Amazon to Pay $30.8 Million for Violating Children's Privacy and Spying on Customers

Amazon agreed to settle claims that it improperly retained children's voice recordings and allowed employees of its Ring video doorbell unit to surveil customers.

One Ring employee viewed thousands of video recordings of female users of security cameras that surveilled bedrooms and other intimate spaces in their homes. Ring also failed to implement standard security measures to protect consumers' information from two well-known hacking attacks.

Amazon agreed to pay $5.8 million to settle the Ring complaint. Separately, Amazon agreed to pay a $25 million penalty for keeping children's voice and geolocation data for years in violation of the federal Children's Online Privacy Protection Act, known as COPPA.

The FTC commissioners warned other companies against improperly retaining data as they race to keep up in the development of machine learning and artificial intelligence.

"Today's settlement sends a message to all those companies: Machine learning is no excuse to break the law," the commissioners said.

According to the children's privacy complaint, Amazon assured its users, including parents, that they could delete voice recordings and geolocation information collected through its Alexa voice assistant and app but the company failed to follow through on those promises and kept some of the information for years, using it to help improve its Alexa algorithm.

The settlement will require Amazon to delete inactive child accounts and certain voice recordings and geolocation information and will be prohibited from using such data to train its algorithms or improve its products. Both settlements will require approval by a federal judge.

Under the Ring settlement, the company will be required to delete data derived from videos it unlawfully reviewed. It also will be required to implement a new privacy and security program that includes multi-factor authentication for both employee and customer accounts.

Ring, acquired by Amazon in 2018, sells internet-connected home-security cameras and related services. The company has claimed that its products offer greater home security and provide its users with peace of mind. In the complaint, the FTC said Ring deceived its customers by failing to restrict employees' and contractors' access to its customers' videos. Improper access continued even after the company learned that an employee had gained access to video recordings belonging to female users, the complaint said. Ring also failed to implement standard security measures to protect consumers' information from two well-known types of hacking attacks, despite warnings from employees, outside security researchers and media reports.

• Amazon agreed to pay $30.8 million to settle claims that it improperly retained children's voice recordings and allowed employees of its Ring video doorbell unit to surveil customers.

• One Ring employee viewed thousands of video recordings of female users of security cameras that surveilled bedrooms and other intimate spaces in their homes.

• Ring also failed to implement standard security measures to protect consumers' information from two well-known hacking attacks.

Source: WSJ