Amazon Settles Privacy Lawsuits with FTC for Over $30 Million

In a landmark settlement, Amazon has agreed to pay more than $30 million to the Federal Trade Commission (FTC) to resolve two separate lawsuits relating to privacy concerns. The first lawsuit involved the smart doorbell Ring, which allegedly provided customer data to third parties without proper notification or consent. The second lawsuit centered around children’s voice and geolocation data accessed through the Alexa virtual assistant.

The first lawsuit, settled for $5.8 million, accused Ring of failing to inform customers or obtain their permission before allowing employees and contractors to view recordings of customers’ private spaces. The complaint alleged that thousands of employees had access to these recordings without appropriate consent, a violation of customers’ privacy rights.

In the second lawsuit, settled for $25 million, Amazon was accused of illegally acquiring and retaining children’s voice and geolocation data through Alexa, violating the FTC Act and the Children’s Online Privacy Protection Act. The FTC claimed that Amazon used this data to train its algorithms, gaining a competitive advantage at the expense of children’s privacy. The FTC highlighted that children’s speech patterns differ from those of adults, making their data valuable for improving Alexa’s responsiveness to children’s voices.

According to the FTC, Amazon assured users that voice recordings collected by Alexa and geolocation information obtained through the companion Alexa app could be deleted. However, the company retained some of this data for years and kept certain recordings and transcripts indefinitely to enhance the Alexa algorithm, as per the FTC complaint.

The Ring complaint further alleged that one employee had viewed thousands of video recordings belonging to at least 81 female users without their knowledge or consent. The employee’s misconduct was eventually reported and led to their termination after a supervisor noticed that the employee exclusively viewed recordings of “pretty girls.” Additionally, Ring was accused of failing to secure its devices, resulting in hacking attacks that led to customers being harassed, threatened, and insulted through the camera’s two-way communication functionality.

As part of the settlements, Amazon will be required to delete inactive child accounts, as well as certain voice recordings and geolocation data. Prohibitions will also be implemented to prevent Amazon from using such information to train its algorithms. In the Ring lawsuit, a new data security program will be established, compelling Ring to inform customers about the level of access the company and its contractors have to their data. However, the settlements are subject to court approval before they can take effect.

Amazon has responded to the allegations, stating that Ring had already addressed privacy concerns years ago and that the company disagrees with the FTC’s claims of law violations.

Background information reveals that Ring had introduced security and control measures in 2020, including mandatory two-factor authentication for all users and options to limit data sharing. However, security experts criticized these changes for not adequately protecting user information and called for further policy and device functionality improvements. Lawmakers have also pressured Ring for sharing doorbell footage with police without owners’ permission on multiple occasions. Additionally, class action lawsuits have been filed against Ring, alleging that inadequate security measures allowed hackers to compromise devices and threaten users.

The settlements reached between Amazon and the FTC mark an important step in addressing privacy concerns and enforcing stricter regulations to safeguard user data. The court’s approval of the settlements will be awaited, and the implementation of new security programs will be closely monitored in the coming months.