Amazon fined $25 million for violating child privacy and Ring is facing charges, too

Amazon fined $25 million for violating child privacy and Ring is facing charges, too
Written by Techbot
Echo Dot with children's drawings
Maria Diaz/ZDNET

The Federal Trade Commission (FTC) and the Department of Justice (DOJ) are accusing Amazon of violating the Children’s Online Privacy Protection Act Rule (COPPA Rule) by misleading parents and users of Alexa about its data deletion practices, keeping children’s recordings indefinitely, and using sensitive voice and geolocation data for its own purposes.

With this order, the FTC fined Amazon $25 million, and the company will have to overhaul its deletion practices and introduce strict privacy safeguards for Alexa, its AI-powered voice assistant.

Also: ChatGPT and the new AI are wreaking havoc on cybersecurity

“Amazon’s history of misleading parents, keeping children’s recordings indefinitely, and flouting parents’ deletion requests violated COPPA and sacrificed privacy for profits,” according to Samuel Levine, director of the FTC’s Bureau of Consumer Protection. 

The COPPA Rule mandates that companies should allow parents to delete their children’s data and should not retain children’s data indefinitely, particularly not to train their algorithms. 

For parents, this means that Amazon assured users that they could delete voice recordings and geolocation information collected by Alexa through the Alexa app, but the FTC claims this wasn’t the case. The order explains Amazon didn’t follow through with the data deletion, didn’t provide parents with meaningful notice of this failure, and failed to put in place a system to handle the data deletion process.

Also: AI may compromise our personal information if companies aren’t held responsible

In a statement to ZDNET, Amazon proclaims its commitment to its customers’ privacy and to providing them with control over their experiences with their products and services, but disagrees with the FTC’s claims regarding both Alexa and Ring and vehemently deny breaking the law. The company says settling these cases puts the matter in the rearview mirror.

Amazon, which has agreed to pay the $25 million civil penalty to settle the case, claimed it kept children’s voice recordings to improve Alexa’s speech recognition and processing abilities, considering that kids’ speech patterns are different from adults.

Alexa users can access and delete voice recordings in the mobile app, as anything they or their children say to the voice assistant through an Echo device or other smart speaker with built-in Alexa is recorded. 

Review: Amazon Echo Pop: A portable smart speaker for small spaces

“COPPA does not allow companies to keep children’s data forever for any reason, and certainly not to train their algorithms,” Levine added. He also argued that this retention sacrificed children’s privacy for Amazon’s profit. 

As far as the demands in the order, Amazon will have to delete inactive child accounts, certain voice recordings, and geolocation information. The company must also stop using such data for its algorithms.

“We built Alexa with strong privacy protections and customer controls, designed Amazon Kids to comply with COPPA, and collaborated with the FTC before expanding Amazon Kids to include Alexa”, the statement from Amazon read. “As part of the settlement, we agreed to make a small modification to our already strong practices, and will remove child profiles that have been inactive for more than 18 months unless a parent or guardian chooses to keep them”.

Ring doorbell charged for illegally surveilling customers

Ring, a home security company owned by Amazon, is also facing charges by the FTC for compromising user privacy. According to a separate order, Ring failed to provide basic privacy and security protections by allowing its employees and contractors illegal access to private videos of its customers.

This resulted in instances of people hacking into customer accounts, accessing their videos, and taking control of their cameras. The FTC explained that these bad actors not only watched camera feeds but also hacked into the device’s two-way talk feature, with documented instances of taunting children with racist slurs, sexually harassing individuals, and threatening family members with physical harm if they failed to pay a ransom.

Also: This Ring camera hack helps me keep a close eye on my most dangerous tech

The FTC asserts that Ring was aware of this but failed to take action to put a stop to it. The order prohibits Ring from profiting from unlawfully accessing customer videos and orders the company to pay $5.8 million intended for customer refunds, as well as to delete any customer videos and facial data collected prior to January 2018.

In its response statement, Amazon says Ring already addressed these issues years ago, before the FTC inquiry. “Our focus has been and remains on delivering products and features our customers love, while upholding our commitment to protect their privacy and security”.

No information on how the customer refunds would be distributed is available at this time. 


Original Article:

About the author