Privacy groups on both sides of the Atlantic are calling on government agencies to investigate Amazon.com’s U.S. and U.K. operations.
The groups are alleging that Seattle-based Amazon.com violated U.S. trade practices and data protection laws in the United Kingdom.
In a letter to the Federal Trade Commission (FTC) Wednesday, the Electronic Privacy Information Center (EPIC) in Washington and Junkbusters Corp. in Green Brook, N.J., asked the agency to determine whether Amazon deceived its U.S. customers by changing its privacy policy to permit disclosure of personal customer information, the groups said in a statement.
The two groups charged that Amazon’s new privacy policy is inconsistent with its previous policy, which said it would “never” disclose customer information to third parties, and is therefore deceptive and illegal under FTC regulations.
Jason Catlett, president of Junkbusters, said Amazon’s new privacy policy states that in certain circumstances it releases customer account and personal information, including exchanging information with other companies and organizations for fraud protection and credit risk reduction.
Catlett said Amazon has removed the option allowing customers to send an e-mail requesting that the online retailer not share their personal data with other companies.
“If Amazon gets away with this we are going to have to revise the meaning of the word ‘never’ in dictionaries,” Catlett said.
But Amazon.com spokeswoman Patty Smith disagreed with the information presented by the privacy watchdog groups.
“[Privacy] is a serious issue for Amazon,” Smith said. “We feel we have a customer-focused privacy policy. We are not in the business of selling customer data, and we never will be. We treat customer data with great care.”
Smith said Amazon’s new privacy policy allows the company to sell customers’ personal information only under certain circumstances, including if Amazon or one of its business units is sold.
“If we sold our bookstore tab, the only customer data we would sell would pertain to the bookstore,” she said.
She added that Amazon would give customers the opportunity to have their personal information deleted before it was sold to another company.
Catlett, however, said he has asked Amazon to delete his account and destroy all his personal information. He said Amazon told him it couldn’t honor his request because “it is part of our business transaction records.”
On the other side of the Atlantic, Privacy International, a London-based human rights organization, sent a letter to the U.K. Data Protection Commissioner, asking that he stop Amazon’s U.K. affiliate from processing customer data until it complies with the U.K. data protection law. Privacy International alleges that Amazon is in violation of that law, which, in part, requires companies to show their U.K. customers all information about them and to delete it on request.
The U.S. groups are asking the FTC to stop Amazon from disclosing customers’ information without their consent; to require Amazon to offer its customers the option to delete all information about their identity and purchases; and to require Amazon to tell each customer who asks exactly what information it has disclosed or exchanged with other companies and to provide each customer complete access to his customer profile.
FTC spokesman Eric London said the agency would review the information sent to them by EPIC and Junkbusters.
Catlett said for the past several months, Amazon has refused to comply with the demands set for by EPIC and Junkbusters. On Sept. 13, EPIC and Junkbusters severed their ties with Amazon. At that time the groups told Amazon that they could no longer participate in Amazon’s affiliate program.
Amazon affiliates put a link on their Web sites directing customers to Amazon’s Web site.They receive a referral fee each time they direct business to the online retailer.
Barrett Ladd, an analyst at Gomez Advisors Inc. in Lincoln, Mass., said Amazon was almost forced to change its privacy policy.
“Amazon has so many [partners] – other online companies that they invest in like Drugstore.com and Greenlight.com with whom they share customer data back and forth — that they almost have to have that [new] policy because they don’t want to get hurt if those affiliates use their customer data,” she said.
Smith said the only time Amazon would share customer information with one of its partners like Drugstore.com would be if that customer chose to complete a transaction with Drugstore.com.
“We may give the customer’s address to Drugstore.com to make it easier for Drugstore.com [to ship the goods],” Smith said. “But we would never tell Drugstore.com about your book or CD purchases.”
