Donald S. Clark, Secretary

Federal Trade Commission

Room H-159

600 Pennsylvania Ave., N.W.

Washington, D.C. 20580

Re: Children’s Online Privacy Protection Rule -- Comment, P994505

Mr. Secretary:

Amazon.com, Inc. ("Amazon.com") respectfully submits the following response to the Federal Trade Commission’s (the "FTC" or "Commission") request for comments concerning the Notice of Proposed Rulemaking (the "Proposed Rules") to implement the Children’s Online Privacy Protection Act of 1998 (the "Act").

Amazon.com is committed to becoming the world’s most customer-focused company. Reaching that goal requires more than selection, value and service – it requires that Amazon.com be extremely responsive to all customer concerns, including those relating to privacy. Accordingly, Amazon.com has been on the forefront of protecting the privacy of its customers, 100 percent of whom are online. Amazon.com has developed and adheres to a recognized privacy policy whereby Amazon.com provides notice to customers about the types of information it collects, how the information is used, and the extent to which such information may be disclosed to third parties (a practice Amazon.com has not yet adopted). A copy of Amazon.com’s Privacy Policy and customer "Bill of Rights" is attached to this letter.

Amazon.com clearly and easily gives consumers the ability to "opt out" of certain practices including being contacted by the company regarding promotional offers or new Amazon.com services and having their information disclosed to third parties (should Amazon.com decide to make such disclosures in the future). Amazon.com goes to great lengths to protect the consumer information it collects. It restricts employee access to the information and invests substantially in technological means to prevent unauthorized electronic access to its databases.

Amazon.com’s pro-consumer privacy policies have contributed to its strong brand recognition and customer loyalty in a fiercely competitive market: as of its last quarterly report (filed with the Securities Exchange Commission in April 1999), 66% of Amazon.com’s then 8.4 million customers were repeat purchasers. As of the date of this letter, Amazon.com has earned the confidence of over 10 million customers.

For all of these reasons, Amazon.com fully supports the intentions of Congress and the Commission to address consumer concerns regarding online privacy. As discussed further below, however, Amazon.com believes the current draft of the regulations is likely to interfere with the overall customer experience and inherent benefits of the Internet as a commercial medium.

Amazon.com is not alone in its efforts to protect consumer online privacy. As evidenced by the Georgetown Internet Privacy Policy Survey released in May, the majority of the online industry is addressing consumer concerns about privacy by providing notice and control to consumers concerning use and disclosure of their personal information. The Survey results suggest competitive pressures are leading to more consistent and responsible treatment of personal information collected online. Internet businesses need to act responsibly with consumer information or risk losing valuable business to more conscientious, consumer-oriented companies.

The Georgetown Survey indicates that approximately 66% of the sampled websites post privacy disclosure statements as compared to 14% of the websites sampled by the FTC in its own study just one year ago. The remarkable speed of this industry movement reflects both the growing importance of electronic commerce in the retail world and the agility of Internet businesses to address concerns of online consumers. Such a rapid response is unrivaled by off-line marketers. More importantly, this momentum shows that the industry is not only aware of privacy issues, but is also working hard to resolve them in a reasonable amount of time, limiting the need for governmental regulation.

The Internet is a new medium of commerce that has the potential to offer consumers unparalleled convenience, personalized service and tremendous value. One of the Internet’s greatest benefits is its immediacy, allowing online participants to interact in real-time. Requiring operators and customers to take off-line action to obtain and provide prior consent or to verify identification before releasing information that has already been collected would threaten to destroy this important benefit. Every phone, mail, fax or other off-line communication interferes with and degrades the completely interactive nature of the Internet.

Another significant advantage of the Internet is the ability to offer the consumer a shopping experience that is personalized to meet his or her specific needs and preferences. Regulations that unreasonably limit the responsible collection or use of such information will limit the development and implementation of these personalization features. Further, every requirement that an operator segregate certain customer information for a particular purpose (for example, for deletion under certain circumstances, but not others) would necessitate additional programming and cumbersome database management.

Any requirement to treat specific classes of customers differently is particularly difficult over the Internet, because unlike virtually any traditional sales environment, it is a largely anonymous medium. Without the opportunity to respond to a potential customer in person, online vendors often have no reasonable basis to know whether they are dealing with a child or an adult based simply on the nature of the customer’s purchases.

The government’s laudable effort to protect children from unscrupulous practices on the Internet must be directed with precision at the sources of such problems to avoid interfering with responsible Internet businesses that neither target children particularly, nor abuse data or privacy generally. The Commission’s Proposed Rules should therefore be carefully crafted to fit the online model, requiring participants to engage in off-line communications only to the extent absolutely necessary.

While off-line solutions are not practical in the online marketplace, the standards applied to analogous off-line activities are instructive. To the extent the Commission is willing to consider less stringent regulations for certain types of online conduct, it is informative to note that analogous off-line activities, including collection of children’s information, have not been subject to a requirement of prior parental consent or notification. For example, sellers of cereals, toys, children’s magazines, comics, and computer games, among many other products have long solicited children to "register," join clubs, obtain newsletters, and enter contests for the purpose of collecting children’s names, addresses, and interests. This information does not remain on slips of paper; but eventually becomes part of electronic databases and profiles. Amazon.com is not condoning these practices or suggesting that they forever remain outside the scope of regulations requiring parental consent. The FTC should, however, be sensitive, as we enter the digital economy, not to foster, encourage or create indirectly a type of discrimination or phobia against Internet businesses.

Amazon.com is not aware of a generally available digital signature system in the manner contemplated by the Commission. Amazon.com agrees that such a system would be good for Internet commerce generally as well as for the specific purposes identified by the Commission. For the time being, the use of a credit card as a substitute for a digital signature is the closest alternative. Amazon.com would like to see the Proposed Rules expressly affirm that an Internet business may presume that an individual entering a credit card is an adult, or has the consent of an adult. Amazon.com would also like to see the Proposed Rules acknowledge that a better digital signature system is not presently available and, therefore, be more receptive at this time to companies’ reliance on regular E-mail to obtain parental consent. The FTC should continue to encourage the development of an effective digital signature system. Current e-commerce pioneers should not be penalized for the state of technology; parents who give their children access to the Internet should bear a reasonable proportion of the responsibility.

Many general, commercial websites, like Amazon.com, want to provide children-related products and services, among other products, and would expect to have at least some children visit the site. However, since general sites like Amazon.com have no way to know for certain who of its visitors are children, such general sites would arguably need to obtain verifiable consent from or for all of its users to collect any personal information in order to comply with the Proposed Rules. In view of the small percentage of visitors under 13 that may visit general merchandise sites, applying the regulations to these operators would create a disproportionate burden. For example, according to statistics gathered by Media Metrix, Inc. (an independent company that measures Internet audiences), during the month of March 1999, only 1.8% of Amazon.com’s visitors were 11 or under. (Amazon.com believes this demographic has been consistent over time.) The broad definition of what constitutes a site "directed to children" and the corresponding stringent requirements of verifiable consent, would therefore chill website operators’ efforts to interact and communicate with their visitors. For general commercial sites like Amazon.com, this could curtail services and features legitimately available to adult consumers. In addition, this definition may have the unintended consequence of discouraging websites from having any child-related materials, much of which – like books – are clearly in the public interest. This cannot be the FTC’s intentions and surely is not required by the statute.

The definition of a website "directed to children" should be refined so that it does not include general commercial sites that merely market or provide information about children’s products among other products, or that dress a portion of their sites in a child-friendly motif, such as Amazon.com’s children’s book store. Similarly, an operator who markets a wide array of products, some of which are for children, should not be deemed to be a website "directed to children" simply because it organizes its website in such a way as to designate a separate area for children’s products.

Accordingly:

1) the FTC should clarify that unless a general merchandise site (or portion thereof) expressly and specifically invites children to provide information, the Proposed Rules would only apply to the extent the operator has "actual knowledge" that it is collecting personal information from a child; and

2) the FTC should affirm that if the operator seeks and obtains a declaration from a visitor to such a site that she is "over 13," the operator may rely on such information.

The Commission should remove the requirement under Section 312.4(b)(1)(ii) concerning placement of notice "above the fold" for general merchandise sites such as Amazon.com. Requiring a general merchandise site to position notice of its information collection practices so that visitors do not have to scroll down to view the notice is unreasonably burdensome in light of the limited space on a website "page" and the small percentage of children that may visit such a site. The Commission should allow general merchandise sites to use their reasonable judgment concerning placement of the notice in view of the layout and design of their websites.

Further, the FTC should distinguish websites that make a business of profiling children and selling that data, from those that are legitimately trying to personalize a visitor’s experience with a site and to make the site more valuable to the visitor and her family. Under Section 312.5(c)(3) of the Proposed Rules, companies like Amazon.com should be permitted to collect personal information from children in order to provide value-added services to the child and her family, provided that a reasonable attempt is made to inform parents of the nature of the information collected, its use, and as long as the parent has an opportunity to "opt out."

Finally, Amazon.com would like to see the FTC clarify that once parental consent is obtained, only material changes that are reasonably likely to affect an ordinary parent’s decision should require new consent under Section 312.4(c) of the Proposed Rules. For example, a merger with a like-minded company in a similar industry, with intentions to maintain the current information collection practice, should not require obtaining new parental consent. At the very least, under such circumstances, an operator should be allowed to rely on E-mail notice to the parent with an opportunity for the parent to "opt out" of the "new" use.

Amazon.com has more experience with Internet commerce and related customer services issues than virtually any other company in the world. The issues presented by the Proposed Rules are of enormous importance to our company, our industry, and the growing number of people who daily rely on or enjoy the benefits of the Internet. Amazon.com appreciates the opportunity to comment on the Proposed Rules, and would welcome the opportunity to discuss any of the foregoing in more detail at your convenience, or otherwise assist the FTC in its consideration of e-commerce challenges.

Respectfully submitted,

 

Mariam J. Naini

Associate General Counsel

AMAZON.COM, INC.

David Gabrieli

Government Affairs Counsel

AMAZON.COM, INC.

At Amazon.com, we are committed to protecting your privacy. We use the information we collect about you to process orders and to provide a more personalized shopping experience. Please read on for more details about our privacy policy.

When you order, we need to know your name, e-mail address, mailing address, credit card number, and expiration date. This allows us to process and fulfill your order and to notify you of your order status.

When you sign up for our Personal Notification Services (Amazon.com Delivers, Eyes, and Oprah®), we need only an e-mail address--which we use to send the information you requested.

When you submit a customer review, we also ask for your e-mail address, although you can choose not to have your e-mail address displayed with your review.

When you enter a contest or other promotional feature, we may ask for your name, address, and e-mail address so we can administer the contest and notify winners.

We personalize your shopping experience by using your purchases to shape our recommendations about the books, CDs, and other merchandise that might be of interest to you. We also monitor customer traffic patterns and site usage to help us develop the design and layout of the store.

We may also use the information we collect to occasionally notify you about important functionality changes to the Web site, new Amazon.com services, and special offers we think you'll find valuable. If you would rather not receive this information, visit your Amazon.com Subscriptions page to change your preferences. Make sure to change your preferences for each account or e-mail address you have left with us.

When you send a greeting through the Amazon.com Cards service, we ask for your e-mail address and that of the recipient in order to complete your request. Amazon.com will never disclose or send promotional e-mail to recipient addresses provided only to the Amazon.com Cards service.

When you place orders or access your account information, we offer the use of a secure server. The secure server software (SSL) encrypts all information you input before it is sent to us. Furthermore, all of the customer data we collect is protected against unauthorized access.

"Cookies" are small pieces of information that are stored by your browser on your computer's hard drive. Our cookies do not contain any personally identifying information, but they do enable us to provide features such as 1-Click(sm) shopping and to store items in your shopping cart between visits. Most Web browsers automatically accept cookies, but you can usually change your browser to prevent that. Even without a cookie, you can still use most of the features in our store, including placing items in your shopping cart and purchasing them.

Amazon.com does not sell, trade, or rent your personal information to others. We may choose to do so in the future with trustworthy third parties, but you can tell us not to by sending a blank e-mail message to never@amazon.com. (If you use more than one e-mail address to shop with us, send this message from each e-mail account you use.) Also, Amazon.com may provide aggregate statistics about our customers, sales, traffic patterns, and related site information to reputable third-party vendors, but these statistics will include no personally identifying information.

We are committed to protecting your privacy. We use the information we collect on the site to make shopping at Amazon.com possible and to enhance your overall shopping experience. We do not sell, trade, or rent your personal information to others. We may choose to do so in the future with trustworthy third parties, but you can tell us not to by sending a blank e-mail message to never@amazon.com. If you never want to receive any announcements or special offers from us, visit your Amazon.com Subscriptions page to change your preferences. Remember to change your preferences for each of the e-mail accounts you have given us.

By using our Web site, you consent to the collection and use of this information by Amazon.com. If we decide to change our privacy policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it.

Amazon.com welcomes your questions and comments about privacy. Please send e-mail to feedback@amazon.com.

1. The Amazon.com Safe Shopping Guarantee protects you while you shop at Amazon.com, so that you never have to worry about credit card safety.

We guarantee that every transaction you make at Amazon.com will be 100% safe. This means you pay nothing if unauthorized charges are made to your card as a result of shopping at Amazon.com. Read the details of this policy.

Plus, you'll be one of over 10 million customers who have safely shopped with us without credit card fraud. If you feel more comfortable, you can enter only your card's last 5 digits and its expiration date. Once you have fully submitted your order, you can call in the rest of your card number.

2. No obligation. Bookmatcher and our Personal Notification Services--Amazon.com Delivers, Eyes, and Oprah--are provided free of charge, and you are under no obligation to buy anything.

3. Unsubscribing. You can unsubscribe or change your subscription to any of our Personal Notification Services at any time. Simply visit your Amazon.com Subscriptions page to modify your subscriptions online.

4. Amazon.com Updates. As a customer, subscriber, or contest entrant, you will occasionally receive e-mail updates about important functionality changes to the website, new Amazon.com services and special offers we think you'll find valuable. But if you'd rather not receive them, please visit your Amazon.com Subscriptions page to change your preferences.

5. Privacy. We are committed to protecting your privacy. We use the information we collect about you to process orders and to provide a more personalized shopping experience. We may also use it to tell you about changes in our services or about special offers we think you'll find valuable. We do not sell, trade or rent your personal information to others. We may choose to do so in the future with trustworthy third parties, but you can tell us not to. Simply send a blank e-mail message to never@amazon.com. For more details, please read the Amazon.com Privacy Policy.