Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Fortune
Fortune
David Meyer

Amazon’s Ring and Alexa privacy charges include lessons for the whole tech industry

(Credit: ichael M. Santiago/Getty Images)

The last day has not been kind to the reputation of Amazon, which has found itself under fire from American regulators, British tax-fairness campaigners—and its own staff.

The biggest news came courtesy of the U.S. Federal Trade Commission and Department of Justice, which yesterday charged Amazon over serious violations of kids’ privacy with its Alexa assistant—Amazon told parents and other users that they could delete Alexa voice recordings and geolocation data, but, if they did, Amazon still held onto some of the data for years so it could better train Alexa.

The FTC and DOJ called this a deception and a violation of the Children’s Online Privacy Protection Rule, or COPPA. Under the proposed settlement, Amazon will have to pay $25 million—more importantly, it will also have to change its deletion practices, delete the data it shouldn’t have kept, and avoid using that data to train its algorithms.

“Adding insult to privacy injury, for at least a year, Amazon gave 30,000 employees access to Alexa users’ voice recordings—even though many of those staffers had no business need for the files,” wrote FTC senior attorney Lesley Fair in a blog post.

Separately, the FTC also charged Amazon’s Ring subsidiary with “compromising its customers’ privacy by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers’ accounts, cameras, and videos.”

This one’s painful—read it and weep: 

“One employee over several months viewed thousands of video recordings belonging to female users of Ring cameras that surveilled intimate spaces in their homes such as their bathrooms or bedrooms. The employee wasn’t stopped until another employee discovered the misconduct. Even after Ring imposed restrictions on who could access customers’ videos, the company wasn’t able to determine how many other employees inappropriately accessed private videos because Ring failed to implement basic measures to monitor and detect employees’ video access…Hackers taunted several children with racist slurs, sexually propositioned individuals, and threatened a family with physical harm if they didn’t pay a ransom.”

A proposed settlement would see Ring pay $5.8 million for consumer refunds—and again, it would have to “delete data products such as data, models, and algorithms derived from videos it unlawfully reviewed.” 

Amazon has therefore become the highest-profile target of an FTC algorithmic-destruction order (previous recipients include Cambridge Analytica, Everalbum, and Kurbo). 

As Signal Foundation president and A.I.-ethics maven Meredith Whittaker observed: “Data protection is A.I. regulation.” FTC Chair Lina Khan and Commissioners Alvaro Bedoya and Rebecca Kelly Slaughter made a similar point in a statement—relating to the Alexa case—that was explicitly directed at all those Big Tech players racing to train their big A.I. models: 

“Machine learning is no excuse to break the law. Claims from businesses that data must be indefinitely retained to improve algorithms do not override legal bans on indefinite retention of data. The data you use to improve your algorithms must be lawfully collected and lawfully retained. Companies would do well to heed this lesson.”

Amazon: "While we disagree with the FTC's claims regarding both Alexa and Ring, and deny violating the law, these settlements put these matters behind us." A spokesperson said the changes it has to make to its Alexa policies only amount to “a small modification to our already strong practices,” and also that “Ring promptly addressed the issues at hand on its own years ago, well before the FTC began its inquiry.” The company published separate blog posts on the Ring and Alexa settlements. It didn’t address the stuff about having to retrain or delete its algorithms, though.

Meanwhile, away from regulation-land, more than 100 workers at Amazon’s Seattle headquarters staged a planned walkout over a trio of issues: Amazon’s heavy climate impact (the company just quietly walked back a “Shipment Zero” commitment to make half its shipments carbon-neutral); its recently-enacted policy of forcing most workers back to the office for at least three days a week; and the recent laying-off of around 27,000 employees.

Amazon responded by reiterating its goal of “getting to net carbon zero by 2040” and claiming it will only use renewable energy as of 2025. It defended its return-to-office policy and said “it’s going to take time” for workers to adjust.

On top of all that, the U.K.’s Fair Tax Foundation is spitting fire after Amazon’s main division in the country just avoided paying any corporation tax whatsoever for the second year running. There’s nothing illegal about that—a government scheme allowed Amazon to offset its local investments in warehouse robotics and software development against profits—but it gives tax campaigners an obvious line of attack. (Amazon noted that other parts of its business paid £781m in direct taxes and £2.8bn in indirect taxes last year).

None of this has dented Amazon’s share price, of course. But particularly regarding those privacy violations—a lot of people are going to stop trusting Ring and Alexa—I’d be very surprised if the reputational damage to the company and its wares doesn’t come back to bite it over time.

More news below.

Want to send thoughts or suggestions to Data Sheet? Drop a line here.

David Meyer

Data Sheet’s daily news section was written and curated by Andrea Guzman.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.