Amazon has been ordered to pay a substantial fine of $30 million in response to allegations of privacy violations involving its Ring video doorbell and Alexa virtual assistant services. The fine comes from unlawful surveillance practices by Amazon’s subsidiary, Ring, and the company’s failure to prevent hackers from gaining control of users’ cameras.
Ring accused of unlawful surveillance and privacy breaches
The Federal Trade Commission (FTC) has accused Ring, the home security camera subsidiary of Amazon, of compromising the privacy of its customers. According to the complaint, Ring granted access to private videos to its employees and contractors without implementing adequate privacy and security measures. This oversight allowed hackers to breach user accounts and gain control over consumers’ cameras and videos.
The FTC’s complaint mentions a troubling incident where an Amazon employee accessed thousands of video recordings of female users in private spaces, such as bathrooms and bedrooms, over several months. Shockingly, this breach went unnoticed by the company’s security team until another employee discovered and reported it.
Furthermore, the complaint highlights Ring’s failure to implement essential safeguards, such as multifactor authentication (MFA), until 2019. Despite being aware of multiple credential-stuffing attacks targeting its customers in 2017 and 2018, the company did not take appropriate measures to protect user data. Even after the implementation of MFA, the inadequate execution compromised its effectiveness.
Amazon fined for violating children’s privacy laws
In a separate case, the FTC and the U.S. Department of Justice (DOJ) have charged Amazon with violating children’s privacy laws. The company failed to delete children’s voice recordings and geolocation information upon their parents’ requests. As a result, Amazon has been ordered to pay a fine of $25 million and delete the children’s data as requested by their parents.
The proposed order also prohibits Amazon from using children’s data to train its algorithms. It mandates deleting inactive child accounts, linked voice recordings, and geolocation data.
The complaint filed by the FTC states that Amazon continued to retain transcripts of children’s voice recordings, despite parents’ explicit requests for deletion. This act violated the Children’s Online Privacy Protection Act (COPPA). Additionally, the company failed to honor users’ requests to delete voice and geolocation information, instead opting to retain the data for its own use.
FTC’s actions to protect privacy rights after Alexa privacy violations
This isn’t the very first time the FTC has taken action to protect privacy rights and enforce compliance with regulations. In December 2022, the agency fined Epic Games, the creator of Fortnite, a staggering $245 million for violating children’s privacy laws and utilizing dark patterns to deceive users into making unintentional in-game purchases.
These recent fines against Amazon and other companies emphasize the FTC’s commitment to safeguarding user privacy and holding businesses accountable for their actions.
Update: Amazon’s response to the settlement
Following the article’s publication, an Amazon spokesperson issued a statement emphasizing the company’s commitment to customer privacy. While Amazon disagrees with the FTC’s claims regarding both Alexa and Ring, they deny any violation of the law. The spokesperson further stated that the settlements allow Amazon to put these matters behind them.
Amazon has implemented strong privacy protections, and customer controls in Alexa and designed Amazon Kids to comply with COPPA. The company also collaborated with the FTC before expanding Amazon Kids to include Alexa. Under the settlement, Amazon agreed to slightly modify its existing practices, which involves removing child profiles that have been inactive for more than 1.5 years unless parents or guardians choose to retain them.
Amazon asserts that Ring promptly addressed the issues several years before the FTC initiated its inquiry. The company maintains that its focus has always been on delivering products and features that customers love while upholding its commitment to protecting their privacy and security.
The Alexa privacy violations settlement highlights
Amazon’s settlement and statement reflect its intent to address the concerns raised and improve its practices moving forward. As the landscape of privacy regulations evolves, companies must stay vigilant and prioritize protecting user data, offering customers peace of mind when using smart home devices and virtual assistants.
