Amazon will pay two separate penalties for privacy violations: $25 million for allegedly not deleting children’s data and $5.8 million for failing to restrict access to Ring security videos, the Federal Trade Commission announced Wednesday.
Amazon’s settlement with the FTC followed a complaint alleging Amazon prevented parents from deleting their children’s voice and geolocation data acquired through the Alexa voice assistant and stored and used the data for several years to improve the Alexa algorithm to better understand children’s speech patterns and accents.
This put the data “at risk of harm from unnecessary access,” according to the FTC.
The Children’s Online Privacy Protection Act Rule (COPPA Rule) “does not allow companies to keep children’s data forever for any reason, and certainly not to train their algorithms,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said in a statement.
Amazon said in a blog post that it disagrees with the FTC’s claims and denies violating the law.
“We take our responsibilities to our customers and their families very seriously,” Amazon said. “We work hard to protect children’s privacy, and we have built robust privacy protections into our children’s products and services.”
Read more: These 6 Tips Will Help Keep Your Personal Data Private
The FTC on Wednesday also leveled a $5.8 million penalty against Amazon’s Ring. Ring, which was acquired by Amazon in 2018, sells video doorbells, indoor and outdoor cameras and home security services. It has long been criticized for its privacy practices, including sharing doorbell footage with police departments across the US. The settlement announced Wednesday related to allegedly failing to restrict access to customers’ videos across its employees and contractors and using those videos to train its algorithms without consent.
“One employee over several months viewed thousands of video recordings belonging to female users of Ring cameras that surveilled intimate spaces in their homes such as their bathrooms or bedrooms. The employee wasn’t stopped until another employee discovered the misconduct,” the FTC alleged.
Ring’s failure to “implement basic measures to monitor and detect employees’ video access” meant the company also didn’t know who or how many employees accessed private videos inappropriately, the FTC said.
Read more: Home Security Cheat Sheet: Our Best Tips for Keeping Your Home Safe
Ring didn’t seek customer consent for human review of their videos until January 2018, the FTC alleged.
Ring’s lack of security, including not even offering multifactor authentication until 2019, meant hackers exploited account vulnerabilities to access live video streams, stored videos and account profiles from 55,000 customers in the US, the complaint said.
Hackers even “used cameras’ two-way functionality to harass, threaten and insult consumers — including elderly individuals and children — whose rooms were monitored by Ring cameras, and to change important device settings,” the FTC said.
The $5.8 million penalty will be used to refund customers.
The FTC said Ring is also required to delete data and videos if obtained prior to 2018 and “delete any work products it derived from these videos.”
Ring’s statement likewise disagreed with the FTC’s claims.
“We want our customers to know that the FTC complaint draws on matters that Ring promptly addressed on its own, well before the FTC began its inquiry; mischaracterizes our security practices; and ignores the many protections we have in place for our customers,” Ring said.
How to protect your private data
Bad actors are a threat to your security, and there are a number of steps you can take to help yourself. Here’s how to make sure your home Wi-Fi is secure, how to protect your home security against hacks and the best home security systems of 2023 — including the best cheap home security systems and the best DIY home security systems.
You could also look at getting a password manager so your accounts are safer, and here’s CNET’s smart home privacy guide on how to delete your voice recordings across Amazon, Apple and Google.
As companies are keeping more and more of your personal data, here are CNET’s tips on how to keep Facebook from tracking you, how to prevent yourself from being tracked via your Apple AirTags and how to get Google to remove your personal data from search results.
