purposes only".

    Can a company being liquidated sell it's employees home computers because they once did some company-related work on them?

    No, but it can demand a copy of they're work-related files and sell those.

    The bottom line is, the FTC agreement makes perfect sense. While it is foolish to give away your valuable personal info for free, it is disingenuous to recieve compensation in exchange for your info and/or money and then insist that your privacy should be inviolate. (Compensation can take the form of cash, rebates, free shipping, or the ability to read the NYT online.) So do as your mother told you and read the fine print.


    -------
    Dr. Hodad
    Black's Beach Tanning Supply
    La Jolla, California
  • I just read the Toysmart Privacy Policy. Someone (FTC?) is asleep at the switch.
    If Toysmart must abide by their policy, then they have nothing to sell at all. Their policy states the information will never be disclosed to a third-party. That clearly prohibits them from doing anything besides destroying the database completely.
  • All these privacy complainers.

    DO you use AirMiles? IT's sole purpose is to track your movement and purchases.
    Do you use those grocery-store 'customer cards'? Same deal (I *HATE* those things, and almost think there oughtta be a law... you should be able to buy food at a fair price without being tracked)

    American Express charge card? Same deal.
    Credit cards? Same deal.

    Have your name/address published in a phone book? Same deal.

    Give me a break. Your personal information is *everywhere*

  • As long as a company is making a profit for it's shareholders, it can pretty much do whatever it likes... It's only if the company is squandering mony and generating loses that shareholders can really care. Because long term profits can be sparked by short term losses. Disney's got the cash to buy whatever toysmart has to offer and it'd pay off in the long term just because they did the right thing...

    If every company were concerned with eking every last penny from their customers on every sale, it'd be a sorry lot of companies we'ed have in the US. Instead they'er more strategic and do stuff that makes us (cnsumers) happy to get us to like them later on when it really counts.
  • It's not *your* email address.
    It's an address that, at the moment, you have access to. You are renting it.

    Another reason for encryption. Really.

    The only email address that I would really consider *mine* is the one on the server I own at the domain I own...

    OTher than that, I'm just 'renting' it.
  • Actually, the gov't cannot prosecute for a crime committed before there was a law present. Such an act would be an Ex Post Facto law. Toysmart continued to collect info on underage children AFTER the law was enacted. This just shows what a half-assed operation with NO respect for privacy they were. Find the name of their CEO, and never do buisness with a company of his in the future.
  • Creditors made the mistake of investing in Toysmart. They took the risk and it didn't pay off. They shouldn't be compensated by the loss of a third party.

    You're confusing creditor with investor. Anyone who provided services to Toysmart (electricity, bandwith, merchandise, etc.) in the context of a normal business transaction and did not get paid before Toysmart's death is a creditor. Creditors cannot be faulted for Toysmart going out of business, and need to be renumerated somehow. I'm not saying that selling customer lists is the proper way to do this, but please try not to misinterpret the original quote.

    Herbie J.

  • I don't disagree with anything you said there. But none of it disagrees with what I just said either. I didn't say companies were stupid, just that morality and ethics don't enter into the decision making process. Customer goodwill is desireable for companies because it can increase profits in the future. No other reason.
    Of course companies don't want to get every last cent on every sale. They want to get the most pennies over the long-term, which means getting a good profit on each sale while trying to keep the customer happy with the experience so that they will come back again latter. (Not that any of that applies to all companies. There are many whose strategies do not involve repeat business, and just need to get the sale finished. Telemarketers and the guys in Boiler Room are examples of this.)
  • Seems its me who screwd up. Thanks for correcting me
  • So basically, I can tell someone's secret to other people just as long as I say "But _don't_ tell anyone! Really!"

    Right, soon everyone in the world has the "secret" information.
  • Even though Disney's intentions were to maintain the privacy, the data would have been sold without restriction. The FTC would have been agreeing to the concept that collected data was saleable.

    Why do you think Disney wanted to do this? I strongly suspect they were hoping to get such a precedent created, and were willing to bury whatever information Toysmart has. Then they can offer Doubleclick or someone with that level of information serious money for their database(s), and do whatever they like with it...
  • You write: We have to come up with something better - make spam illegal!

    Wow, yes, that's bound to work, just like it has with drugs and speeding.

    Sorry to burst your bubble, but laws are powerless when enforcement is powerless, and in an international Internet, passing national anti-spam laws is so utterly pointless that it's just funny.

  • There's a much more elegant and effective way to do it, use sneakemail [sneakemail.com]
  • by gilroy ( 155262 ) on Saturday July 22, 2000 @03:55AM (#913624) Homepage Journal
    Anyone else find it amusing that one of the commissioners involved in this is named "Commissioner Swindle?" :) Although this commish does seem to be on the side of goodness and nice.
  • maybe the coporations that are gathering that data from us ought to be paying for it -- ie. paying us.

    They are paying you. Do people give their personal information to sites just for kicks? We trade our personal information for access to the materials they have to offer.

  • ... is that the FTC is conceding that customer contact databases are indeed monetary assets of a company. Sure, they put restrictions on how they can be sold, but those restrictions aren't written up in regulations, much less enshrined in law. I can't see how this action fails to violate the contract between customers and Toysmart. As one of the commissioners said, "'Never' means never".

    I think the only recourse left is, as someone suggested, a class action suit. Toysmart collected that information under a privacy agreement that formed part of the contract between the company and its customers. It is now seeking to violate that contract. Because privacy is a major right, its loss should carry a heavy monetary penalty. In fact, if I were czar, I'd make the customers have first claim as creditors.

    It is another nickle-and-dime dimunition of our rights. And in this bizarre, psuedo-libertarian corporate culture, contract law is the last remaining bulwark. If companies can violate their agreements at whim, we're really living in some capitalist version of oligarchy, no matter what papers we pretend to govern with.

  • by Bilbo ( 7015 ) on Saturday July 22, 2000 @05:19AM (#913627) Homepage
    > maybe the coporations that are gathering that data from us ought to be paying for it -- ie. paying us.

    Well... actually they are paying us... sort of. How do you think all these "free" services exist??? Someone has to pay for the servers and T1 lines and maintenance. You don't think corporations are doing it out of the goodness of their hearts? They surely aren't paying for it from banner adds, since income from banners is plummeting. Secondary income streams are often used to offset the cost of the product or service to make it more attractive to customers.

    --

  • Now, wait a minute here. this is a Good Thing. It's a fantastic ruling to be referred to later on--the rights must travel with the data, as is legally enforced (don't make me rant on DRM today!).
    This means that us consumers can use this ruling later on to keep from getting screwed over by many manipulations. It may even be referencable in those wonderful TOSes that can update and change dramatically without any notification, it'll bring back the concept of what was signed (clicked) is what is the law--and those original rights must be propogated in each incarnation of the data.

    It won't end spam, but it will serve as a valuable tool in other circles.
  • by Bill Daras ( 102772 ) on Saturday July 22, 2000 @05:44AM (#913629) Homepage
    MIDDLE AMERICA - A record number of parents were found in violation of the Basic Human Responisibility Act which forbids them from using any form of new technology as a babysitter for anyone, especially children under 13.

    When asked for comment, one Diane Whitestreet of Green Meadows, Indiana (not her real name or town) was quoted as saying "I heard about this new Internet thing, and, well, my kids said we just had to have it. So my husband bought a $7,000 Dell for each of our children and for a while, it was great. Between Soccer, Ballet, Gymnastics, Dance and of course, school, we never heard them complain there was nothing to do. If they asked for Mommy or Daddy's credit card, we let them borrow it because it made them happy and happy children are quiet, and less annoying children.

    Then, when I found out these "sites" were actually recording my child's names and adresses for shipping information, I became, well, enraged. That they could hurt them in this way. It is just horrible. I can barely...talk.

    I had mys husband call their company and he said perhaps we should be more careful about how we let our children use our credit cards! How dare they tell me how to raise my children! They are my responsibility!

    So the next thing I did was call our representative and have him pass a bill make sure these terrible things never happen again. Thank God this is a free country and with one phone call I can prevent such things and Protect The Children."

    Mrs. Whitestreet's children are a few years older now, they have gone through a lot since then...two more Dells for each child, four SUVs (only because one broke down, notes Ms. Whitestreet) and in her words "A lot of growing up."

    She counts her blessings even now. "It could have been much worse." she says. "They could have been taking meth, listening to rap and hanging out with those people or even been turned homosexual by one of their recruiters!"

    Mr. and Ms. Whitestreet's have since been sent to prision until their all children turn 18 so that they might have a shot at a normal life with a responsible parent assigned to them by the state.


    This is a work of fiction. However you are blind if you can't see the truth in it!
  • so we've got a company that's going out of business basically saying "oh, and you have to sign this contract before you buy this information!"

    ummm...who the *FUCK* is gonna uphold this contract? The government? That's laugable. Toysmart? Sure, and if a frog had wings he wouldn't bump his ass when he hopped!

    What the government should have done is simply NOT OKed these type of sales. Not only does the current one scare me, but the precedent it sets doesn't exactly bode well for consumers. Oh well - i don't think that will stop me from giving out honest and accurate information in the future. After all, i wouldn't want to lie

    Sincerely,

    Satan McDevil
    666 Antichrist Blvd.
    Pensacola, Fl. 66666
    Turn-on's: Stealing souls, Mayhem, Madness, and furry little puppies
    Turn-offs: Attitude, Sass, Jesus, Sell-outs.
    Has also purchased: Handspring Visor, Sony VAIO products, Propecia, The Switchblade Comb(TM), and G.W. Bush's soul.


    FluX
    After 16 years, MTV has finally completed its deevolution into the shiny things network
  • For all you people who apparently didn't get the sarcasm, that "make spam illegal!!" was a joke directed at the people who have these strange knee-jerk reactions to things they want to get rid of.
  • My case still holds. You don't know what would have happened if drug laws hadn't come into place, and all else is just speculation. It's easy to blame it all on the laws, but you can't prove that now can you?

    Just because there were no problems before the laws, it's not certain that the laws caused the problems.

  • Holy mother of geniousness. I need to hire one of these lead programmer dudes as a consultant. Maybe they can answer a few other questions I've been mulling over, such as the meaning of life, the universe, and everything after...

    Phos
  • As someone once pointed out, "what we have here is a failure to communicate." That is to say, they want to communicate this "buy me" noise to us, leading to a cycle of effort-avoidance-increased effort-increased avoidance.

    Just as we have learned to filter out the number of signs, bits of advertising, logos, billboards, posters, handbills, and such that continually surround us (and, if you don't believe me, take a video camera, duct tape it to the top dashboard of your car, go on a ten minute drive, then play back and count every advertisement you see), so the spammers (which can be abstracted to Advertising And Marketing Droids) will simply try harder.

    Pretty soon the logos on your shoes will light up when you walk. It won't be particularly hard to rig up a tiny chip and speaker to cough out the one second noise of "Nike!" every fifth step, with energy supplied by piezoelectric crystals.

    No, marketing works like this...they advertise until you buy the product. Now, this has a scary problem with it, namely, total immersion in advertising, via e-mail, product placements on Buffy (too bad they don't show ads for sex toys, if they did it on Skinemax, we could have product placements in Buffy), until the point where we break down and buy the damned thing.

    The point at which it all stops is when the marketing budget breaks, when you don't make enough out of advertising the product to justify the product's existence.

    With snail-mail, this is easy enough, you just make sure that they pay bulk rate postage on so many addresses that they never get back what they put into it. Right now, they are betting that 28 cents in bulk rate mail (or whatever it is right now) will, on average, get them 28.5 cents back. If they mail out to too many fake addresses and the return drops below 28 cents, snail-mail spam starts to go away.

    Unfortunately, I don't have a good model for the destruction of e-mail spam, as e-mail is, currently, anyway, free. Now, if someone ever legislates that e-mail costs money, well, the only good thing about it is that it will help eliminate spam. And we'd still be stuck with the rest of advertising.

    Also, making spam illegal sets a bad precedent for other speech. What we should do is not only have the legal right to be taken off of a spammer's list, but, have the right to find out from where they received that information. We could then backtrack to that company, and keep backtracking until we are off of the books. Our current situation just means that someone takes us off of his list, the guy who sold him that list just sells our addresses to someone else! We're killing the ants, not the queens.

    Each spammer should be required to, for every name on the list, keep the name, phone number, email address, blah blah blah, of the source who sold him a target name. Failure to give up that information on demand should be an automatic $1,000 penalty, something really juicy. Also, said source corporations would be required to keep their phone numbers, etc., open for no less than a year at a time, to prevent name-selling companies from just changing their names and phone numbers every three weeks to avoid us tracking their asses down. We will eventually be able to find that Radio Shack, or Toysmart, or whoever is the company that originally gave our name out. We need a trail, we need to track it to its source, and then we need to strike, sue, lobby, and maim.

  • Well at least don't do as my country (sweden) did, and make it LEGAL. All the other european countries make it illegal and they make it legal... go figure.

    As for speeding and drugs, we'll never know, since we'll never find out what would have happened if the laws had not been made.

  • I did see one surprisingly intelligent thing in this mess. Part of the settlement is that if the buyer wants to change the privacy policy, it must be done with an opt-in strategy. I'm sick of having to "sign" agreements that are worthless because the other party can change them without notice.

    It would be far beyond the regulartory powers of the FTC, and arguably beyond the legislative powers of Congress, but I would be overjoyed if those damned "subject to change without notice" clauses were ruled unenforceable.


    My mom is not a Karma whore!

  • Creditors cannot be faulted for Toysmart going out of business, and need to be renumerated somehow.

    Sorry, cost of doing business. They took the risk that Toysmart would pay them later, a risk that most suppliers make, and one that usually pays off.

    In any case, they do not need to be renumated. If the company has any legitimate assets they can sell, then that money should be used to pay off the creditors. (Key word is *legitimate*.) If not, then the creditors take the hit. Their business plans surely account for some of their clients not paying them.

    - Isaac =)
  • by Ratteau ( 183242 ) on Saturday July 22, 2000 @06:25AM (#913638) Homepage
    After having read a couple books recommended by our CEO (he actually bought about 50 copies of each and handed them out), its sad to see how many companies out there seem to have been thrown together by the exact vision the authors see for e-commerce. The books are the HBS titles netGain and netWorth -- a good read, but only 1 view of the future of the internet. They say the future is in the infomediary, the company that builds a critical mass of users, aggregates data, and allows marketers to send advertisements to a demographic they wish to target. They do not sell the data, they are a middle man, and are supposed to be trusted. I dont know how many startups Ive seen follow almost this exact formula, but they are starting to fail BIGTIME. Tech stocks are doing so poorly that even good ones are suffering just for being in the same industry (but that is another topic). There are going to be more ToySmart stories unless a precedence is set. As I understand it, when a company goes bankrupt, its assets are liquidated to compensate the investors as much as possible. The customer data is indeed their greatest asset, but in my opinion, the investors knew very well the privacy policy when they invested their money and know the risk involved in this industry (and if they didnt, they shouldnt be investing) and in my opinion, should be SOL. However, the law is the law and is rarely compliant with common sense -- any lawyers out there been talking with others and know which way the wind is blowing?
  • Sorry, cost of doing business. They took the risk that Toysmart would pay them later, a risk that most suppliers make, and one that usually pays off.

    I disagree. There is a fundamental difference between a normal business transaction and investment. In a business transaction, the entity providing the service has every reasonable expectation that the other party will hold up their end of the bargain. This expectation also includes getting a fair piece of the pie should the other guy fail (this is why things like bankruptcy court exist in the first place!). Investment carries no such expectation, and due to various regulations companies trip all over themselves to warn investors about that.

    Yes, there is a risk in both cases. However, for better or worse, a normal business transaction has the risk mitigated by lawful bankruptcy procedures. This is not the case with investment, which is why a distinction needs to be made.

    Herbie J.

  • Mr. McNeely [wired.com] ... is that you?
  • Yes, there is a risk in both cases.

    OK, so we agree. =)

    - Isaac
  • I'd say I don't see what the fuss is about, but that's not true; I can certainly see why folks are concerned about this. However, I don't share said concern (and not just because I never registered with Toysmart ;).

    Anybody who entered into an agreement did so with Toysmart, not the folks who run and/or own toysmart. Toysmart is an entity in and of itself; regardless of who has controlling interest of Toysmart, Toysmart remains a seperate entity and must continue to abide by the agreement. Of course, with this limitation, I question why any other company would want Toysmart, unless they thought it would be a sound business investment and weren't interested in integrating Toysmarts customer info into the parent companies.

    Look at it this way. Nullsoft and ICQ did not cease to exist when they were acquired by AOL; any licensing agreements made between a user and Nullsoft/ICQ pre-acquisition did not transfer directly to AOL post-acquisition. They persist as agreements between you (the user) and Nullsoft/ICQ (the company, subsidiary of AOL).

    As I said in a previous thread; nobody is trying to sell the Toysmart data; they're trying to sell Toysmart. Anybody who acquires Toysmart will not be able to distribute the Toysmart data to its other interests or else it will have hell to pay.
    Which brings us back to Why anybody would want Toysmart with these limitations.

  • This is a classic case of what happens when laws are sought to be implemented in retrospect . Disney had no idea that the govt was going to sset 13 as the cut off age . What if the govt had set it at 12 then Disney's actions in collecting info about a 12 and half yr old would have been legal but now they are illegal Go figure
  • by Anonymous Coward
    And this is a classic case of you not getting the facts straight. The COPPA went into effect on April 21st of this year, after which toysmart continued to collect information, until it went bankrupt. The government is specifically focusing on that (short) period, not the time before that. Go figure.
  • by nomadic ( 141991 )
    as long as the buyer agrees to abide by Toysmart's privacy policy...

    Which means they can only use it to (according to their website) "personalize" their customers' online experience. Which seems to make it useless to another company. Unless they have a very liberal definition of "personalize".

    Interestingly enough, Disney offered [yahoo.com] to buy (and bury) the list, but I guess the FTC didn't go for it.
  • by Rufus T. Firefly ( 142270 ) on Saturday July 22, 2000 @02:45AM (#913646) Journal
    Every company's privacy policy is to protect the company, not the consumer.

    The public has voted for convenience over privacy. That's why non-anonymous financial transactions (e.g., credit card purchases) and their associated loss of privacy have succeeded online, whereas anonymous payment schemes -- like prematurely launched DigiCash -- just haven't taken hold. Yet. (I'm hopeful.)

    Any company that states it won't sell personal information is lying. And so what if the company gets fined: your information has already been sold.

    Admiral Yamamoto [mailto]

  • by gaijin_ ( 134592 ) on Saturday July 22, 2000 @02:32AM (#913647)

    The ruling they have made now could only be the beginning of a policy where customer databases are seen as any other form of capital, wich in case of bankrupcy can be sold off.

    If this stands the next one to go will probably get less restrictions, and the next even less. In the end people could be alowed to sell their databases without any restricitions at all.

    This should be stopped now, or all the "We will not share information"-clauses are without value.

  • by Anonymous Coward
    This seems somewhat fair as long as the customers in the database are informed of the sale and allowed to have their name taken off of the database if they so choose. It will help Toysmart recoup some money.
  • by Morgaine ( 4316 ) on Saturday July 22, 2000 @02:38AM (#913649)
    If customer data is now deemed to have a direct and independent monetary value rather than merely in association with a product, maybe the coporations that are gathering that data from us ought to be paying for it -- ie. paying us.

    After all, everything's a business. We're not a charity either. :-)
  • How about fighting spam with misinformation?

    If huge lists of non-existent addresses are created and then infiltrated into spammers' lists then the proportion of spam that actually gets delivered will go down, the onset of a spam will be easier to detect and to stop, and spammers' efforts will be less effective. Heck, one could even make money from selling them dud data. :-)

    Disinformation could be quite an effective measure here. As you say, it has served others well before. All that's required is a complete lack of morality.

  • Yeah, when they collect the data and make money off of it that should be seen as unjust enrichment. Hmm, not a bad angle, actually.
  • by thesparkle ( 174382 ) on Saturday July 22, 2000 @02:39AM (#913652) Homepage
    Now, more than ever, should we all make sure we are giving as much inaccurate and incorrect information when filling out online signup forms.

    A policy of disinformation and dishonesty has served some of our finest public and private leaders well. We would do well to heed their example.

  • Why do you think Disney wanted to do this?

    Maybe, just maybe, sometimes companies do or want to do the right thing... Amazingly enough as it may sound...
  • by jonnythan ( 79727 ) on Saturday July 22, 2000 @03:02AM (#913654)
    No, disinformation is a destabilizing technique, not a stabilizing one (terms borrowed from what I know about Cold War nuclear war planning - things like missle buildup and Star Wars were destabilizing, because they just encouraged the USSR to stock _more_ weapons rather out of pure necessity).

    Anyway, if huge lists of non-existant addresses are created, then yes, the actual proportion of spam that gets delievered will go down. However, that just means the spammers will have to amass EVEN BIGGER lists just to get the same number of arriving messages. This will encourage spammers to try even harder than they are now to get mail into our boxes.

    We're never going to get rid of it, and disinformation will not make it go away.

    We have to come up with something better - make spam illegal!
  • I think that the best thing to do would be for a class-action lawsuit from consumers of ToySmart for breach of contract. After all, not sharing the information could be considered part of the contract.

    The best thing to do would be to start with an injunction against them selling the list.

    And the lawsuit could also name Disney as the owner of ToySmart for not exercising proper governance (corporate governance is a concept that is really ready to be tried in the courts).

    Jeff
  • Words mean whatever a lawyer can convince a judge they mean. I'm sure that many lawyers could convince many judges that spam (I don't know, "direct marketing?") with your real name in it, for products that relate to something you bought a few years ago is personalizing your "online experience"
  • by jesterzog ( 189797 ) on Saturday July 22, 2000 @03:26AM (#913657) Journal

    This is where I disagree the most.

    From CNNfn:

    "We think it's a fair balance between the needs of creditors and the customers," Toysmart attorney Harry Murphy said of the settlement.

    The problem I have is that Toysmart and various others (with consent of the courts and the FTC) are selling what they shouldn't technically own. As a customer I would never have said that they can give my details to anyone else without my direct consent - irrespective of whatever conditions they put on it. They had restricted use of it for inside purposes only, and that's exactly what the privacy agreement said.

    Creditors made the mistake of investing in Toysmart. They took the risk and it didn't pay off. They shouldn't be compensated by the loss of a third party.

    Physical goods verses information shouldn't be treated differently. Can a company being liquidated sell it's employees home computers because they once did some company-related work on them? If not, how can it sell it's customers details simply because it has restricted access to them for use within the company?

    From memory, one of the problems is that because the company no longer exists, any agreements it had are invalid.. or something like that. (Can anyone elaborate?) Perhaps model privacy agreements of the future should have a clause in them to specify that this can't happen. Otherwise I'll certainly think hard about giving any details away if the practice of selling databases becomes more common.


    ===
  • Doesn't part of ToySmart's privacy agreement say that only ToySmart will use the data? So, if it sold the data to a second company who had to live with the privacy agreement, IT (the purchasing company) would not be able to use the data since IT is not ToySmart amd only ToySmart can use the data as per the privacy agreement!

    The only way around this is if the provacy statement says "only ToySmart or the company we sell the data too can use the data" which would make it a fairly useless privacy statement.
  • by rjh3 ( 99390 ) on Saturday July 22, 2000 @03:28AM (#913659)
    If the FTC had agreed to the original Disney offer a significantly worse precedent would have been set. Even though Disney's intentions were to maintain the privacy, the data would have been sold without restriction. The FTC would have been agreeing to the concept that collected data was saleable.

    Under this agreement they are setting the much tighter terms that data may be sold if and only if the purchaser maintains the same agreement that was in place when the information was gathered. It is a reasonable legal tradeoff. If you make the rules on a sale any harder, the database owners might win the argument on contract violation. The FTC would have been arguing that contract terms get changed in the customer's favor during a bankruptcy.

    This agreement is consistent with how other contracts are handled during a bankruptcy. The ideal is to maintain all contracts unchanged. The ideal is unreachable (since one party is bankrupt) so the bankruptcy court is authorized to make such modifications to contracts as are needed to minimize the deviations. Bankruptcy law establishes which contracts take precedence, who loses first, how parties negotiate over relative importance and value, etc.

    Since the law was written before privacy agreements existed or mattered it was not established that they should be considered like contracts. This sets that precedent.

  • This brings to mind another scenario I've wondered about for a while... what happens if a company sells its domain name, and you have an e-mail address with them? Suddenly your e-mail is being routed to an owner who has no obligation to give you access, let alone to keep "your" mail private. It doesn't seem like there would be any legal barriers to their destroying or reading your mail. The mapping between a person and an e-mail address seems much fuzzier than the one for your physical address. E-mail may not even have the intended recipient's name on it, so it seems it would be hard to claim that there's any fundamental proof that mail sent to stringofcharacters@anotherstring.tld wasn't meant for whomever owns anotherstring@tld.

    Can this happen? Has this happened? Is there anything that can be done, short of running your own domain and hoping that a company with a similar name doesn't rise to prominence?

    - Michael Cohn
  • by Anonymous Coward
    As a former Toysmart employee, it's unfortunate that this privacy case will be our legacy. This company pioneered online sales of toys and now they're quibbling over how much money they can recoup.

    The truth is, customer lists have been exchanged in bankrupcy filings for as long as I can remember. Here the difference is the company promised not to "share" user data with other companies. This promise was designed to protect consumers from getting shared accross a laundry list of web sites, it was not designed to protect the customer in the event of a liquidation of assets.
  • I receive linux stuff in the mail alot. Somewhere out there is my name on someone's linux mailing list. My info was collected because I signed up for some kind of product or service. This happens alot. Everyday, So this doesn't suprise me at all.
  • by CoughDropAddict ( 40792 ) on Saturday July 22, 2000 @06:42AM (#913663) Homepage
    Disney's failed Toysmart.com has gotten the go-ahead from the Federal Trade Commission to sell its customer database as part of a bankruptcy sale, as long as the buyer agrees to abide by Toysmart's privacy policy.

    Flashback to 3rd grade:

    Chris the Coolster: Listen to this cool secret! But you can't tell anyone...

    Lucy the Loser: I won't. You can count on me!

    Later that day...

    Lucy the Newly-Popular: Hey, listen to this! But you can't tell anyone...

    ad infinitum, until the juicy tidbit is common knowledge.

    This also enables easy NDA dodging! All I have to do is have anyone I share secret info with sign the NDA too! Sweet, time to get some ultra-secret specs and start writing some gfx card drivers for X...
  • Passing on subscriber information has been going on forever. Although, I think there's probably a difference between just a mailing address and online user information (date of birth, credit card information perhaps).

    My mom ran a magazine for years and years, but when she decided to stop, she sold the mailing list to another magazine that had a similar theme. The idea behind that was to (hopefully) keep the customers happy by finishing their subscriptions however possible.

    Unfortunately, with Toysmart, I get the feeling they're just trying to liquidate, and since user information *could* be sold, it is. This rarely benefits the users.

    Nonetheless, selling databases isn't really that new of an idea.

You can be replaced by this computer.

Working...