Amazon: Require Privacy Policies for Internet-Connected Devices

By Ashley Boyd, VP Advocacy at Mozilla | May 13, 2019 | Advocacy

Internet-connected devices

Alarmingly, countless products connected to the internet are sold without any information about how they handle and use personal data. The problem is so significant that Mozilla was unable to fully evaluate numerous products in *Privacy Not Included, a shopping guide that ranks popular devices’ privacy and security features, because there simply was not enough publicly available information about them.

Amazon.com is one of the biggest retailers of connected devices, but right now it doesn’t require that connected devices sold on its site have even a basic privacy policy in place. That’s why we are urging Amazon to take an important step for consumer privacy: Mandate that all third-party internet-connected products for sale on its platform have a privacy policy.

From thermostats and doorbells to oil diffusers and watches, more and more internet-connected devices are now on the market and many of these connected products are manufactured and sold by questionable companies, often without even a website to back them up. It’s alarming to see Amazon allow these products on its platform when the manufacturers haven’t even taken basic steps for user privacy.

The result? More insecure products in homes, and more consumers vulnerable to fraud and snooping.

A privacy policy isn’t a silver bullet. When they do exist, they can still be convoluted, or outline poor privacy practices. Still they are an indicator that companies have put some thought into their approach to privacy. A mandate from Amazon would force manufacturers to give privacy more thought, and could cull the worst offenders from Amazon’s digital shelves. The mandate could also help address products with opaque supply chains — that is, insecure devices that are manufactured, bought and rebranded by another entity, and then sold to consumers.

Consumer privacy is paramount to Mozilla. This ask is the next step in our work to make the consumer IoT ecosystem more private and secure. Last year, we debuted our five minimum security guidelines for IoT – standards that were used to research the *Privacy Not Included guide. Now, we’re urging one of the world’s largest retailers to enforce one of those guidelines: mandatory privacy policies.

We urge Amazon to take this important step toward protecting consumers’ privacy. When a company the size of Amazon speaks, manufacturers listen. That’s why we’ve pressured Amazon to do better in the past, and why we cheer when our allies do the same.


Related content