FTC fines Amazon $25M for violating children’s privacy with Alexa

4 min read


Join top executives in San Francisco on July 11-12 and learn how business leaders are getting ahead of the generative AI revolution. Learn More

Some mildly bad news for the Bezos money machine: Amazon is being slapped with a $25 million fine over its practices for handling children’s data through its Alexa voice-activated assistant and Echo devices. That sounds like a lot to those of us who aren’t mega conglomerates or their leadership, but it’s about two days worth of income for Amazon based on its recent sales performance.

The Federal Trade Commission (FTC) and the Department of Justice (DOJ) today announced they have jointly filed a complaint against Amazon, saying the company “prevented parents from exercising their deletion rights under the COPPA Rule, kept sensitive voice and geolocation data for years, and used it for its own purposes, while putting data at risk of harm from unnecessary access.”

“Today’s settlement on Amazon Alexa should set off alarms for parents across the country — and is a warning for every AI company sprinting to acquire more and more data.”

FTC Commissioner Alvaro M. Bedoya

The child privacy laws Amazon is accused of breaking

COPPA, the Children’s Online Privacy Protection Act, refers to a 1998 law passed by the U.S. Congress that states that “operators of commercial websites and online services (including mobile apps and IoT devices, such as smart toys)” that reach children under age 13 must post clear privacy policies, provide direct notice to parents and allow parents to delete the information and prevent further collection.

“Amazon’s behavior in retaining children’s voice recordings indefinitely and ignoring parents’ requests for deletion contravenes COPPA and prioritizes profit over privacy,” argued Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “COPPA unequivocally prohibits companies from indefinitely storing children’s data without just cause, especially not for algorithm training purposes.”


Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.


Register Now

In a response emailed to VentureBeat, an Amazon spokesperson wrote: “We built Alexa with strong privacy protections and customer controls, designed Amazon Kids to comply with COPPA, and collaborated with the FTC before expanding Amazon Kids to include Alexa. As part of the settlement, we agreed to make a small modification to our already strong practices, and will remove child profiles that have been inactive for more than 18 months unless a parent or guardian chooses to keep them.”

A warning to the AI industry

One of the FTC Commissioners, Alvaro M. Bedoya, also took the opportunity to tweet out a direct cautionary note to the fast-growing AI industry and any companies using machine learning: “Today’s settlement on Amazon Alexa should set off alarms for parents across the country — and is a warning for every AI company sprinting to acquire more and more data.”

In response to these charges, a proposed federal court order has been issued, pending approval, mandating that Amazon delete inactive child accounts, certain voice recordings, and geolocation data, and prohibit the company from using such data to train its algorithms.

Where Amazon went wrong

Despite Amazon’s repeated assurances to users about the ability to delete voice and geolocation data collected by its Alexa voice assistant service, the complaint alleges that the company reneged on these promises by retaining and leveraging the data for improving its Alexa algorithm.

Amazon, a leading global retailer, amasses extensive user data, including geolocation and voice recordings. It defends its data handling practices by claiming its Alexa service and Echo devices are designed with user privacy in mind, including parental controls for deleting geolocation data and voice recordings.

The complaint reveals that even when parents requested the deletion of their children’s voice recordings, Amazon failed to completely erase the transcripts from its databases, undermining the COPPA rule that requires parental consent for the collection of children’s data, among other measures.

The FTC also filed a complaint today against Amazon’s home security subsidiary, Ring, over allegations that it jeopardized its customers’ privacy by allowing any employee or contractor to access private videos, and for failing to establish basic privacy and security measures.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.


Source link