The FTC and DOJ issued multi-million dollar fines against Amazon in May for misleading/deceptive privacy claims relating to data retention and children's privacy in connection with Alexa devices. The agencies charge Amazon with keeping Alexa's voice and geolocation recordings well beyond the time limits the company promised, using that data for its own internal purposes that were not disclosed to consumers, and failing to give parents a meaningful way to delete their children's data.
Why It Matters
Regulators around the world are increasingly focused on children's privacy, on how long companies keep personal data, and on how they re-purpose personal data. Amazon and other similar cases serve as a reminder that kids' data is increasingly off-limits for privacy reasons, something all companies should be aware of as they design products and services. In addition, Amazon's re-use of data (to train its artificial intelligence tools) reminds us that anything the consumer didn't consent to is also off-limits.
Perhaps most importantly, though, this case shows the trouble that can come with keeping data longer than it's actually needed. If you don't have to have something on hand to run your business, you are better off disposing of it according to your data retention schedules. Keeping data for long periods of time increases the risk that you will run afoul of retention time limits, an increasingly popular feature of privacy laws. Keeping data over a long period of time also increases the risk that someone will find a new way to use it -- a way that consumers didn't originally consent to -- and thus create new risks for the company.
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-12-13-15-38-26-547-675c54f2e06e54924eccb07e.jpg)
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-12-16-17-38-15-333-67606587044a44825e002930.jpg)
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-12-10-15-07-12-595-675859207e4ada72eef78335.jpg)