Amazon on Wednesday agreed to pay a $25 million civil penalty to settle federal charges it said it violated children’s online privacy laws by retaining sensitive information it collected from children for years, including their exact locations and recordings.
It’s the latest legal move to step up regulatory efforts, demanding that some of the world’s largest tech platforms better protect their young users.
The case, brought by the Federal Trade Commission and the Justice Department, focuses on Amazon’s handling of personal details it collects from children who talk to the company’s voice-activated virtual assistant, Alexa.
In a lawsuit filed in the U.S. District Court for the Western District of Washington, Regulator said The tech giant has indefinitely retained recordings of young people’s Alexa voices and used the data for commercial purposes, such as training its algorithms to learn about children, in violation of the federal Children’s Online Privacy Protection Act.
The law, known as COPPA, requires online services aimed at people under 13 to obtain parental consent before collecting children’s personal details and allows parents to delete children’s data. But regulators said Amazon failed to remove recordings of children’s conversations with Alexa from all of its databases, even after parents tried to delete the recordings.
Samuel Levin, director of the FTC’s Bureau of Consumer Protection, said in a statement that “Amazon’s history of misleading parents, retaining recordings of children indefinitely, and flouting parental removal requests violates the Children’s Online Privacy Act and” Sacrificing privacy for profit”. “COPPA does not allow companies to keep children’s data forever for any reason, and certainly not to train their algorithms.”
The complaint also accuses Amazon of defrauding consumers, including parents, by repeatedly assuring users they can delete data, such as their Alexa recordings, but failing to adequately honor users’ deletion requests.
While it agreed to settle the charges, Amazon said it disagreed with the FTC’s claims and denied violating children’s laws.
“We’ve built strong privacy protections and customer controls into Alexa,” the company said in a statement. The statement added that the company designed Amazon Kids, a service that enables parents to manage games, books and other content for their children, to comply with children’s online privacy laws and that Amazon worked with the FTC before expanding children’s content Services include Alexa.
Under the terms of the proposed settlement, Amazon would be required to delete recordings and precise location data of children, as well as inactive Alexa accounts belonging to children. The proposed agreement also prohibits Amazon from misrepresenting how it handles user recordings, precise location data and children’s data.
A federal court must approve the settlement order.
The Amazon case comes amid growing public scrutiny over how some prominent social networks, video game services and device makers treat young users. It highlights the FTC’s increased efforts to force big tech platforms to strengthen protections for sensitive information, such as precise location or personal health details, the disclosure of which could pose privacy or physical risks to adult consumers and children.
In December, Fortnite maker Epic Games agreed to pay $520 million to settle FTC charges that it illegally collected data on players under the age of 13 and separately steered millions of users into unnecessary payments. In 2019, Google agreed to pay a $170 million fine to settle charges from the FTC and the New York Attorney General of violating children’s privacy on YouTube.
Increased regulation to protect children online is not limited to the United States. Last September, Irish regulators announced they would fine Meta about $400 million for handling information about children on Instagram. Meta disagreed and plans to appeal.
exist a separate case On Wednesday, the U.S. Federal Trade Commission accused home security camera service Ring of “gross violations” of user privacy, saying the company’s privacy and security lapses allowed employees to illegally spy on customers and allowed hackers to hijack user accounts.
Ring, which Amazon acquired in 2018, had “unreasonable” data security and privacy practices from at least 2016 until January 2020, the regulator said.
In 2017, for example, a Ring employee viewed thousands of videos belonging to dozens of female customers, including in sensitive locations such as women’s bedrooms and bathrooms, the agency said in a legal complaint filed in U.S. District Court for the District of Columbia. .
The proposed settlement would require Amazon to pay $5.8 million in consumer refunds, implement stringent security measures and remove algorithms or other data products resulting from illegal viewing of consumer videos.
In a statement, Amazon said Ring had addressed the security and privacy concerns before the FTC opened its investigation.