According to the FTC, Amazon turned a blind eye to parents’ data deletion requests and ‘sacrificed privacy for profits’.
Amazon agreed to pay $25m in US fines yesterday (31 May) for allegedly storing recordings of children’s voices on Alexa despite requests from parents to delete them.
The Federal Trade Commission (FTC) and Department of Justice said Amazon’s practices violated the Children’s Online Privacy Protection Act Rule (COPPA) and “deceived parents and users of the Alexa voice assistant service about its data deletion practices”.
“Amazon’s history of misleading parents, keeping children’s recordings indefinitely and flouting parents’ deletion requests violated COPPA and sacrificed privacy for profits,” said Samuel Levine, director of the FTC’s bureau of consumer protection. “COPPA does not allow companies to keep children’s data forever for any reason, and certainly not to train their algorithms.”
Over and above the fine, the authorities have asked Amazon to overhaul its deletion practices and implement stringent privacy safeguards to settle charges.
The FTC argued that Amazon held on to sensitive voice and geolocation data “for years”, putting it at risk of harm from “unnecessary access”, after “prominently and repeatedly” assuring its users, including parents, that voice recordings collected by Alexa could be deleted.
While Amazon agreed to reach a settlement, the company issued a statement disagreeing with the FTC’s claims and denying violating the law.
“We work hard to protect children’s privacy and we have built robust privacy protections into our children’s products and services. We designed Amazon Kids to comply with COPPA and applied rigorous standards when we expanded Amazon Kids to include Alexa,” the company said in a statement. “We understand the importance of deletion features, which is why we provide deletion controls and continuously audit and improve them.”
Separately, the FTC ordered Amazon’s home security company Ring to pay $5.8m because its employees allegedly surveilled customers illegally.
According to the charge, Ring was accused of “compromising its customers’ privacy by allowing any employee or contractor to access consumers’ private videos” and “failing to implement basic privacy and security protections” to prevent the exposure of customer data to hackers.
“Ring’s disregard for privacy and security exposed consumers to spying and harassment,” Levine said. “The FTC’s order makes clear that putting profit over privacy doesn’t pay.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.