Mitchell Hamline
Law Journal Of
Public Policy and Practice

The Price of Prime—Consumer Privacy in the Age of Amazon

By
Ariana Aboulafia, Greg Fritzius, Tessa Mears, and Macy Nix
42 Mitchell Hamline L.J. of Pub. Pol’y and Prac. 138 (2021)
Download a full-text PDF of this article from
Mitchell Hamline Open Access

It is difficult to imagine a world without Amazon. The behemoth tech corporation—which began as a humble attempt by entrepreneur Jeffery Bezos to sell books on the Internet—had a market cap of $1.6 trillion as of November 2020, and its net income rose almost 200% for the third quarter of 2020, compared to the same three-month period in 2019. And, far from its bookstore origins, Amazon currently sells nearly anything that one could ask for via its online website, which hosts around 300 million active accounts as of 2017. Amazon Prime, which offers users free two-day shipping (among other perks) for a fee has over 150 million subscribers worldwide as of 2019. And, as if that weren’t enough, Amazon owns dozens of subsidiaries that span across several industries. Amazon also produces consumer electronics including Kindle e-readers, Fire tablets, Fire TV sticks, and Amazon Echo devices (which are enabled with Alexa, a personal virtual assistant).

Taking all of this into account, it is clear that from the food that one eats, to the films that one watches, the books that one reads, to the incidentals that one purchases, Amazon touches—or, at the very least, has the potential to touch—nearly every aspect of a consumer’s life. As such, assuming one cares about consumer privacy, Amazon’s privacy policies (which apply to users of all of Amazon’s subsidiaries as well) become relevant. And, while many provisions of Amazon’s privacy policies are worrisome, it may be particularly concerning both for Amazon consumers and for anyone else who cares about consumer privacy that Amazon does not notify users about government data requests, or promise not to “sell out” users (to governments or law enforcement, for surveillance purposes). On the contrary, in fact, Amazon’s privacy policies state that “[w]e release account and other personal information when we believe release is appropriate to comply with the law; enforce or apply our Conditions of Use and other agreements; or protect the rights, property, or safety of Amazon, our users, or others.” Indeed, it was these factors (along with others) that caused an international digital rights group, the Electronic Frontier Foundation, to award Amazon a paltry two out of five stars in their 2017 rating of tech companies’ commitment to protecting consumer privacy. In comparison, that same year other tech giants—including Adobe, Dropbox, Lyft, Pinterest, Uber, and WordPress—received five out of five stars.

Clearly, Amazon could stand to improve its polices on consumer privacy. However, there are three Amazon products, partnerships and services—Alexa, Ring, and Rekognition—that are particularly concerning from the standpoint of not only protecting the privacy of consumers, but also of those who choose not to use these products and yet have their privacy rights implicated regardless. Part II of this paper will discuss these services and why their privacy implications are especially alarming. It will then propose and discuss four solutions in Part III: a new statute called the PRIME Act, a social solution consisting of increased shareholder pressure, a technological solution comprised of terms of use questionnaires, and an antitrust solution. These solutions can mitigate some of the more detrimental impacts of Amazon’s consumer privacy policies as they currently stand. The final section will outline potential responses and objections to these proposed solutions and reforms, and will conclude by arguing that it is possible to allow Amazon to continue its economic growth and technological innovation while still regulating its practices, particularly those that affect consumer privacy.