issue 09/15/2000

Novel:
vCity 1.0
by Dr. Adam L. Gruen
20 days in the life of a 21st century virtual city simulation.

otherstuff:
Mindjack Radio
Powered by WWW.com

Mindjack Store
Buy Mindjack t-shirts and other apparel.
temporarily unavailable

Mailing List
Get informed of site updates.

by Jon Lebkowsky

Amazon.com recently updated its generally well-conceived privacy policy, and as part of the update added a disturbing section on "business transfers":

As we continue to develop our business, we might sell or buy stores or assets. In such transactions, customer information generally is one of the transferred business assets. Also, in the unlikely event that Amazon.com, Inc., or substantially all of its assets are acquired, customer information will of course be one of the transferred assets.

What's troubling here is that Amazon explicitly claims ownership of customer data. Think about it: it's clear that personal data is inherently commodified in "information age" economies, and if personal data is a commodity, how do you determine ownership? It seems clear to me that individuals should own their own data, which means that an individual would explicitly control the uses of that data, including verbal expressions, demographic data, etc., at least insofar as it is linked to their identity. (There's still a question in my mind about the ownership and use of anonymous aggregate data). If someone wants to use your data, it should only be with your explicit consent, which is to say that Amazon could only change the rules about the use of your data if you agree to the change. (Amazon probably assumes that, by publishing this change and notifying affected users, they've created a situation wherein ongoing use of the system implies consent. But should this be the case?)

Amazon is responding to action in the case of Toysmart.com, a bankrupt company which had posted a privacy statement saying that data about its customers would not be shared with third parties. However when the company's finances went south, it tried to sell customer databases as part of its assets. The Federal Trade Commission filed a lawsuit to prevent the sale of the customer database without restrictions including a requirement that the buyer be 'qualified,' and provide customers an opportunity to opt out of the customer database.

The crucial issue here was that Toysmart was not keeping the promise articulated in its privacy policy. Amazon, a company which has never realized a profit and may have to be sold at some point, has created a privacy policy which would not create a barrier to the transfer of customer data, at least not based on the privacy contract. Amazon realizes the business asset value of its customer data.

Wholier-than-thou Dept.: If I was Amazon, I would do the same thing. Since I'm not Amazon, I can rant about this practice and imply slime.

Actually, I can't complain too much, because I've always said that the key issue in cases like this is disclosure: do I know that the site is collecting data about me? Do I have an opportunity to opt out? (Of course, one can always opt out by leaving, but what of data that's already been collected up front?) Is the site offering me anything in exchange for the opportunity to use my data? And (most important), if I'm an average bloke with no particular technical or legal prowess, are these issues/choices presented to me in a way that I can clearly understand?

So on the plus side, Amazon has made disclosure and has provided a clear and readable privacy statement. On the down side, this change is retroactive; it was made after I fed my data to the beast.

<Heaving a deep sigh> Complicating all this is the fact that I really love Amazon... I have my fingers in two Amazon associates programs, and I buy books and CDs there. When I want information about a book, I use Amazon as a reference. It pisses me off that I have to make this rant.

But it's part of where we are today. The ecommerce shakeout is happening; boom dot bust, as the Firesign Theatre says. We're in recovery from dotcoms, we're clean and sober, and we're starting to look at the Internet and ecommerce with a whole new set of eyeballs. And we absolutely have to think critically about what we are seeing.

There should be no legal framework within which my data can be considered someone else's asset. If I loan the use of my data to Amazon.com to facilitate sales, it's still my data, not Amazon's to sell, despite the privacy statement or agreement.

You wouldn't think this would require legislation, but it might, so get wired with your congressman and convince him that we need to look at this stuff very carefully, while we're in a bit of a business-to-consumer ecommerce slump, before the next round of aspiring net.retailers figure it out and begin the next phase.

b i o :
Jon Lebkowsky has been soaking in Internet culture and community for the last decade. He's served as community host/moderator for the WELL, Electric Minds, and HotWired. He has written technoculture articles and rants for Wired Magazine, Whole Earth Review, The Austin Chronicle, 21C, Factsheet Five, Mondo 2000, and other publications, and was the "consciousness" sub-domain editor of The Millennium Whole Earth Catalog. As co-founder and former CEO of FringeWare, Inc., he was a pioneer in electronic commerce and its relationship to online community. An Internet activist, he was actively involved in initiatives of the Electronic Frontier Foundation and the Global Internet Liberty Campaign. He recently served as Online Community Director for WholeFoods.com and Web Technology Director for WholePeople.com.