Several readers have pointed me to BuyMusic's privacy policy as a particularly egregious one. "If you think Ticketmaster's privacy policy is bad, take a look at BuyMusic.com," wrote a reader. "According to the privacy policy, BuyMusic.com can use your personal information anyway they feel like ... (which includes) using Digital Rights Management (DRM) in 'creative' ways. Very scary."

Indeed, it is scary. The most alarming term, underlined for emphasis, states that: "Except as limited below, we reserve the right to use or disclose your personally identifiable information for business reasons in whatever manner desired." I searched the rest of the document in vain for any significant "limited below" constraints BuyMusic was putting on itself. Instead, the document just re-emphasized again and again that the company can do as it pleases.

As a pay-per-tune download service like Apple's iTunes, BuyMusic can collect quite a bit of information about you, including credit card number number, phone number, email address, music preferences, and download history. It can collect that information "on behalf of other merchants and share it with them." It can disclose, sell, trade, or rent your information without your consent. It can even sell its "End User information database" to another party while continuing to use the database in its operations.

The no-holes-barred nature of BuyMusic's privacy policy is bad enough, but its talk about using DRM creatively makes it absolutely creepy. Now, even an anti-DRM fanatic like me can understand that a paid music service is going to have to employ some form of copy protection in order to sign up record companies. But what kind of personal information might BuyMusic's DRM agents collect and how might the company use it? The one example the privacy policy gives is that copying limitations "might be extended in exchange for your agreement to allow use of your Personally Identifiable Information in creative ways (e.g. download a sponsor's screensaver to your cell phone)." In other words, to cut additional copies of a tune you already paid to download, you might have to let them spam your cell phone. I guess that's creative, but I could think of a few other words that might describe it better.

So BuyMusic's privacy policy is about as bad as they come, but does that mean the company will actually abuse its customers' information? I don't know, but there is one more point I should bring up about the privacy policy to help you decide if you can trust this organization. One of its more innocuous-seeming terms is that all your information "will be shared with Buy Network Inc. and its affiliate companies." And who might those affiliates be? It's not clear, but one company that's out of the same stable is Fax.com.

My old readers know that Fax.com is the king of junk faxes. And you certainly don't have to take my word for it, as a little Googling will show the innumerable FCC findings, lawsuits, legislative activity, etc. aimed at stopping Fax.com's practices. "Fax.com, with high-level technology and low-level respect for the law, runs a 24-hour privacy invasion operation that continually spews unsolicited faxes and prerecorded phone calls," said California Attorney General Bill Lockyer just last month in filing a consumer protection lawsuit against the company.

Not surprisingly, Fax.com seems to be trying to operate under other names now, but up until last year, it was still quite publicly acknowledged as one of the properties financed by holding company ThinkTank. ThinkTank, owned by Scott Blum, founder of Buy.com and Pinnacle Micro, gave birth to a number of start-ups in the late 1990s, with Fax.com being one of the few survivors. BuyMusic.com is the latest start-up in the Blum/ThinkTank portfolio.

So is Fax.com one of the affiliates with which BuyMusic.com will share information about its customers? BuyMusic.com did not respond to my request to discuss their privacy policy by press time, so we don't know. Since ThinkTank has recently stopped bragging on Fax.com as one of its progeny, perhaps the junk fax house will not get to share BuyMusic's customer information. But given the privacy policies of the fledgling BuyMusic.com, and the privacy practices of companies with similar origins, do you want to take the chance?

--------------------

Post your comments about this column below or write me directly at Foster@gripe2ed.com. To receive this column every week in my free e-mail newsletter, please go to my subscription page and follow the instructions to opt-in for the EdFoster mailing list.