Who's Tracking Your Reading Habits? An E-Book Buyer's Guide to Privacy, 2012 Edition
By: Cindy Cohn and Parker Higgins
Reprinted Courtesy of: Electronic Frontier Foundation
The holiday shopping season is upon us, and once again e-book readers promise to be a very popular gift. Last year's holiday season saw ownership of a dedicated e-reader device spike to nearly 1 in 5 Americans, and that number is poised to go even higher. But if you're in the market for an e-reader this year, or for e-books to read on one that you already own, you might want to know who's keeping an eye on your searching, shopping, and reading habits.
Unfortunately, unpacking the tracking and data-sharing practices of different e-reader platforms is far from simple. It can require reading through stacked license agreements and privacy policies for devices, software platforms, and e-book stores. That in turn can mean reading thousands of words of legalese before you read the first line of a new book.
As we've done since 2009, again we've taken some of the most popular e-book platforms and combed through their privacy policies for answers to common privacy questions that users deserve to know. In many cases, these answers were frustratingly vague and long-winded. In nearly all cases, reading e-books means giving up more privacy than browsing through a physical bookstore or library, or reading a paper book in your own home. Here, we've examined the policies of Google Books, Amazon Kindle, Barnes & Noble Nook, Kobo, Sony,Overdrive, Indiebound, Internet Archive, and Adobe Content Server for answers to the following questions:
- Can they keep track of searches for books?
- Can they monitor what you're reading and how you're reading it after purchase and link that information back to you? Can they do that when the e-book is obtained elsewhere?
- What compatibility does the device have with books not purchased from an associated eBook store?
- Do they keep a record of book purchases? Can they track book purchases or acquisitions made from other sources?
- With whom can they share the information collected in non-aggregated form?
- Do they have mechanisms for customers to access, correct, or delete the information?
- Can they share information outside the company without the customer's consent?