Amazon officials said the posting of the new policy and the massive round of e-mail notifications weren't driven by complaints from customers. But they added that the online retailer wanted to clarify where it stood because online data privacy has become such a hot-button issue for e-commerce companies, consumers and government regulators.
An Amazon spokeswoman added that the company hopes the revisions will further strengthen its customer trust, given the importance that's become attached to protecting the personal information of online shoppers and other users of the Web. "The whole notion of privacy on the Internet has gained currency," she said.
One key modification made by Amazon is a promise that it won't trade personal data to other companies without first getting permission from individual customers. The company previously reserved the right to buy, sell and trade such information at will, although the spokeswoman said it never actually did so.
Washington lawmakers this year have been debating whether the government should enact new privacy laws, a step favored by the U.S. Federal Trade Commission. But companies are trying to head off the need for legislation with self-policing steps. For example, several industry groups have proposed sets of voluntary data privacy guidelines.
DoubleClick Inc., American Express Co. and others also have created a new executive position: chief privacy officer. That job is designed, in part, to indicate that a company heeds customer fears about the corporate buying, selling and swapping of consumer profiles.
Amazon didn't go so far as to anoint a chief privacy officer. And under its new rules, the company won't stop collecting personal information. But its revised policy spells out in greater detail what kind of data Amazon gathers from customers and what it will or could do with the information.
For example, Amazon made more clear the fact that, like most other marketers, it obtains consumer profiles from third parties and melds that information with its own customer databases. The company also is now letting customers know that privacy-protection options exist, such as the ability to block Internet cookies or to install software designed to mask or delete the virtual footprints users leave as they visit Web sites.
However, Amazon's new policy advises users not to go too far in guarding their personal information. For example, the company recommends that customers refrain from disabling cookies. According to the policy, cookies are needed "to take full advantage of some of Amazon.com's coolest features."
Such uneasy tension between personalization and privacy is a growing problem for companies engaging in e-commerce and their customers, said Jonathan Gaw, an analyst at International Data Corp. in Framingham, Mass. "The more you personalize, the more you encounter privacy questions," Gaw noted.
But he added that the new Amazon policy is useful because it more explicitly says what happens or could happen to the nuggets of personal information left by the company's customers. Gaw advised other online retailers to take similar steps if they haven't already.