Yesterday, the FTC took a significant enforcement step against Amazon claiming that The Children’s Online Privacy and Protection Act (COPPA) Rule and Section 5 of the FTC Act were both violated by Amazon’s policies regarding the processing of children’s data, according to the complaint. Amazon agreed to pay an enforcement penalty of $25 million.
Nearly a million kids have their own Alexa profiles on Amazon devices, which are designed to target and collect personal information about kids and preserve voice recordings and geolocation forever—even after a child’s Alexa profile is inactivated. The FTC highlighted that even when parents asked Alexa to remove recordings of their children’s voices, Amazon frequently ignored their requests for a protracted period of time. Instead, Amazon kept such information for internal use to enhance the Alexa algorithm.
In related news, Amazon-owned Ring settled with the FTC on $5.8 million in regard to the company’s alleged failings to protect user data from cyberattacks.
In a complaint filed on behalf of the FTC, thousands of Ring customers’ security was neglected due to poor data practices on Ring’s part, directly causing some account holders to be victims of cyberattacks. According to the claim, Ring neglected to take the required precautions to guard against cyber attacks.
“Ring’s disregard for privacy and security exposed consumers to spying and harassment,” Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, wrote in a statement. “The FTC’s order makes clear that putting profit over privacy doesn’t pay.”
These are not the first FTC penalties to make headlines this month. Earlier in May the FTC accused Facebook of violating federal children’s privacy law, proposing a settlement that would prohibit the company from profiting off of children’s data. Meta has not agreed to the terms and is challenging the ruling.
