|June 11, 1999
Re: Childrens Online Privacy Protection Rule -- Comment, P994505
Amazon.com, Inc. ("Amazon.com") respectfully submits the following response to the Federal Trade Commissions (the "FTC" or "Commission") request for comments concerning the Notice of Proposed Rulemaking (the "Proposed Rules") to implement the Childrens Online Privacy Protection Act of 1998 (the "Act").
Amazon.com Recognizes the Importance of Consumer Privacy
Amazon.com clearly and easily gives consumers the ability to "opt out" of certain practices including being contacted by the company regarding promotional offers or new Amazon.com services and having their information disclosed to third parties (should Amazon.com decide to make such disclosures in the future). Amazon.com goes to great lengths to protect the consumer information it collects. It restricts employee access to the information and invests substantially in technological means to prevent unauthorized electronic access to its databases.
Amazon.coms pro-consumer privacy policies have contributed to its strong brand recognition and customer loyalty in a fiercely competitive market: as of its last quarterly report (filed with the Securities Exchange Commission in April 1999), 66% of Amazon.coms then 8.4 million customers were repeat purchasers. As of the date of this letter, Amazon.com has earned the confidence of over 10 million customers.
For all of these reasons, Amazon.com fully supports the intentions of Congress and the Commission to address consumer concerns regarding online privacy. As discussed further below, however, Amazon.com believes the current draft of the regulations is likely to interfere with the overall customer experience and inherent benefits of the Internet as a commercial medium.
Industry Self-Regulation is Beginning to Take Hold
The Georgetown Survey indicates that approximately 66% of the sampled websites post privacy disclosure statements as compared to 14% of the websites sampled by the FTC in its own study just one year ago. The remarkable speed of this industry movement reflects both the growing importance of electronic commerce in the retail world and the agility of Internet businesses to address concerns of online consumers. Such a rapid response is unrivaled by off-line marketers. More importantly, this momentum shows that the industry is not only aware of privacy issues, but is also working hard to resolve them in a reasonable amount of time, limiting the need for governmental regulation.
The Unique Nature of the Internet
The Internet is a new medium of commerce that has the potential to offer consumers unparalleled convenience, personalized service and tremendous value. One of the Internets greatest benefits is its immediacy, allowing online participants to interact in real-time. Requiring operators and customers to take off-line action to obtain and provide prior consent or to verify identification before releasing information that has already been collected would threaten to destroy this important benefit. Every phone, mail, fax or other off-line communication interferes with and degrades the completely interactive nature of the Internet.
Another significant advantage of the Internet is the ability to offer the consumer a shopping experience that is personalized to meet his or her specific needs and preferences. Regulations that unreasonably limit the responsible collection or use of such information will limit the development and implementation of these personalization features. Further, every requirement that an operator segregate certain customer information for a particular purpose (for example, for deletion under certain circumstances, but not others) would necessitate additional programming and cumbersome database management.
Any requirement to treat specific classes of customers differently is particularly difficult over the Internet, because unlike virtually any traditional sales environment, it is a largely anonymous medium. Without the opportunity to respond to a potential customer in person, online vendors often have no reasonable basis to know whether they are dealing with a child or an adult based simply on the nature of the customers purchases.
The governments laudable effort to protect children from unscrupulous practices on the Internet must be directed with precision at the sources of such problems to avoid interfering with responsible Internet businesses that neither target children particularly, nor abuse data or privacy generally. The Commissions Proposed Rules should therefore be carefully crafted to fit the online model, requiring participants to engage in off-line communications only to the extent absolutely necessary.
While off-line solutions are not practical in the online marketplace, the standards applied to analogous off-line activities are instructive. To the extent the Commission is willing to consider less stringent regulations for certain types of online conduct, it is informative to note that analogous off-line activities, including collection of childrens information, have not been subject to a requirement of prior parental consent or notification. For example, sellers of cereals, toys, childrens magazines, comics, and computer games, among many other products have long solicited children to "register," join clubs, obtain newsletters, and enter contests for the purpose of collecting childrens names, addresses, and interests. This information does not remain on slips of paper; but eventually becomes part of electronic databases and profiles. Amazon.com is not condoning these practices or suggesting that they forever remain outside the scope of regulations requiring parental consent. The FTC should, however, be sensitive, as we enter the digital economy, not to foster, encourage or create indirectly a type of discrimination or phobia against Internet businesses.
Amazon.com is not aware of a generally available digital signature system in the manner contemplated by the Commission. Amazon.com agrees that such a system would be good for Internet commerce generally as well as for the specific purposes identified by the Commission. For the time being, the use of a credit card as a substitute for a digital signature is the closest alternative. Amazon.com would like to see the Proposed Rules expressly affirm that an Internet business may presume that an individual entering a credit card is an adult, or has the consent of an adult. Amazon.com would also like to see the Proposed Rules acknowledge that a better digital signature system is not presently available and, therefore, be more receptive at this time to companies reliance on regular E-mail to obtain parental consent. The FTC should continue to encourage the development of an effective digital signature system. Current e-commerce pioneers should not be penalized for the state of technology; parents who give their children access to the Internet should bear a reasonable proportion of the responsibility.
The Guidelines Would Chill the Interactive Nature of the Internet
Many general, commercial websites, like Amazon.com, want to provide children-related products and services, among other products, and would expect to have at least some children visit the site. However, since general sites like Amazon.com have no way to know for certain who of its visitors are children, such general sites would arguably need to obtain verifiable consent from or for all of its users to collect any personal information in order to comply with the Proposed Rules. In view of the small percentage of visitors under 13 that may visit general merchandise sites, applying the regulations to these operators would create a disproportionate burden. For example, according to statistics gathered by Media Metrix, Inc. (an independent company that measures Internet audiences), during the month of March 1999, only 1.8% of Amazon.coms visitors were 11 or under. (Amazon.com believes this demographic has been consistent over time.) The broad definition of what constitutes a site "directed to children" and the corresponding stringent requirements of verifiable consent, would therefore chill website operators efforts to interact and communicate with their visitors. For general commercial sites like Amazon.com, this could curtail services and features legitimately available to adult consumers. In addition, this definition may have the unintended consequence of discouraging websites from having any child-related materials, much of which like books are clearly in the public interest. This cannot be the FTCs intentions and surely is not required by the statute.
The definition of a website "directed to children" should be refined so that it does not include general commercial sites that merely market or provide information about childrens products among other products, or that dress a portion of their sites in a child-friendly motif, such as Amazon.coms childrens book store. Similarly, an operator who markets a wide array of products, some of which are for children, should not be deemed to be a website "directed to children" simply because it organizes its website in such a way as to designate a separate area for childrens products.
1) the FTC should clarify that unless a general merchandise site (or portion thereof) expressly and specifically invites children to provide information, the Proposed Rules would only apply to the extent the operator has "actual knowledge" that it is collecting personal information from a child; and
2) the FTC should affirm that if the operator seeks and obtains a declaration from a visitor to such a site that she is "over 13," the operator may rely on such information.
The Guidelines Requirements Concerning Certain Practices Should Be Relaxed
The Commission should remove the requirement under Section 312.4(b)(1)(ii) concerning placement of notice "above the fold" for general merchandise sites such as Amazon.com. Requiring a general merchandise site to position notice of its information collection practices so that visitors do not have to scroll down to view the notice is unreasonably burdensome in light of the limited space on a website "page" and the small percentage of children that may visit such a site. The Commission should allow general merchandise sites to use their reasonable judgment concerning placement of the notice in view of the layout and design of their websites.
Further, the FTC should distinguish websites that make a business of profiling children and selling that data, from those that are legitimately trying to personalize a visitors experience with a site and to make the site more valuable to the visitor and her family. Under Section 312.5(c)(3) of the Proposed Rules, companies like Amazon.com should be permitted to collect personal information from children in order to provide value-added services to the child and her family, provided that a reasonable attempt is made to inform parents of the nature of the information collected, its use, and as long as the parent has an opportunity to "opt out."
Finally, Amazon.com would like to see the FTC clarify that once parental consent is obtained, only material changes that are reasonably likely to affect an ordinary parents decision should require new consent under Section 312.4(c) of the Proposed Rules. For example, a merger with a like-minded company in a similar industry, with intentions to maintain the current information collection practice, should not require obtaining new parental consent. At the very least, under such circumstances, an operator should be allowed to rely on E-mail notice to the parent with an opportunity for the parent to "opt out" of the "new" use.
Amazon.com has more experience with Internet commerce and related customer services issues than virtually any other company in the world. The issues presented by the Proposed Rules are of enormous importance to our company, our industry, and the growing number of people who daily rely on or enjoy the benefits of the Internet. Amazon.com appreciates the opportunity to comment on the Proposed Rules, and would welcome the opportunity to discuss any of the foregoing in more detail at your convenience, or otherwise assist the FTC in its consideration of e-commerce challenges.
What information do we collect? How do we use it?
How does Amazon.com protect customer information?
When you place orders or access your account information, we offer the use of a secure server. The secure server software (SSL) encrypts all information you input before it is sent to us. Furthermore, all of the customer data we collect is protected against unauthorized access.
What about "cookies"?
"Cookies" are small pieces of information that are stored by your browser on your computer's hard drive. Our cookies do not contain any personally identifying information, but they do enable us to provide features such as 1-Click(sm) shopping and to store items in your shopping cart between visits. Most Web browsers automatically accept cookies, but you can usually change your browser to prevent that. Even without a cookie, you can still use most of the features in our store, including placing items in your shopping cart and purchasing them.
Will Amazon.com disclose the information it collects to outside parties?
Amazon.com does not sell, trade, or rent your personal information to others. We may choose to do so in the future with trustworthy third parties, but you can tell us not to by sending a blank e-mail message to email@example.com. (If you use more than one e-mail address to shop with us, send this message from each e-mail account you use.) Also, Amazon.com may provide aggregate statistics about our customers, sales, traffic patterns, and related site information to reputable third-party vendors, but these statistics will include no personally identifying information.
We are committed to protecting your privacy. We use the information we collect on the site to make shopping at Amazon.com possible and to enhance your overall shopping experience. We do not sell, trade, or rent your personal information to others. We may choose to do so in the future with trustworthy third parties, but you can tell us not to by sending a blank e-mail message to firstname.lastname@example.org. If you never want to receive any announcements or special offers from us, visit your Amazon.com Subscriptions page to change your preferences. Remember to change your preferences for each of the e-mail accounts you have given us.
Tell us what you think
Amazon.com welcomes your questions and comments about privacy. Please send e-mail to email@example.com.
Your Amazon.com Bill of Rights