FTC Slaps Amazon with Massive Fines for Privacy Violations
Oops, Amazon Did It Again: Privacy Violations and FTC Fines Galore!
Amazon has been ordered to pay a hefty sum of over 30 million dollars in fines and consumer refunds for multiple privacy violations, as announced by the Federal Trade Commission (FTC). The penalties are a result of two separate cases: a $25 million penalty for allegedly retaining children's data and a $5.8 million penalty for failing to adequately restrict access to Ring security videos by employees and contractors.
Case 1: Children’s Data
In the case of children's data, Amazon was accused of infringing upon privacy laws by preventing parents from deleting voice and geolocation data collected through the Alexa voice assistant. The FTC alleged that Amazon stored and utilized this data for several years to enhance the Alexa algorithm's understanding of children's speech patterns and accents. However, by doing so, the data was left vulnerable to unauthorized access, posing a risk to children's privacy. The FTC emphasized that the Children's Online Privacy Protection Act Rule prohibits companies from retaining children's data indefinitely or using it to train algorithms. Samuel Levine, director of the FTC's Bureau of Consumer Protection, expressed concern over Amazon's actions, stating that companies should not exploit machine learning as an excuse to violate the law. Amazon, in response, disagreed with the FTC's claims, asserting their commitment to customer privacy and strong privacy protections for children's products and services.
Case 2: Ring’s Internal Problems
In the second case involving Ring, a home security company acquired by Amazon, the FTC imposed a $5.8 million penalty. Ring has long been under scrutiny for its privacy practices, including the controversial sharing of doorbell footage with law enforcement agencies. The settlement addressed Ring's failure to sufficiently restrict employee and contractor access to customers' videos and the improper use of these videos to train its algorithms without obtaining consent. The FTC's complaint detailed instances where an employee had accessed thousands of video recordings, particularly targeting intimate spaces such as bathrooms and bedrooms. Shockingly, this misconduct went unnoticed until another employee discovered it. Ring was also accused of not implementing proper measures to monitor and detect unauthorized video access, leaving them unaware of how many employees had inappropriately viewed private videos. Ring, similar to Amazon, disputed the FTC's claims, asserting that the identified issues had been promptly addressed prior to the inquiry.
As part of the proposed settlement agreements, Amazon is required to issue consumer refunds, delete certain data, and implement enhanced security measures. For the case related to children's data, Amazon must delete inactive child accounts, specific voice recordings, geolocation information, and inactive Alexa accounts belonging to children. Additionally, the settlement prohibits Amazon from misrepresenting how it handles voice recordings, precise location data, and children's data. In the case of Ring, the settlement mandates a payment of $5.8 million in consumer refunds, the implementation of stringent security measures, and the deletion of any algorithms or data derived from the illicit viewing of consumers' videos. Both settlements are subject to court approval.
— These cases reflect the growing scrutiny and regulatory efforts aimed at ensuring the protection of privacy, especially for younger users, by prominent technology platforms. It follows similar actions taken by the FTC against companies like Epic Games and Google, which faced penalties for privacy violations involving children.