THE NEXT TIME YOU shop at, you might want to treat your e-mail address with as much care as your credit-card number. This is


Online consumer beware: 'Trusted' retail partners don't honor Amazon's privacy policy—or your marketing preferences.

THE NEXT TIME YOU shop at, you might want to treat your e-mail address with as much care as your credit-card number. This is the first holiday season since Seattle-based Amazon revised its two-year-old (and much-maligned) privacy policy. At the same time, the online retailer has entered into a number of new merchant partnerships. It's a combination that could come back to haunt consumers.

A case in point: Amazon's new Apparel and Accessories Store, launched with great fanfare last month and featuring merchandise from companies such as Lands' End, Guess?, and Gap. Like many others, I was enticed—as a longtime Amazon addict—to try it because of a $30 coupon promotion.

I clicked on the apparel store tab, put a couple of pairs of pants from Old Navy and a fleece from Nordstrom into my Amazon shopping cart, then checked out with my Amazon customer ID and password. As anticipated, the merchandise arrived in a few days. But an unexpected addition showed up two weeks later: a pitch from Old Navy titled "Free Shipping. Plus, Item of the Week."

It was a promotional e-mail, sent to the address I use for Amazon ordering. Mystified, I turned to spam-hunting tools to discover the e-mail had indeed been sent on behalf of Old Navy by direct marketing firm Digital Impact. I had never purchased directly from Old Navy's Web site or knowingly signed up for e-mails from Old Navy, and my Amazon "Customer Communication Preferences" were set to refuse marketing e-mails.

A CAREFUL READING of Amazon's updated privacy policy, which Amazon says it reworded for clarity in October, provided the answer: Old Navy fell into the category Amazon calls "Affiliated Businesses We Do Not Control" and "we share customer information related to those transactions with that third party."

Even though I'd started on Amazon, visited a main Amazon store tab, placed the order and paid through Amazon, the order was filled, in part, by Old Navy—abruptly trumping my Amazon customer preferences. Old Navy could now market to me to its heart's content, limited only by Old Navy's policies.

This might be a largely isolated tale of privacy policy woe if it weren't for the simultaneous boom in the number of "affiliated businesses" (a.k.a. "Trusted Partners") Amazon does not control, but to which it steers customers.

In addition to the 10 or so apparel store featured partners, Amazon has aggressively pursued other merchants to sell their wares within Amazon's site or whose Web stores are run with Amazon's e-commerce engine. This diverse group includes Target, Toys "R" Us, Borders, Office Depot, AT&T Wireless, CarsDirect,, Virgin Megastores, Circuit City, Marshall Field, and, as of this month, CDnow. It's a list so long and growing so fast that even Amazon's "Co-branded and Joint Offerings" privacy policy disclosure page doesn't list them all.

Patty Smith, Amazon director of corporate communications, points out that Amazon posts the privacy policies of most affiliated merchants. Had I discovered the "Old Navy & Your Privacy" link on the lower right of Amazon's Old Navy merchandise page, for example, it would have taken me to a policy that clearly states that Old Navy automatically adds me to its promotional e-mail list when I buy anything it fulfills.

But the issue is: Whose customer are you? If a single order placed on includes Old Navy and Nordstrom merchandise, the onus is on the consumer to find, read, and reconcile three privacy policies before knowing what will happen to his or her e-mail address and other personal information. When you shop at, which has a non-Amazon look but is "powered by," are you a Target customer, an Amazon customer, or both? The privacy policy combinations—and potential conflicts—are mind-boggling, because there are nearly 40 distinct Amazon stores and dozens of merchant partners so far.

MY AMAZON PREFERENCE to receive no marketing e-mails was not honored by Old Navy, nor was Old Navy likely even aware of it. But at a time when spam is rampant and decreasingly tolerated, Amazon's leaky privacy policy seems to be exactly the kind of thing that would erode customer trust rather than build it.

Before placing their next order, consumers might consider with whom they're really doing business and what e-mail address they're using. The increase in the number of Amazon's merchant partners might lead to more-convenient shopping—and a commensurate boom in registration for disposable Hotmail and Yahoo! Mail addresses to be used strictly for purchases.

Frank Catalano is a tech-industry analyst, consultant, and author. He can be reached via

comments powered by Disqus

Friends to Follow