Amazon settles with FTC over Alexa and Ring privacy violations

Amazon has reached a settlement with the US market regulator FTC totaling approximately $30 million for violating privacy laws regarding Alexa and the Ring video doorbell.

Amazon has exceeded the US child privacy law Coppa with Alexa, the FTC ruled. The tech company stored children’s voice data and transcripts indefinitely until September 2019 by default. Users could request information to be deleted, but according to the market regulator, Amazon did not delete the transcripts “for a significant period of time,” while voting information and geolocation data were retained even after such a request.

Amazon says in a statement disagree with the FTC’s claims. According to the company, Amazon Kids does comply with the Coppa legislation. Parents must give permission before such a profile can be created and can easily delete voice recordings and transcripts online, the tech giant argues. The company says it will automatically delete child profiles that have not been used for at least eighteen months later this year. Despite this, the company has decided to settle the matter for $25 million “to put the matter behind us.”

At the same time affects the company a $5.8 million settlement with the FTC over an unrelated Ring privacy case. The watchdog said Amazon gave its employers and contractors “broad and unrestricted access” to Ring users’ video footage for years. They could freely view, download and share all images, without needing a good reason to do so. In addition, Amazon is said to have failed to take adequate security measures to prevent hackers from gaining access to users’ accounts, cameras and videos. For example, two-step verification only became available in 2019 and the “sloppy implementation” of additional security measures hindered its effectiveness, according to the Trade Commission.

These shortcomings allowed Amazon to spy on and intimidate users, the FTC said. In one case, a Ring employee was caught spying on several female users for months. The employee is said to have viewed thousands of videos, mainly from cameras located in privacy-sensitive places, such as the bathroom and bedroom. In 2020, three other employees were fired for similar reasons. Amazon then promised to limit employee access, but since Amazon “has not put in place basic measures to detect and monitor employee access to videos,” the company was unable to determine how many employees subsequently unlawfully viewed video.

In addition to the settlement, Amazon has agreed to take additional steps to secure customer data and further restrict employee access, such as requiring them to complete two-step verification before watching a video. Amazon also disagrees with the FTC’s ruling on this issue, but is nevertheless reaching a settlement to quickly resolve the matter. a spokesperson told Engadget.