Amazon on Wednesday agreed to pay a civil penalty of $25 million to settle federal allegations that it kept sensitive information collected from children, including their precise locations and voice recordings, in violation of the Children’s Online Privacy Act.
It was the latest legal action in an intense regulatory effort to require some of the world’s biggest tech platforms to better protect their young users.
The case, brought by the Federal Trade Commission and the Justice Department, focuses on Amazon’s handling of personal details collected from children interacting with the company’s voice-activated virtual assistant Alexa.
In a legal complaint filed in the US District Court for the Western District of Washington, the regulators said The tech giant had kept Alexa voice recordings of young people indefinitely and used the data for commercial purposes such as training its algorithms to understand children, violating the federal Children’s Online Privacy Protection Act.
That law, known as COPPA, requires online services targeted to people under the age of 13 to obtain parental consent before collecting a child’s personal details, and parents- Fathers can be allowed to delete their children’s data. But Amazon failed to remove tapes of children’s interactions with Alexa from all of its databases, even after parents demanded they remove voice recordings of their children, regulators said.
“Amazon’s history of misleading parents, indefinitely keeping recordings of children, and violating parental deletion requests,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said in a statement to Children’s Online Privacy. violates the law and “sacrificing privacy for profit”. “COPPA doesn’t allow companies to keep children’s data forever for any reason, and certainly not to train their algorithms.”
The complaint also accuses Amazon of deceiving consumers, including parents, by repeatedly assuring users that they can delete data such as their Alexa voice recordings, yet failing to substantially satisfy users’ deletion requests. failed to do.
Although it agreed to settle the charges, Amazon said it disagreed with the FTC’s claims and denied violating the Children’s Law.
“We built Alexa with strong privacy protections and customer controls,” the company said in a statement. The statement said the company designed Amazon Kids, a service that enables parents to manage games, books and other content for their children, to comply with the Children’s Online Privacy Act , and Amazon worked with the FTC before expanding to children’s content. service to include alexa
Under the terms of the proposed settlement agreement, Amazon will be required to hand over children’s voice recordings and precise location data as well as the removal of inactive Alexa accounts belonging to the children. The proposed settlement also prohibits Amazon from misrepresenting how it handles users’ voice recordings, precise location data and children’s data.
A federal court must approve the settlement order.
The Amazon case is a moment of public concern about how some major social networks, video game services and device makers treat their younger users. It escalates efforts by the Federal Trade Commission to compel big tech platforms to hand over sensitive information, such as precise location or personal health details, whose disclosure could pose a privacy or physical risk to adult consumers and children.
Last December, Epic Games, the maker of Fortnite, agreed to pay $520 million to settle allegations by the FTC that it illegally harvested data from players under the age of 13. Users are prompted to make unwanted payments. In 2019, Google agreed to pay a $170 million fine to settle allegations by the FTC and the New York attorney general that it violated the privacy of children on YouTube.
The intense regulatory push to protect children online is not limited to the United States. Last September, Irish regulators announced they would impose a $400 million fine against Meta for its handling of children’s information on Instagram. Meta said it disagrees and plans to appeal.
In a different matter On Wednesday, the FTC accused Ring, the home security camera service, of “serious violations” of users’ privacy, saying that privacy and security failures at the company enabled employees to illegally spy on customers and that hackers Allowed users’ accounts to be hijacked. ,
Regulators said Ring, which was acquired by Amazon in 2018, had “improper” data security and privacy practices from at least 2016 until January 2020.
For example, in 2017, a Ring employee viewed thousands of videos of dozens of female customers, including in sensitive places such as women’s bedrooms and bathrooms, the agency said in a legal complaint filed in the US District Court for the District of Columbia.
The proposed settlement order would require Amazon to pay $5.8 million in consumer refunds, take stricter security measures and remove algorithms or other data products obtained from consumers’ illegal viewing of videos.
In a statement, Amazon said Ring had addressed security and privacy issues before the FTC began its investigation.