Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
News Your Rights Online

Amazon's Privacy Policy Now Allows Sale of User Info 176

StoryMan writes: "Amazon.com decides to revise its privacy policy and states that it considers consumer data a saleable asset. Story here at CNN." Michael notes that this only happens if Amazon.com is sold: essentially covering their butts in case they go bankrupt. Of course considering their burn rate, this doesn't make me feel better. I haven't shopped at Amazon since their one-click-shopping patent, but I'm sure they have plenty of stuff listed about me from an era when I happily shopped with them (mind you this is before Amazon diluted itself by selling so much crap, that buying books became a pain).

Jamie adds:

Note the language of the new privacy policy: "of course" your private information will be "one of the transferred assets."

Did you think your information would still be private five years from now, when the dozens of companies you've shopped at have all gone bankrupt one by one? Ha ha! Foolish consumer!

The first test case in bankrupt-privacy seems to be Toysmart, and the latest word on that is that a judge refuses to forbid such "asset transfers." We'll keep you posted on the Toysmart case, but for now, it doesn't look good.

This discussion has been archived. No new comments can be posted.

Amazon's Privacy Policy Now Allows Sale of User Info

Comments Filter:
  • by DanstarIII ( 203086 ) on Friday September 01, 2000 @03:31AM (#811845)
    This may have been covered before, but what about those of us who agreed to the original privacy policy? Shouldn't Amazon provide a way for us to completely remove our details from its system if we don't agree to it's new policy?
  • I was against them before... now I'm going to go change my info to something totally useless and never visit again... You'd think that as privacy issues gain more and more of the limelight that these companies would start behaving themselves in a better way. Bah!
  • by jjr ( 6873 ) on Friday September 01, 2000 @03:34AM (#811847) Homepage
    Companies sell your data all the time. They do not need the internet for that. Credit card companies, mail order companies, magazines ... ect. They were doing this before the internet exploded. I received a mailing for thinkgeek (which I think is cool) where do you think they got my address from them I never purchased anything from them. They bought my name from somewhere because I was labeled as a linux geek. On the internet there is less information being given out then your Credit Card company. People are complaining about privacy when privacy died years ago.
  • Couldnt users who agreed with the original policy sue them for breach of contract? How about the government go after them for fraud?
  • But right now I don't buy stuff from them anyway.

    Anyway, I might have missed something, but as far as I can tell, there's no way to remove oneself from the database.
  • by lizrd ( 69275 ) <adam.bump@us> on Friday September 01, 2000 @03:36AM (#811850) Homepage
    They sent out an e-mail to their customers this morning. I had just finished reading over this privacy policy when I checked /.. However the message they sent in no way indicated what changes had been made in the privacy policy, only that changes had been made. FYI: I am including the text of the message below.

    Dear Customer,

    We have just updated Amazon.com's privacy policy and, because privacy is important, we wanted to e-mail you proactively in this case and not just update the policy on our site, as is the common Web practice. Thanks for being a customer and allowing us to continue to earn your trust.

    To read the updated Privacy Notice, visit:

    http://www.amazon.com/privacy-notice

    Thanks again for shopping at Amazon.com.

    Sincerely,

    Amazon.com

    Furthermore, on the privacy notice page there is also no indication of what might have changed. I tried to read through it but it was too filled with links for their various services for me to be able to understand what they were saying.
    ________________
    They're - They are
    Their - Belonging to them
  • I have been watching this trend that companies seem to be following; Having the user sign up for , and promising that the data you submit to them will not be used for anything other that their own records. Now it seems companies are changing policies left and right. So where does that leave us? Personally I get enough unwanted e-mail from . This is absolutely ridiculous. For a while it seemed we were heading in the right direction, people almost regarding internet forms where one agrees to a policy as a sort of signature. What is the legality of this? As far as I know when I signed up with Amazon.com they agreed not to sell or give out my user info to anyone. Now because they feel they may need to they change their policy.

    It must be incredibly frustrating for those individuals who founded or co-founded amazon to see it heading this way.

    Maybe the marketing / legal department at amazon has already figured out how to splice crack into their genes. Sure seems like it.
  • If they offerred a way to remove personal data, they'd probably have none left to sell. Or potential buyers wouldn't have any interest in the rest - who needs information about surfers who don't care?
  • since they can't export personal data to countries with insufficient privacy law. The US does not have satisfactory privacy-protection, but if a company has a good enough privacy-statement, you CAN export personal data to that company. But this may be a big mistake by amazon.. not that they'll loose me as a customer.. I prefer my local bookstore.

    //rdj
  • by MakeTheBadManStop!!! ( 173619 ) on Friday September 01, 2000 @03:39AM (#811854)
    Change your info on the site - make it useless or point back to them... If you can't, send them repeated mail that you need your account information deleted, and explain why. Explain calmly, and rationally what the problem is and if they don't remove your information, take further action against them (can anybody say class-action suit - "but they haven't actually *done* anything with our information yet", you say.) Watch them amend this 'privacy policy' every couple months until it says "all of the information you gave here will be posted for public viewing on invasion.privacy.amazon.com/$userid". Bastards.
  • Well, as usual they have one of those nice "we reserve the right to change this however we see fit, no matter if you like it or not" policies... Technically since it *is* a private business, they can do things like this, and you have to like it - so they say...
    --
  • by Anonymous Coward
    About time Amazon found a way to make money instead of bleeding it all over the place!
  • Since I no longer will shop at Amazon thanks to their patents, and now this, do you think they will provide a way for our information to be removed? After all, I submitted my information long before they decided to change their privacy policy.
  • by DarkMan ( 32280 ) on Friday September 01, 2000 @03:42AM (#811858) Journal
    Following on from previous situations, where companies have gone bankrupt, and sold customer data [0], this is hardly a surprise. Has Amazon turned a profit yet?

    However, this is an interesting case. In the UK (and Eurpoe generally) there is greater protection on what companies can, and can't, do with your personal data.

    This means that the privacy policy for amazon.co.uk is different [amazon.co.uk] from amazon.com [amazon.com].

    Arn't they the same company? Isn't this a little schitzophrenic?
  • by FattMattP ( 86246 ) on Friday September 01, 2000 @03:42AM (#811859) Homepage
    This sets a bad precedent as companies will have a tight privacy policy to lure people in, then they will turn around and change it so they can sell the information. Privacy policies are quickly becoming useless, me thinks.
  • Privacy may have died years ago, however, along with the boom of the internet commerce, there becomes a boom in privacy issues. Since there is much less legislation online then there is in RL, it is much easier for companies to do things such as this.
  • What I did on Monster.com before I remove my resume was to change ALL my details to be false and crap(no, Monster, I don't do NT consulting..hehe) and then saved it. I also falsified my resume with it namely being two words: Naaaaa Naaaa

    If you are concerned about this crappy new policy, just do the same with your info. If they go belly-up, your info will no longer be an "asset".


  • I believe they can do this with out breaching the privacy policy. For instance if company X wants to seel to Amazons' computers books buyers then amazon will contact those buyers with the offer and no data is transfered to outside parties so they did not sell your information to this company they sold the right to contact amamzon's user. I heard of this being done so privacy contracts are not breached.
  • by Tom7 ( 102298 ) on Friday September 01, 2000 @03:44AM (#811863) Homepage Journal
    The one-click patent hurts. I avoid amazon.com when possible because of it.

    I have a feeling that this article is just sensationalism, though. With the recent Toysmart case, this really seems like the sensible move on their part. I'm not too worried about amazon going out of business, anyway. Anybody care to explain why this is bad, except that it involves the words "private information"?

    Some alternatives I use in avoiding amazon:

    buy.com is almost always cheaper. Less in stock, worse web site, worse service, but cheaper.

    fatbrain.com has excellent service and selection for technical books.

    express.com has excellent service and selection for movies and games.
  • by Masem ( 1171 ) on Friday September 01, 2000 @03:44AM (#811864)
    The /. blurb mistakenly says that user data will only be sold if Amazon is aquired or liquidated. This is not quite correct: unless what I've read so far is misleading, Amazon may sell your data at any time. I think they are specificially mentioning the sale of data if Amazon ceases to exist to substatiate it from the toysmart (or whatever that toy site was) case where even though their privacy policy said user data won't be sold, it was attempted to be aquired when the dot.com was sold.

  • In addition to their newly changed privacy policy, there are other reasons not to buy at Amazon. Among them, their use of web patents [nowebpatents.com] is atrocious, and I urge users to buy books/music/etc elsewhere [noamazon.com].

    Alex Bischoff
    Interested in building a roof over your cubicle? [slashdot.org]
    ---

  • True, but now information about users can be traded at greater ease and less cost. I can setup a website now for 9 bucks a month, require users to login with personal info, provide a very vague privacy statement, contact an advertising/marketing company and work out a contract, and voila...

    Cha ching.

  • I use B&N.com... get a nice extra cash-back when I use my Discover, and I can always walk in to the 'real' store downtown if I want to. There's still some merit in that. Great selection, good prices, great service.

    (I don't work for either Discover or B&N, but they built their store in an old theater downtown, and it is really amazingly decorated - sort of a castle/fantasy look).

    --
  • by Anonymous Coward
    Why is this a problem on or off the net? I bought The Whole Lesbian Sex Book : A Passionate Guide for All of Us [amazon.com] from amazon and - with any luck - the Pesbian Association of America will be inviting me to their "tupperware" parties any day now.
  • Anyone checked contract law? I can't believe that a clause that the contract can be changed is lawful. (Not that I've made the effort to check)
  • This is absolutely ridiculous! There has to be some law that protects a user from this. Or atleast they should not be able to sell the information they gathered about me, BEFORE The change. Because I had agreed to their previous privacy policy. Wouldn't this be breach of contract. I can see it now. Medical instituions and porn sites. GARAUNTEing your privacy, hell they can make absolutely ANY claim they want. Then after a couple of years, when they have gathered lots of information and are gonna get good chunks of money, they simply change their privacy policy and can do whatever they want??? .. This is called conning the customer. Does this mean that I can put up a deal on my commercial website that says .. Join now and fill this survey out.. and we promise never to disclose this information to anyone, and we'll never use any information either to spam you, and on top of that we'll mail them a check worth $10 in three months time to the address and name filled out in the survey. Now you'd have to fill in the right information to get the check and be able to cash it. So now I have a whole ton of your information. Then 2 months later, I change my policy and some $hit like that and spam anyway because we no longer give an option to registered users to opt-out of our "news" mail.
  • Well, the simplest solution I can think of is to set up an email account on a free system (hotmail, juno, etc..) filled out with less than true info (transposed digits on your address, wrong zip, etc..), and use it for your online shopping / newsletters /etc...

    Then, once a week / month or so, go by and delete all the messages (possibly keeping some of them, but typically not...). It works, it's relatively easy, and it keeps your main email address free from spam.

    Besides, anyone else noticed that some mailing lists (esp. ZDNet ones) tend to multiply? As if they decide to add your address to other lists of theirs?

    daBum

  • It's not a contract it's a policy that they make, and part of your contract with them is that they can change the policies at any time - they are not explicitly stated in the contract (TOS or similar acro).

    --
  • I've never used Amazon. And I couldn't be happier with that fact until now.


  • These were not the terms I agreed to. These are very different terms. It seems like the tactic of updating with bogus info is probably the only viable thing most of us can do but this type of bait and switch on the part of dot-coms could put a big chill on e-business.
  • by gorilla ( 36491 ) on Friday September 01, 2000 @03:51AM (#811875)
    That's assuming that you use your credit card etc.

    I buy stuff using cash. Even in the bookstore where I usually buy 3 - 4 books a week, where the clerks recognize me, and ask me how my injury is healing, I don't get the discount card which would save me 10% every time.

    If you want to have privacy, you have to protect it.

  • What they say: "In the unlikely event that Amazon.com Inc., or substantially all of its assets are acquired, customer information will of course be one of the transferred assets."

    What they mean: "In the event that we get bought out, you and all information about you will be sold like cattle, whether you like it or not. So there."
  • How can we totally -remove- our account info? Changing it is NOT good enough. We need to make a show of it and when they see a bunch of accounts being removed, realize something is up.

    Wonder how Wall Street will react to this. It's up half a point so far.
  • by TeVi ( 128093 ) on Friday September 01, 2000 @03:52AM (#811878) Homepage
    Check out www.noamazon.com [noamazon.com] for information about stopping Amazon, and links to other online bookstores which have better privacy policies.
  • by beagle ( 99378 ) on Friday September 01, 2000 @03:52AM (#811879)
    On the internet there is less information being given out then your Credit Card company.

    Not so - for me at least. I request that my name and address be removed from all mailing list sales and rentals by every vendor with whom I do business - and yes, it gets very tiring doing this.

    In meatspace, we can request that our personal information not be shared, and there are laws that require companies to abide by that request. This isn't true in cyberspace, which is why people are so up in arms. There are companies like DoubleClick that don't tell you what they're doing and alluvasudden you're overwhelmed with junkmail and other targeted advertising.

    I do not want targeted advertising. Look, you do not have to advertise to me. If I want your service, I'll seek you out.

    I'd like to have the same rights to privacy in cyberspace that I do have in meatspace. That's all.

  • chalk up some more points for me on fuckedcompany.com.

    - A.P.
    --


    "One World, one Web, one Program" - Microsoft promotional ad

  • In the toysmart case, their privacy policy up to the moment of sale read that user information would not be sold. On the sale, they tried to sell it, and the judge is saying they're breaching their contract if they do.

    Amazon is learning a lesson, and has now made their sale of user data legit by their policy. If Amazon went under tomorrow, it would be hard for a judge to stop such a sale.

    The biggest problem here is that the US has no regulation on privacy data, and there are very few mouths that are catching the ears of ppl in Congress to get stronger privacy info set up - possibly because the US Gov't has a rather juicy database as well that probably goes above and beyond the needs for maintaining taxes. The CNN article mentions an industry group that is formed to consider privacy issues, including Amazon and DoubleClick. I'm surprise they didn't invite Spamford to their party as well.

    The only true way to go with privacy is the opt-in model, and making sure that your records with any company can be accessed by you and can be deleted at your request (Of course, in some cases, there might not be even information to be able to do part securely).

  • by Desdinova77 ( 184164 ) on Friday September 01, 2000 @03:54AM (#811882)
    This is an email i sent to Amazon's cust srv. dept. at terms@amazon.com. It speaks softly but i have found that being 'nice' tends to get a better response. Dear Amazon, I noticed the change in your privacy policy specificly allowing that you will sell customer information as a part of a sale of a buisness unit. While i respect you for at least posting this information I would like to ask that you make some accomodations for those who have used your service prior to this change. Ideally it would be good if you purged the info ans started collecting fresh. At very least offer people a oppertunity to opt-out now that what we can expect from your company has changed. ============
  • That will not work if you have made purchases, which is truly the most important aspect of what they would be selling. Course maybe a name change would be effective enough to keep it from being associated with you.
  • Methinks nobody on Wall St. will care for a while... such are the ways of the market.
    --
  • by iamriley ( 51622 ) on Friday September 01, 2000 @03:55AM (#811885) Homepage

    Amazon's finally going to make money. Buy your stock NOW!!!

    (btw, I'm cancelling my account with them)

  • Not worried about your privacy, yet you still post as Anonymous Coward... Hmmm... =)
  • >Besides, anyone else noticed that some mailing lists (esp. ZDNet ones) tend to multiply? As if they decide to add your address to other lists of theirs?

    That and the pages that have tiny hidden boxes with nearly invisible text "click here if you don't wan't to receive mail from us, our partners, and whomever else we see fit to sell your info to". Opt-out is one thing, but some of these hardly give you a fair chance...

    Just fill out the info with MAILER-DAEMON@[theirsite] and have them send you all the additional mailings you could ever want 8^)
    --
  • Sure it would be. Go into your profile and change the billing address AND the shipping address. Replace your name etc. I'm sure they have more interest in selling continually update(current) records. A marketing company could not afford sending junk mail to an "old" address.

    The only way that they could detect this change is if it triggers somekind of alert. (note: Changing ones name to jacka$$ might be a bad idea)

  • Did it mention 'subject to change without notice'?

    Scary, eh?
    ---
  • I think integrity has gone the way of the dinosaur in general (although there are a few companies who still believe in this). I, myself am opposed to selling of data, and my company will only share personal data if the person agrees to let me do so. I feel that .coms will need to adopt a new business strategy and revise their privacy policies if they expect to finish the 2000-01 fiscal year in the black.
  • Slashdot sells my user info? Then they'd get the e-mail address of my spam collection account, my Karma score (-1 at the moment), and a whole lot of blank fields... hmmm, they'd also get my .sig ;-)
  • I doubt that this is considered breach of contract. I would think that this would be more like the agreements you have with credit card companies where if they change their policy, you have the right to either agree with the changes or terminate your account.
  • by skribble ( 98873 ) on Friday September 01, 2000 @04:03AM (#811893) Homepage
    It would seem that Amazons records of what you do extend way beyond what information you actually type in. Amazon is one of the few companies that *really* take advantage of tracking buyers habits.

    This personal information is how Amazon is aboe to pop up that message saying stuff like "People who bought this book also liked X" and "This book is popular at X Corp, and in Iowa"

    Amazon has put all you clicks and such to good use which is really just good business. However this also makes the information much more valuable.

    Let's face it... Data is a commodity, and it makes business sense to treat it as such.

    On the other hand, sense Amazon seems to attempt to compete with everybody else in the world, why would they want to sell off there competitive advantage.

    It does anger me however if a company can just change such statement at will. That is what agrivates me the most!
  • I don't know about the rest of you, but I've already removed my credit card number and asked Amazon to remove all personal information about me from their site. This irks me a lot. I realize that my personal information is already out there, but the idea of someone making money off of me like that really pisses me off.

    I highly doubt they're going to remove my personal information simply because I asked. All I can do is screw it all up so whomever gets it next can't use it correctly. Amazon.com is no longer on my places to shop because of this.
  • Moreover, information is shared between the two services. I never ordered from Amazon.co.uk before, yet when I wanted to buy a recent book [amazon.co.uk] unavaliable in the US, I was able to login the same way, my address and credit card info unchanged.

    Presumably a reverse process is at work for UK customers. What about people in the UK (or elsewhere) who ordered at the US site? How are they distinguishing the data internally--by home address or website? Which leads to the question of whether they would, in fact, sell UK (or German at amazon.de) user information.

    Also, if a European customer orders from an American site (with or without international holdings) do the privacy protections of their home countries apply?

  • Never shopped online.. apart from eBay? Hell.. I've never smoked.. Apart from cigarettes.
  • Recently I've been using Amazon to find music I want to buy, then hitting Cheap-CDs [cheap-cds.com] to make the purchase. Cheap-CDs usually beats Amazon by a buck per disc or so at least, and ships via US Mail, which I need - Amazon doesn't let you specify mail (they'll ship by mail if they want to, but you can't reliably tell them to use it). There are plenty of alternatives out there.
  • Isn't there some law in the US that says that if a person asks their details not to be disclosed, then the company, has to comply? Can anyone with a good knowledge of US law confirm or deny this?
  • Agreed. This [shutdown.com] is flamebait.
  • Given your email addy, I'd guess you're with amazon.co.uk; under the Data Protection Act, you can ask them to do exactly this.
  • Odd. I am an Amazon customer and received no such email...

    Death is but a doorway.
  • Don't forget the bookpool [bookpool.com], at least for computer books. I haven't been able to beat their prices anywhere.

    B&N is usually better than Amazon, too, because B&N offers coupons (which is why they're taking heavy losses on their web sales, from what I've read. Check out Movie Price Guide [moviepriceguide.com] for coupons to B&N [bn.com], as well as a lot of DVD sellers.

    They're putting dimes in the hole in my head to see the change in me.

  • I never saw more than 2-3% difference. I really have to disagree with this. Each of my online purchases has been much cheaper than what I would pay at the local Best Buy or any other real store where they significantly mark up the price. Sure you're supposed to pay for shipping but if you check enough online sites, you'll always find someone who is doing a promotion where you get free shipping. Combine that with no tax on Internet purchases and you definitely come out ahead online.
  • That is an excellant idea. Better yet, change your address, phone number, etc. to that of a member of the offending company. Don't go for the CEO, like Bezos, because they usually have flunkies to deal with that sort of thing. Find the name of a mid-level manager in the marketing department, someone who isn't going to be rich enough to ignore his mailbox but is still responsible for the evil which you will send back.
  • by Anonymous Coward
    I second your nomination. Expect a Katzicle today....It will something like this: In today's increasingly intrusive world, personal information has less of a chance remaining private. The deprivatization of information has occurred primarily from the technologies springing forth from Silicon Valley, commercialized universities, and electronic networking of the world. Marauded into a corner, today's consumer has little choice but to either accept the release of personal information or become a on-participant in the global economy. What is the role of technology in assisting the consumer from the involuntary release of personal data? ....BlahBlahBlahMoreHotAirFromJonKatz.
  • I didn't go to LWE.

    But Hemos's reply to the LinuxPower story makes it sound like there were some real juvenile people there.

    As far as the Slashdot people acting like kings, maybe someone had inflated expectations. I don't know what the author expected at the Slashdot/OSDN booth, but he was probably one of just another 1000 geeks hanging around there expecting to get noticed. Taco and Hemos could spend all day shaking hands, do nothing else, and still piss people off. I'll be honest, I was impressed when Hemos replied to my wedding congratulations, I figured he had 100's of emails, and better things to do.

    George
  • or (common here, but not elsewhere):
    /. - slashdot
    ./ - moron typist


    I thought ./ was "run the executable from this directory."
    ___

  • I do not want targeted advertising. Look, you do not have to advertise to me.

    It won't get your "rights" back but why not use junkbuster [waldherr.org].

  • (mind you this is before Amazon diluted itself by selling so much crap, that buying books became a pain)

    Wow they really do sell Crap [amazon.com]

    -=MeMpHiStO=-

  • I have been boycotting Amazon since the patent fiasco.

    Now I have deleted credit card info, mailing addresses, and broke my email and user names. (BTW, there is now a "Georgette Orwell" who Amazon thinks shopped there from 1997 until early this year.)

    I suggest everyone do something similar.

    -T
  • Apparently, the policies differ from country to country. Slightly. Or else they didn't update the German policy information page yet. It still says something on the lines of "No data will be given to third parties - except for anonymous analysis and improvement of the database." And statistics may be given to others - no surprise there. For those who want to have a look (and can read German): amazon.de [amazon.de]
  • what r u som kind of a goddammed jeew ?

    Goddamned Christians. Gas a few more, why don't you.

    And learn to spell. Jews usually get that much right, at least.

  • ...and then someone else can sell our personal info. Swell. Right now your personal info is already being sold left and right and there's not a whole lot you can do about it. Your options are to either enact some legislation to protect your personal info, shop offline with cash or get used to it.
  • I was trying to do this and gave up.

    Why?, you ask?

    The f***ing companies kept making me repeat the process. From one company I got notices once a month for 6 months before I gave up. Each notice required me to write and send them a letter fulfilling their requirements and the only way to make certain I was meeting all their requirements was to read every part of every paper they ever send me. I do that most of the time anyway, but eternal vigilence is tough in this case.

  • seems like you can change your name, email address by changing 'your account' settings. also, you can delete all the credit cards you've used, as well as all addresses you've shipped to. Of course, I have no idea what all that _actually_ does to their internal databases.
  • If someone was truly concerned about privacy (or wanted to make a profit off of those that were), it would be possible for them to put the privacy terms in the contract when people sign up. If someone did that they'd get my business.
  • I don't get it!

    The right to be anonymous and the right to privacy *are* *two* *separate* *matters!*

    I might want to be anonymous, if I lived under an opressive government, or did something my neighbours would not like (or did something criminal). Privacy, I want regardless of wether someone has a database on me or not. If Amazon has an automated script that picks out books I'm likely to buy, that is not a privacy issue. If someone calls me in the middle of dinner to sell me books, it is a privacy intrusion, regardless of wether they got data from amazon or simply rolled up my number.

    I want laws that regulate the *use* of personal data rather than the act of collecting it. If my data cannot be used by telemarketers, there is no longer any point for dotcoms to collect more than they need.

  • I am so sad at how most of course can easily talk, but when it comes down to taking actions. Can't. After the one-click patent thingy, Everyone was yelling, boycott Amazon! Vote with your money! Since then, I have actually done so. I have never purchased a single item from them! I use their site, to checkout books, perhaps read user reviews, but when it comes down to buying, I find other sites. I am just curious to how many people are still maintaining their boycott?

  • Ok, what happens to people who have signed for an account *before* this change in policy?

    As far as I know, when you sign up for such a service, you agree to the terms of usage displayed to you at that time. You are not forced to agree to the change in policy later on. Call up Amazon and request for an IMMEDIATE deletion of your account or change of personal info.

    Of course, Amazon might tell you its done and still sell your info afterwards, when it goes bankrupt(yay!). The question is: How do you know your info has been deleted? What will prevent Amazon from selling information about customers who signed up *before* the change in policy?

    Do you Americans have some law that can help ?

    Thanks for reading

  • by arivanov ( 12034 ) on Friday September 01, 2000 @04:26AM (#811924) Homepage
    Removing the information from the site and from the database are two different things. Very different.
  • dunno,...

    I think that the only way to make understandable rules for internet companies is to have TLD based legislation. That is, for .com, .com law apply (MPAA gets their way etc) for .org another set of rules, for .uk brittish law and so on. Us law should only apply to .us domains.

  • Concerns were brought to the forefront this year when Internet advertising broker DoubleClick was criticized for a plan to market a record of Web pages consumers have visited...

    Forget that noise about Amazon - this line from the article bothered me even more. Has anyone else heard about this?

    This is NOT the same as selling data I willingly provided to Toysmart or Amazon. One involves consent and the other does not. I agree with the /.ers who are saying the Amazon news is no big deal - it's not. Although changing user agreements after the fact is a bit underhanded, I'm not concerned about my personal data. Brick and mortar and credit card companies sell it all the time. If you don't like it then pay with cash and don't give Radio Shack your address. Or you don't shop online. Simple.

    But DoubleClick's plan sounds so much more sinister. The thought of being stalked while I surf is disturbing enough - but I can't abide the possibility of receiving all kinds of spam (both regular and electronic) simply because I visited a site. I'm all for target marketing - that's why I don't mind giving my info to Amazon, Buy.com (when I buy something) and signing up for emailing lists of my choosing. But just because I go to a site looking for erotic pictures of Jennifer Lopez does not mean I am on the prowl for a new buttplug.


    -------

  • I know what you mean about discount cards. I don't use one at my local Sainsburys supermarket even though it would save me a few %.

    Supposedly, they use the info about what kind of things you buy to target certain products or adverts towards you.. But......

    My "fun" idea was to confuse their data as much as possible by deliberately doing ridiculous things. For example, buy all your shopping except specific items without the card and then go back and get the remaining items using the card, but make sure they are a wierd combination. eg, only ever use the card when you buy knives, glue, alcohol and other potentially harmful things. or whenever you use your card, buy nothing but 120 toilet rolls. or 30kg of rice!
    Imagine the stupid junk mail you would get sent by whoever they sell your info to!

    (okay, to real ppl it's probably not funny, so i must be a loon)
  • by Lucius Lucanius ( 61758 ) on Friday September 01, 2000 @04:30AM (#811928)
    By definition, a privacy policy is an arrangement to not reveal something. If it can be changed later without the customer's knowledge, what good is it?

    Reminds me of the Seinfeld episode where he reserves a car, and when he gets to the rental place, finds out his reserved car is gone. Anybody can take a reservation, the whole point is to keep it, he reminds the clerk. It's the same with a privacy policy. What good is it if it is sold off later?

    There seems to be no solution to this. nobody can guarantee that a company will stay in business, and there's no law that prevents a privacy policy from being changed (or they wouldn't be doing it).

    Is there an industry standard which can be realistically followed, and is there an incentive for it?

    LL.
  • From the privacy notice:

    Information from Other Sources
    For reasons such as improving personalization of our service (for example, providing better product recommendations or special offers that we think will interest you), we might receive information about you from other sources and add it to our account information. We also sometimes receive updated delivery and address information from our shippers or other sources so that we can correct our records and deliver your next purchase or communication more easily.
    {...}
    What Choices Do I Have?
    {...}
    Click here to explore products that offer anonymous browsing. In addition, the Federal Trade Commission provides useful information about online privacy on its own Web site, Site Seeing on the Internet.

    Dear customer,

    We are building a large distributed database of your personal information. This information can get out of our hands at any time so, to ensure that other companies get the right information, we will even update it automagically by sharing info between our "circle-of-friend-companies-we-trust-and-you-can-a lso-trust-cause-they-are-pretty-and-love -flowers-and-all" and using high-tech heuristics to be sure we know precisly where you live and if you wear boxers of briefs.

    What Choices Do I Have?
    Actually, you need a big and complex piece of software whose only goal is to guard you from big companies like us. We sure hope it's got better heuristics than ours. Actually, it's a big game! You try to hide your info, and we try to get it! If we win, you don't know, but if you do win, you may get a prize!

    Dear sir ~MegamanX~, this is Joe from Amazone. You won a car in the privacy contest. Could you give us your address so we can ship it to you. Check here if you want to receive emails of our special offers...

    Oh well... grrr...

    phobos% cat .sig
  • by FatouDust ( 197743 ) on Friday September 01, 2000 @04:43AM (#811931)
    This brings up an interesting issue. Why do all subscription/registration systems provide Sign Up Here! methods, but not Get Out Now! methods?

    On occasion, I have signed up for various services online, from newsreaders to tea companies. Over time, for various reasons, I have decided to stop using some of these services. But at the website, I can't unregister. I have no way of completely removing my information and account. I have no way to ask that my name be at least deactivated and at best deleted from their databases. Why is this? Shouldn't I be able to get out as easily as I got in? Wouldn't it even be beneficial to these companies to save the cost of maintaining info on someone who is no longer interested or satisfied with their products?

    DBA's out there...is it feasible, practical, to completely remove a user's record from your data on request? Obviously you can't nix the transactional records, but could you pull the salable information if I asked you to? When I call up and ask you to remove my info from your systems, do you? Do I have any way to verify that you have?

    In Amazon's case (and many others, I suspect), I would have carefully checked the privacy policy before I first gave my details. But when major changes such as these come about, suddenly, I have no method to dissent. I can't get my information deleted, and I can't un-join now that the policy is no longer satisfactory.

    At the very least, changes like these should only be allowed to be valid from the time of the change forward. So, transactions I made in the past, under a previous policy, would not be eligible for sale. Transactions going forward after notification, would be. Then, if I had the ability to delete my details, I would be satisfied (albeit not happy) with the process.

    ---
    "The Constitution...is not a suicide pact."
  • by Stu Charlton ( 1311 ) on Friday September 01, 2000 @04:46AM (#811932) Homepage
    This is not flamebait, this is a happy amazon customer wishing to express his opinion on the matter.

    I've been using Amazon.com since 1997. In that time I've bought hundreds of books, CD's, DVD's, VHS's and, more recently, electronics. I have no problems with Amazon keeping my customer info. This way, I actually get things that *I LIKE* on my front page whenever I log in. They have my preferences down quite well. I just bought a 61" TV from Amazon too, and received it in a week with free shipping. That's way better than the local Circuit City was going to do for the same price.

    Rob, I have no idea what you're talking about when you say that book buying is so much more annoying now that they sell all kinds of crap. You search for the book, you add it to your shopping cart (or 1-click) and you're done. There's virtually NO difference in book buying now as opposed to before Amazon diversified. Opinions like the ones Rob stated seem to me to be rationalizations of "why we should hate amazon".

    My experience that Amazon's customer service and quick delivery has always kept me pleased. WAY more so than Fat Brain or Barnes & Noble who have both delayed several orders by an inordinate amount of time without so much as sending me an email explaining the situation. FatBrain has especially horrible for this -- being out of stock, mis-estimating ship times, messing up shipping information, etc.

    If Amazon goes bankrupt, of course I care that my info goes out, but how does this differ from old mail-order catalogues of the past? The technology is more sophisticated, but there is nothing stopping Sears, LL Bean or Eddie Bauer from keeping track of your purchase history. If they go bankrupt or are sold, there's nothing stopping that data from getting out. I care about my privacy, but I also understand that Amazon is not *freely* selling my info, they're just allowing for the possibility of this if they go belly up.

    It's quite hypocritical how techies scream when politians want to apply a "new standard" to the Internet in terms of censorship, but themselves want to apply a "new standard" to the Internet for privacy laws.

    If they want to try to patent 1-click, that's their choice, and it will be decided in the courts. In the court of customer service, they've won by my experience. It's just a matter if they can turn that into profits some day.

  • now, why is this in the "from the time-to-cancel-accounts? dept."?

    you cancel an account, I doubt it gets deleted from their database. it's probably just flagged as inactive.

    truth be told, it is an asset that can be resold. UNLESS they specifically told you when you signed up that they wouldn't resell this information. If so, and they do resell it, then those are probably grounds for a civil suit.

    I personally can't remember if they stated in the submission form whether they stated that they wouldn't resell this information, so I can't say whether there is grounds for any suit. Also, they said that it's only in the case of bankruptcy, and I don't see that happening. Also, merger/takeover doesn't count as bankruptcy.
  • I use a cell phone, and never answer the (emergency only) land line. Oh, and I had applied for this cell phone from another cell phone, and then cancelled the first one. They have no number other than my new cell to contact me. Solicitors are not allowed to call cell phones because it incurs a user cost also. I use a P.O.Box, so that people can't tell where I live, and I intend on changing it every year so that I won't get any mailings I don't want. It makes it somewhat inconvenient, since all of my bills go there, but I figure I can always update the information when necessary. I didn't forward any of my school information to the new workplace I have.

    Basically, I'm making it as difficult as possible for anyone to track me for a prolonged period of time. If they're going to collect information about where I am, I can endeavor to change that fact.


    yours,
  • In order to be in business at all these days, companies have keep a huge database of stuff. Not just the normal things, like what you sold, when, and for how much. Remember, we use book-entry settlement to buy and sell things: checks, credit cards, direct-debit/deposit, even ostensible credit-card transaction gateways like PayPal. Book-entry transaction settlement means that a company has to know who the they did business with as well -- down to their customers address, and, sooner or later, their biometrics as well.

    The reason for this is that we have to send someone to jail if they lie about a book-entry transaction, or, frankly, those transactions won't clear, much less settle, and we're back to the days of personal store credit and bales of paper bearer certificates, all of which cost much more to use than just calling the cops.

    So. You're in a finance department, say at Amazon. You've got a huge database with all this stuff in it, names, addresses, phone numbers, who bought what and for how much. You pay an enormous amount of money keeping it around, massaging it, storing it, reporting on it. It's gotten so necessary to have, in fact, that because it's all there, the government now wants to see it all, once a quarter, so they can tax and regulate you with it. A fine kettle of fish, indeed.

    So, what are you going to do to make money with all that information, to cover some of its enormous cost? You call the Marketing guys, of course, and get them to sell it...

    I expect, by the way, that the cheapest way to do transactions, particularly on the net, will be digital bearer transactions, with cryptographic protocols like blind signatures, or X-Cash, or MicroMint, or Mojo, or something like that, but I'm supposed to say that, because it's my job.

    In the meantime, don't be surprised if anyone with a database full of book-entry transaction history sells that information, for whatever they can get for it, and that they will even create legislation allowing them to do that, probably with the word "Privacy" in the title somewhere.

    This especially holds true for the book-entry transaction companies themselves, like VISA/Mastercard, or, unfortunately, even PayPal itself. Because, even if by law a company can't directly sell that that information, they can, at the very least, always merge, right?

    _________
  • it is possible that amazon germany isn't allowed anymore to send personal data to amazon US. see my earlier post for a very short explanation.
    countries in the EU actually have laws protecting your privacy...

    //rdj
  • Not to mention the newly opened French subsidiary, amazon.fr [amazon.fr]. In France, the law on personal data stored on computers [legifrance.gouv.fr] is extremely strict (borderline paranoid, in fact).

    Now if such a customer file is shared by amazon between several countries, it must be kept in compliance with the law of every country in question.

    So if you're not happy with amazon keeping personal info on your subject, go to amazon.fr, check that the info is indeed shared with amazon.com, and write them ("them" being amazon.fr) a letter (in formal French, of course) stating that you wish to exercise the rights vested upon you by article 36 of the aforementioned law 78-16 of january 6, 1978, and that in compliance with that law they must strike the information concerning you from the record (you can claim, e.g., that it is obsolete). Somehow I doubt they'll make a special effort to remove the info in amazon.fr and not in amazon.com, so they'll have to remove it completely.

    (I only mention French law because I know that particular one. But maybe German or English law (for amazon.de or amazon.co.uk) could let you achieve the same results.)

    Somehow I feel that we'll have to stand the "socialist Europe" cliché again...

  • "Willingly Provided" isn't strictly accurate. It was provided on the basis that it wouldn't be sold, so it's not true to claim consent for its sale.

    Maybe...

    We reserve the right to make changes to our site, policies, and these conditions of use at any time.

    ... or maybe not. I'm fully aware that practically every Conditions of Use statement has this short but subversive clause. This in effect is the consent to resell personal data should they decide to do that. I'm not agreeing or defending - I think it's bullshit. But by providing the personal data you are consenting. If you think they'll change their privacy policy and sell your data then you don't provide it.

    IMO, privacy policies are a frappin' joke. They don't mean shit if the terms can be changed at a corp's discretion.


    -------

  • by ziggy_az ( 40281 ) on Friday September 01, 2000 @05:59AM (#811954)
    I simply replied to their email:

    --
    I hereby decline to accept your agreement, and direct you to remove any
    and all information pertaining to me from your databases. Sale of
    information pertaining to me may be done so only for a fee payable
    directly to me. I hereby set that fee to be $10,000 US dollars for each
    instance of my name and other information about me being attached to a
    list being sold by Amazon.com. Sale of a list which includes information
    about me constitutes acceptance of these terms.
    --

    I don't know if this is legally binding, but it seems like it may provide them incentive to remove my information, and makes clear that I will no longer do business with them because of this change.

  • I called their customer service number because there is no link I could find on the web site for cancelling one's account.

    Toll-free in the U.S. and Canada: (800) 201-7575
    Outside the U.S. and Canada: (206) 266-2992

    I was on hold for quite a long time (about 15 minutes) so they appear busy. Their computer system was running slowly, too; it took several minutes to locate my account record.

    The customer service person was completely unfazed by my request to delete my account information and my complaint about the revised privacy policy. I suspect mine was not the first call for that purpose today.
  • I went to do the same thing, and funny.. there was NO link on their account page to cancel my account.

    How do you cancel an account with any of the on-line purchase places? None of them that I've scene even HAVE a cancel option... Hell, even SLASHDOT doesn't have a 'delete my id' option....

    Even if they do 'cancel it', how do you know it's really been cancelled? Are they legally required to delete your account?

  • I ordered $ 194 worth of books at amazon last Thursday, and I have to admit, I'm not impressed anymore - and I've been a loyal customer for years.

    To start, despite all the books I ordered being "Usually ships in 24 hours", my order was not shipped until Saturday - two days after the order. I remember when orders were almost invariably shipped a few hours after being placed.

    It added somewhat to my irritation that, although the order was placed on the 24th and shipped on the 31st, it claimed delivery would be between the 31st and the 5th. Since shipment via UPS ground almost invariably takes three days, this was an absurdly pessimistic range. My order actually arrived, to my relief, on the 30th - just when I thought it would.

    Finally, out of the ten-odd items I ordered, instead of sending me William Goldman's sequel to Adventures in the screen trade, they sent me a well-written but surely unrelated SAP: The Inside Story. I'm not inclined to send it back, since that's more trouble than it's worth, but I'm not inclined to appreciate what they did, either. Any suggestions as to what to do about this would be appreciated.

    Now, I wouldn't be that upset about this if it weren't for the fact that poor service from Amazon now appears to be a common complaint. See this review:

    http://www.epinions.com/book-review-217D-2788EE3 F-39902617-prod5

    After seeing their current service, I have to agree entirely. It's sad to see this kind of decline in a one-time king of customer service, despite their recent privacy problems. But there it is.

    D

    ----
  • I had to reply to this whole article. I love Slashdot and its people, but my God .. you people just love to bitch at stuff a little to much.

    First off, there is lots of information being passed around on you as we speek. There is NO notification that you get when this happens, and there is nothing you can do to stop it. Its to late your information is out there being analized, sold and reanized all the freekin time. No company ever tells you when they sell you informaion - this also go's for the government.

    Amazon.com is the only company decent enough to let you know what they are doing with your information, and yes if you don't like there policy then you don't have to shop there. That's why the sent out the press release in the first place, but to bash Amazon.com because its doing what every other company does (including the Government) is just plain retarded. You don't see any other companies with the guts to do what Amazon has done... so give the company some damn credit, even you never buy something from them again.

  • While policies are almost designed to be slippery things, my reading of the new Amazon policy is that they'll transfer customer information along with their other assets to a company that buys them. Otherwise, the company would have just a domain name and a big warehouse full of books (and of course, a bunch of dubious patents!)--valuable assets, but not so valuable without the years of customer information that was built up. Compare that to Toysmart, as described in a techweb.com article [techweb.com]:
    In May, toysmart.com asked permission from the Federal Trade Commission to sell off its customer list to a third party, arguing that selling its directory was similar to a company acquiring the information in an acquisition.

    Kogut countered that it was not an acquisition, or even a sale of 100 percent of the company's assets. Instead, only a portion of its assets was involved.

    But everybody's fears are well-founded. We can't control changes in company privacy policies in the U.S., and we'll have a damn hard time enforcing those policies if they're broken.
  • I tend to agree with your statement in general but books are something special. Seeing what someone reads tells you a great deal about both their political belifs and personal problems.

    Moreover information from book sales is much more damning. This information that I browsed web pages about cancer is virtually meaningless it could have been idle curiosity looking up some piece of info for a friend or just settling an argument. If however I bought a book detalining ways of coping with cancer it is virtually guaranteed I, or a close associate, actually has the disease.

    This kind of information could play havoc politically. THe knowledge that Gulianni had cancer significantly effected the new york elections...certainly if this sort of information were leaked about a politician. Even worse would be information leaked that a politician was reading a socially disapproved book...what if they bought a work by karl marx...leaking this could certainly turn an election
  • You better keep shopping with us, or we'll go out of business and tell the whole WORLD what you've been buying!

    - Isaac =)
  • by Th3 D0t ( 204045 ) on Friday September 01, 2000 @06:27PM (#812004)
    Your credit card company already has and has sold the information of everything you buy over the internet anyways. Why would companies even want Amazon's records if they already have the much better credit card records?
    ---
  • Opt-Out. [cdt.org]Brought to you by the Center for Democracy and Technology. For all your privacy needs
  • But they DID NOT give customers the opportunity to delete their information. So I would consider their move to be sleazy at best. Yet another reason to forget about Amazon [slashdot.org] for now.

    More seriously, though, most privacy policies are garbage. I'm not a big fan of regulation, but there has got to be something that enforces good practices here, since the vendors clearly don't give a shit.

    sulli

If this is timesharing, give me my share right now.

Working...