RESOLVED,  that shareholders of Amazon Inc. (?Amazon?) urge the board of directors to oversee an independent Data Protection Impact Assessment [1] on the company?s healthcare service offerings that describes how the company is ensuring appropriate use of, and informed consent for collection of, patient data. The assessment should cover Amazon OneMedical and Amazon Pharmacy, be prepared at reasonable cost and omitting confidential and proprietary information and be made available on Amazon?s web site. WHEREAS : In light of publicly [2] discussed problems around the lack of transparency about how Amazon uses data, investors are concerned about the company?s plans for protecting a person?s most private data - their personal health information. Given the interconnectedness of the company?s businesses, we want to know that privacy and data sharing policies are appropriately described and enforced with respect to patient data. A troubling report from NPR implies Amazon is already misleading potential customers into sharing their personal medical information [3] . Americans don?t know how companies use their data. One study from Pew Research Center found that 67% say they understand little to nothing about what companies are doing with their personal data, and 73% believe they have little to no control over what companies do with that data [4] . While we expect that Amazon is complying with the Health Insurance Portability and Accountability Act (HIPAA) and other relevant laws, HIPAA only covers certain circumstances with specific and highly sensitive data, and there are privacy concerns that extend beyond its reach. As a regulation, HIPAA focuses on the provider, not the technology solution. This means that privacy risks not protected by HIPAA apply to Amazon, and it is important to know how the company is managing those by informing patients that their data may be used in ways they did not anticipate [5] . In fact, just last year the Federal Trade Commission (FTC) took enforcement action against GoodRx for sharing sensitive personal health information for years with advertising companies and platforms?contrary to its privacy promises?and failed to report these unauthorized disclosures [6] . Of course, Amazon would not need to sell this data in order to monetize it as they own many platforms that use customer data to make a profit, which makes this issue even more concerning. Additionally, last year Senator Josh Hawley wrote a letter to the FTC asking it to investigate the acquisition of OneMedical because of his concerns with Amazon having access to ?enormous tranches of patient data? [7] .  We believe that what gets disclosed gets managed. Amazon, a company with a long history of privacy [8] and data protection [9] controversies [10] , needs to demonstrate that investors and patients alike can trust it with sensitive data. An assessment that discloses information about how the company is ensuring patients are informed about what data is collected and how it will be used, would mitigate reputational, financial and legal risk from Amazon?s commercial healthcare offerings. [1] https://gdpr.eu/data-protection-impact-assessment-template/ [2] https://www.washingtonpost.com/technology/2022/07/22/amazon-one-medical-privacy/ [3] https://www.npr.org/2023/05/06/1174468793/amazons-affordable-healthcare-service-has-a-hidden-cost-your-privacy [4] https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/ [5] https://www.renalandurologynews.com/features/amazons-virtual-health-clinic-raises-patient-privacy-issues/ [6] https://www.ftc.gov/news-events/news/press-releases/2023/02/ftc-enforcement-action-bar-goodrx-sharing-consumers-sensitive-health-info-advertising [7] https://www.techtarget.com/healthtechsecurity/news/366594701/Amazons-Potential-Acquisition-of-One-Medical-Sparks-Health-Data-Privacy-Security-Concerns [8] https://abcnews.go.com/Technology/collection-voice-data-profit-raises-privacy-fears/story?id=96363792 [9] https://www.reuters.com/technology/look-intimate-details-amazon-knows-about-us-2021-11-19/ [10] https://www.globenewswire.com/news-release/2024/07/16/2913783/0/en/Study-reveals-smart-home-privacy-risks-with-Amazon-Alexa-the-most-hungry-for-user-data.html