Class Action Alleges Amazon Fraudulently Collects, Shares Users’ Personal Information

March 9, 2011 by

A class-action lawsuit filed March 2, 2011, alleges Amazon.com fraudulently circumvents users’ Web-browser privacy settings to collect personal information without permission and share it with other companies. The suit says Amazon tricks Microsoft’s Internet Explorer into thinking the e-retail site is “more privacy-protective than it actually is,” and uses a clever work-around to collect users’ personal information even if they have set their browser to block it. The plaintiffs allege Amazon knowingly and fraudulently set up its website to spoof IE, and purposefully misleads customers in its privacy policy published online.

Since the release of Internet Explorer 6 in 2001, most websites have been using machine-readable codes that tell a browser their privacy policies — such as whether a website sends cookies and with whom the website shares personal information gained from those cookies. Most websites use several standard “compact policy” codes such as “NID” (no identified user information collected), but Amazon uses the code “AMZN” — which the lawsuit says is “gibberish.”

That code tricks IE into thinking Amazon’s privacy policy falls in line with a user’s settings, even if they are set to the strictest level, the lawsuit alleges. Even if IE blocks Amazon from sending and accessing cookies, as a work-around Amazon also uses what are informally known as “Flash cookies” — files that transmit data via Adobe Flash Player, which is on most people’s computers, instead of Internet Explorer.

Browser cookies are small files that are often left on a user’s computer when they visit a website. Amazon.com, for example, accesses those cookies to look at the user’s browsing history there, and can glean what types of products the user has browsed or purchased.

Most of the time, cookies must be enabled for someone to sign in to Amazon, add items to their shopping carts and check out. Many websites can’t function fully if a user turns off cookies in their browser privacy settings.

But turning off cookies is more secure, keeping websites from accessing a user’s personal information. The major Web browsers — Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari — all have features that allow the user to identify specific websites as “trusted,” allowing only those approved sites to send and access cookies.

Most likely, people would consider Amazon a trustworthy website. But the plaintiffs in Wednesday’s case, filed in U.S. District Court in Seattle, want to call that into question.

One of the plaintiffs, Ariana Del Vecchio, said that after she started using Amazon in 2008 to buy pet-care products, she began receiving snail-mail advertisements from companies with which she’d never done business. Amazon, the lawsuit suggests, only could have done that by sharing her personal information with other companies, even though her computer was set up to restrict Amazon’s access to her data.

The other plaintiff, Nicole Del Vecchio, stated she found Flash cookies on her computer that Amazon had used in circumventing her strict IE privacy settings. IE was supposed to keep Amazon from sending cookies to her computer, and did, but Amazon got around it by using Flash cookies, the lawsuit says.

The class includes anyone who has used Internet Explorer versions 6, 7 or 8 — with high privacy settings — to visit Amazon.com and purchase products there. The plaintiffs are asking for a jury trial, injunctive relief and monetary damages, which could be spread among millions of consumers.

Steve Larson
An experienced trial lawyer who handles both hourly and contingent fee cases, Steve has expertise in class actions, consumer cases, antitrust litigation, securities litigation, corporate disputes, intellectual property disputes, unfair competition claims, employment matters, and disputes involving family wealth. Steve regularly represents individuals and businesses in federal and state court and has obtained class-wide recovery in multiple class actions. A veteran practitioner, Steve's clients value his creative approach to resolving complex litigation matters.

Legal Disclaimer

The information contained in this blog does not constitute legal advice, and does not create an attorney-client relationship. We make no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained in or linked to this blog.