Skip to content

Amazon Fined $25M for Disregarding Kids’ Privacy

Amazon Fined $25M for Disregarding Kids’ Privacy

[ad_1]

Amazon to pay $25 million for violation of Children’s Online Privacy Protection Act

Amazon has been fined $25 million by the Federal Trade Commission (FTC) for violating the Children’s Online Privacy Protection Act (COPPA). It has also been ordered to overhaul its deletion practices and implement stringent privacy safeguards to spruce up its artificial intelligence (AI). Amazon’s voice interface Alexa has been popular among kids, and the FTC alleged that the company had been retaining children’s recordings and geolocation data indefinitely and not deleting them upon request by parents. The company also failed to delete transcripts of what kids said from all its databases. Amazon reportedly knew about it as early as 2018 but did not take action until September of the next year, after the agency gave them a nudge.

Reason for FTC action over Amazon’s violation of COPPA

Alexa is a voice assistant that has been in homes across the globe for years. Kids love to play with it, and it was so obviously useful to kids who can’t write or have disabilities that the FTC relaxed COPPA rules to accommodate reasonable usage: certain service-specific analysis of kids’ data, like transcription, was allowed as long as it is not retained any longer than reasonably necessary. However, Amazon has taken a rather expansive view on the “reasonably necessary” timescale. Amazon’s retention of children’s speech data indefinitely helped the company train its machine learning models better. FTC has stated that the company justified the retention of data on that basis. However, keeping children’s data indefinitely is in violation of COPPA.

FTC fine and the order against Amazon

The $25 million fine is less than negligible for a company of Amazon’s size, but it’s clearly complying with other provisions of the proposed order that will likely give them a headache. The FTC has ordered that Amazon should prohibit the use of geolocation, voice information, and children’s voice information for the creation or improvement of any data product. The company should also delete inactive Alexa accounts of children and notify users about its retention and deletion practices and controls. Amazon must not misrepresent its privacy policies related to geolocation, voice and children’s voice information, and should create and implement a privacy program related to the company’s use of geolocation information.

FTC statement and the lesson for tech companies

The FTC Commissioners Bedoya and Slaughter, as well as Chair Khan, wrote a statement accompanying the settlement proposal and complaint to particularly call out the point that Amazon kept kids’ data indefinitely to further refine its voice recognition algorithm, which was in violation of COPPA. Machine learning is no excuse for breaking the law. The data used to improve algorithms must be lawfully collected and lawfully retained. Tech companies should take heed of this lesson and ensure compliance with laws related to data privacy.

FAQs

What is COPPA?

COPPA (Children’s Online Privacy Protection Act) is designed to protect the online safety and privacy of children under 13. COPPA requires websites and online services that are directed to children under 13 or that knowingly collect personal information from children under 13 to obtain verifiable parental consent before collecting, using, or disclosing personal information from children.

Why did Amazon violate COPPA?

Amazon violated COPPA by keeping children’s recordings and geolocation data indefinitely and failed to delete them upon request by parents. It also failed to delete transcripts of what kids said from all its databases.

What does the FTC order require Amazon to do?

The FTC order requires Amazon to prohibit the use of geolocation, voice information, and children’s voice information for the creation or improvement of any data product. The company should also delete inactive Alexa accounts of children and notify users about its retention and deletion practices and controls. Amazon must not misrepresent its privacy policies related to geolocation, voice, and children’s voice information, and should create and implement a privacy program related to the company’s use of geolocation information.

Conclusion

The FTC has fined Amazon $25 million for violating COPPA and retaining children’s data indefinitely. The company also failed to delete the data on request by parents. The FTC order requires Amazon to implement stringent privacy safeguards and overhaul its deletion practices to comply with COPPA. Tech companies should take heed of this lesson and ensure compliance with laws related to data privacy.

[ad_2]

For more information, please refer this link