Amazon Fined $30 Million for Ring and Alexa Privacy Violations
Amazon has agreed to pay a combined $30.8 million to settle privacy allegations brought forth by the Federal Trade Commission (FTC). The lawsuit revolved around privacy lapses related to Amazon's Ring doorbell units and its Alexa assistant. Of the total settlement amount, $5.8 million will be paid on behalf of Amazon’s subsidiary company, Ring.
The FTC accused Ring of failing to implement adequate security measures to prevent unauthorized access to user accounts and devices, following allegations in the lawsuit that Ring provided "every employee — as well as hundreds of Ukraine-based third-party contractors — full access to every customer video, regardless of whether the employee or contractor actually needed that access to perform his or her job function."
The FTC further stated that Ring staff and contractors "could also readily download any customer's videos and then view, share, or disclose those videos at will."
Samuel Levine, director of the FTC's Bureau of Consumer Protection, expressed his concerns: "Ring's disregard for privacy and security exposed consumers to spying and harassment. The FTC's order makes clear that putting profit over privacy doesn't pay."
In a separate but related lawsuit, Amazon's Alexa was accused of violating the FTC Act and the Children's Online Privacy Protection Act (COPPA) by unlawfully retaining the information of thousands of children through Alexa profiles. As part of the settlement, Amazon has agreed to pay $25 million.
To address the privacy concerns raised by the lawsuits, a proposed order requires Ring to delete any unlawfully accessed data and implement a robust privacy and security program, with “novel safeguards on human review of videos as well as other stringent security controls, such as multi-factor authentication for both employee and customer accounts”.
Similarly, Amazon's Alexa will be obligated to delete inactive child accounts and associated voice recordings and geolocation information, along with a general overhaul of its data deletion practices and the addition of stricter and more transparent user privacy measures. It is worth noting that the settlements are subject to court approval before they can go into effect.
Amazon responded to the settlements through a blog post on both its website and Ring's website, stating its disagreement with the FTC's claims and denying any violation of the law. The company emphasized, “We have a longstanding commitment to preserve the trust of our customers and their families”.
In similar news, Meta has recently been hit with a staggering $1.3 billion fine for GDPR violations, adding to growing concerns over how big tech companies handle user data.