July 15, 2019
Consumer and Brand Protection
Dear Mr. Mehta,
Earlier this year, Mozilla, Internet Society and Consumers International sent our minimum security guidelines for internet-connected devices. One of those standards related to privacy policies and called for products to have privacy policies that are “easily accessible, written in language that is easily understood and appropriate for the person using the device or service at the point of sale.”
Amazon is a market leader and making this change would have far reaching implications. A mandate from Amazon would force manufacturers to give privacy more thought, and could cull the worst offenders from Amazon’s digital shelves. The mandate could also help address products with opaque supply chains — that is, insecure devices that are manufactured, bought and rebranded by another entity, and then sold to consumers.
We note that in other areas of its business, Amazon already requires third-party providers to comply with terms that preclude violations of privacy. For example, in order to access apps offered through Amazon Web Services (AWS), customers must agree to the AWS Acceptable Use Policy, which prevents them from using the services for illegal or harmful use.
Consumer privacy is paramount — and violations of consumer privacy by third-party providers create considerable risk for Amazon, its shareholders and its users.That’s why Mozilla, Internet Society and Consumers International released the minimum security guidelines to make the IoT ecosystem more private and secure. The undersigned organizations believe these should be mandatory for all connected devices, which is why we’re now turning to you as one of the world’s largest retailers to enforce just one of those guidelines by requiring privacy policies for all connected devices sold on your platform.
Open MIC (Open Media and Information Companies Initiative)
Campaign for a Commercial-Free Childhood
Fight for the Future
Consumer Federation of America