Amazon plans to pay the Federal Trade Commission (FTC) nearly $31 million to settle allegations involving Alexa and its Ring home security business.
The larger of the two civil fines ($25 million) was charged with Amazon violating the US Children’s Online Privacy Protection Act (COPPA rule) and misleading Alexa customers about smart voice assistant data deletion practices. will come to a settlement.
Read more on Amazon Ring: New Lawsuit Targets Ring After Smart Doorbell Hijack
According to a complaint filed by the Department of Justice (DoJ) on behalf of the FTC, Amazon “clearly and repeatedly” assured users, including parents, that Alexa voice recordings and geolocation information could be deleted. But the complaint alleges that Amazon actually stored some of this information for years and illegally used it to improve Alexa’s algorithms.
FTC Consumer Protection Director Samuel Levin said: “Amazon’s history of misleading parents, storing children’s recordings indefinitely, and ignoring parents’ take down requests violates COPPA and sacrifices privacy for profit. I made it,” he said. “COPPA does not allow companies to permanently store children’s data for any reason, nor does COPPA allow them to train algorithms.”
Separately, Amazon’s Ring business, which it acquired in 2018, will pay $5.8 million to settle complaints that it violated consumer privacy and failed to implement security best practices. This money will be used to refund the consumer.
The FTC complaint alleges that the company did not restrict employees and contractors’ access to customer videos and misled customers by using customer videos to train algorithms without their consent. One employee is said to have viewed thousands of video recordings taken by female ring camera users inside “intimate spaces” of her home, such as bathrooms.
The complaint also alleges that Ring was slow to improve the security of its customer accounts to mitigate the threat of brute force attacks, despite multiple credential stuffing attacks on its users in 2017 and 2018. claim.
It argued that “sloppy implementation” of security measures since 2019 hindered their effectiveness. Malicious attackers accessed stored videos, live video streams, accounts and profiles of approximately 55,000 customers in the United States and are believed to have attempted to blackmail and blackmail some of them.
In addition to the fine, Amazon will be required to delete inactive child accounts and some Alexa voice recordings and geolocations, and will also be prohibited from using this data to train its algorithms.
The ring features measures such as removing data, models and algorithms derived from illegally reviewed videos, safeguards against human review of videos, and multi-factor authentication for employee and customer accounts. A privacy and security program is required.
In a statement, Amazon said it disagrees with the FTC’s allegations against Ring and Alex and denies violating the law.
“We built Alexa with strong privacy protections and customer controls, designed Amazon Kids to be COPPA compliant, and worked with the FTC before extending Amazon Kids to include Alexa. As part of the settlement, we have agreed to slightly amend an already strong practice and remove profiles of children who have been inactive for 18 months or longer unless a parent or guardian chooses to keep them.” added.
“Ring quickly addressed the immediate issue on its own several years ago, long before the FTC began its investigation.”
Editorial image credit: Gary L Hider / Shutterstock.com
