Amazon smart doorbell subsidiary Ring will pay a $5.8 million fine to the Federal Trade Commission for privacy violations involving compromised customer data given to third parties, settling a lawsuit from the federal agency.
Key Takeaways
- The first lawsuit—settled for $5.8 million—alleged that Ring did not notify customers or obtain their permission before allowing “thousands of employees and contractors” to watch recordings of customers’ private spaces.
- A separate suit settled for $25 million claimed Amazon violated the FTC Act and Children’s Online Privacy Protection Act by illegally procuring and retaining thousands of children’s voice and geolocation data through Alexa, giving the company “valuable” data to train its algorithms “at the expense of children’s privacy,” the FTC said.
- FTC said in a press release that kids’ speech patterns could have been useful to Amazon since they differ from those of adults, providing an important training dataset for the Alexa algorithm to better respond to kids’ voices.
- Amazon assured users that voice recording data collected by Alexa and geolocation information collected by the companion Alexa app could be deleted, but the company ended up keeping some of that data for years and “indefinitely” kept some recordings and transcripts, using it to improve the Alexa algorithm, according to the FTC complaint.
- Separately, the Ring complaint alleged one employee viewed thousands of video recordings belonging to at least 81 female users between June and August 2017—the misconduct was reported and the employee was eventually terminated after a supervisor noticed the employee was exclusively viewing recordings of “pretty girls.”
- Ring was also accused of failing to secure its devices from hacking attacks that allegedly resulted in customers being harassed, threatened, and insulted through the camera’s two-way communication functionality.
What to watch for
The Alexa settlement includes a provision that Amazon will be required to delete inactive child accounts in addition to some voice recordings and geolocation data—while prohibitions will also be put in place to stop Amazon from using such information to train its algorithms.
A new data security program will be implemented as part of the settlement in the Ring lawsuit, requiring Ring to inform customers how much access the company and its contractors have to their data. Both settlements will require court approval to take effect.
Contra
Amazon told Forbes in a statement that Ring addressed the privacy issues on its own years ago. A spokesperson added that the company disagrees with the FTC’s allegations and denies violating the law.
Key background
Ring announced strengthened security and control measures in 2020, making two-factor authentication mandatory for all users and allowing users to block having most of their data shared. Security experts called out the changes for not doing enough to protect users’ information and called for multiple changes to Ring’s policies and device functionalities.
The company has also been pressured by lawmakers for sharing Ring doorbell footage to police without owners’ permission several times. Class action lawsuits have also been directed against Ring alleging inadequate security measures allowed hackers to infiltrate devices and threaten users.
Big number
$514 billion. That is the amount of net sales made by Amazon in 2022.
This story was first published on forbes.com and all figures are in USD.
Forbes Australia issue no.4 is out now. Tap here to secure your copy or become a member here.
Look back on the week that was with hand-picked articles from Australia and around the world. Sign up to the Forbes Australia newsletter here.