• Press Release

Tech Bytes – Tid Bits in Tech News: Not that Toysmart a Decision

  • By: FW Staff
  • 07/26/2000

Last Friday, the Federal Trade Commission (FTC) resolved the controversial Toysmart.com bankruptcy case. After ceasing operations on May 22, 2000, Toysmart.com contracted with a Boston-based management-consulting firm, The Recovery Group, to solicit bids for its assets. Among the assets was a customer list, which contained names, e-mail addresses, and payment information.

From September 1999 to May 22, 2000, Toysmart.com was a member of TRUSTe, an organization that certifies the privacy polices of member Web sites with a TRUSTe seal. As part of the seal, the Toysmart.com privacy policy read as follows:

(1)Personal information voluntarily submitted by visitors to our site, such as name, address, billing information and shopping preferences, is never shared with a third party. All information obtained by toysmart.com is used only to personalize your experience online. (2)When you register with Toysmart.com, you can rest assured that your information will never be shared with a third party.

“If we really believe that consumers attach great value to the privacy of their personal information and that consumers should be able to limit access to such information through private agreements with businesses, we should compel businesses to honor the promises they make to consumers to gain access to this information.”

Implicit to the privacy policy, according to a FTC Complaint for Permanent Injunction and Other Equitable Relief, was that the information collected would never be “disclosed, sold, or offered for sale.” The FTC’s Complaint also noted that Toysmart.com violated the Children’s Online Privacy Protection Act (COPPA) because the list contained the names, ages, and e-mail addresses of children under 13 with no evidence of parental consent. The bids for Toysmart.com’s assets concluded on June 19, 2000. Toysmart.com agreed to postpone the sale until the FTC was able to rule on the matter.

In a 3-2 decision, the FTC allowed Toysmart.com to sell its customer list on a conditional basis. The list could not be sold as a stand-alone asset, must be purged of all information in violation of COPPA, and must be purchased by a “qualified buyer” who would be required to follow Toysmart.com’s privacy policy. The FTC majority defined a “qualified buyer” as a business in the “family commerce market.”

In dissent, Commissioner Orson Swindle argued: “If we really believe that consumers attach great value to the privacy of their personal information and that consumers should be able to limit access to such information through private agreements with businesses, we should compel businesses to honor the promises they make to consumers to gain access to this information.”

While it is undeniable that Toysmart.com’s customer list was its most valuable asset, Commissioner Swindle’s argument is difficult to dispute. Burdensome regulation is an inevitable outcome if the primacy of private contracts is not honored.

Government has historically been the worst violator of citizens’ privacy. This decision underscores the need for private-sector solutions to the problem. If government is unwilling to enforce contracts that protect privacy, there is little hope that further government meddling will do any good. Only technological solutions can empower consumers to decide what information to share and with whom to share it.

WATCH NOW