Groups accuse Amazon of violating children's privacy

Groups accuse Amazon of violating children's privacy
© Getty Images

Lawmakers and public interest groups are asking the Federal Trade Commission (FTC) to investigate Amazon’s Echo Dot Kids, arguing that the smart device is violating children’s privacy by collecting and storing their data without meaningful control for parents.

The Campaign for a Commercial-Free Childhood (CCFC), the Center for Digital Democracy and 17 other privacy groups filed a complaint with the FTC on Thursday saying that Amazon is violating the Children’s Online Privacy Protection Act (COPPA).

“Amazon markets Echo Dot Kids as a device to educate and entertain kids, but the real purpose is to amass a treasure trove of sensitive data that it refuses to relinquish even when directed to by parents,” Josh Golin, CCFC’s executive director, said in a statement.


“COPPA makes clear that parents are the ones with the final say about what happens to their children’s data, not Jeff BezosJeffrey (Jeff) Preston BezosBiden criticizes Amazon for paying Jeff Bezos in corporate taxes Hillicon Valley: YouTube under fire | FCC gets tough on robocalls | Maine governor signs strict privacy bill | Amazon says delivery drones coming in 'months' Amazon: Drone deliveries to homes expected 'within months' MORE. The FTC must hold Amazon accountable for blatantly violating children’s privacy law and putting kids at risk.”

A bipartisan group of senators echoed their concerns in a letter to the FTC's commissioners on Thursday, urging an investigation into the smart home devices. The letter — signed by Sens. Ed MarkeyEdward (Ed) John MarkeySenate set to bypass Iran fight amid growing tensions Young activists press for change in 2020 election Hillicon Valley: House panel advances election security bill | GOP senator targets YouTube with bill on child exploitation | Hicks told Congress Trump camp felt 'relief' after release of Clinton docs | Commerce blacklists five Chinese tech groups MORE (D-Mass), Richard Blumenthal (D-Conn.), Dick Durban (D-Ill.) and Josh HawleyJoshua (Josh) David HawleyIs Big Tech biased? Hillicon Valley: Senate bill would force companies to disclose value of user data | Waters to hold hearing on Facebook cryptocurrency | GOP divided on election security bills | US tracking Russian, Iranian social media campaigns Bipartisan senators to introduce bill forcing online platforms to disclose value of user data MORE (R-Mo.) — raises "significant privacy concerns" about the products.
"Children are a uniquely vulnerable population," the lawmakers wrote. "We urge the Commission to take all necessary steps to ensure their privacy as ‘Internet of Things’ devices targeting young consumers come to market, including promptly initiating an investigation into the Amazon Echo Dot Kids Edition’s compliance with COPPA.” 
An FTC spokeswoman confirmed that the agency had received the letter but declined to comment.
The groups that filed the complaint produced a video showing that kids can get their devices to “remember” information like addresses and Social Security numbers. According to the video, the devices retain the information even after users try to delete it from their accounts.

Asked for comment by The Hill, an Amazon spokesperson said in an emailed statement, “FreeTime on Alexa and Echo Dot Kids Edition are compliant with the Children’s Online Privacy Protection Act (COPPA)."
The spokesperson also said that customers could find out more about its practices on its help page.
On Thursday evening, Amazon followed up with a blog post detailing its privacy practices and how parents can access and delete their children's data.
COPPA requires companies to allow the parents of children under the age of 13 to access information that’s being stored about their kids and to have it deleted.

It also requires commercial websites, mobile apps and services that collect information about people over the internet to obtain parental consent before compiling data about children.

According to the groups’ complaint, Amazon’s process of obtaining parental consent falls short of COPPA’s requirements.

“It merely requires someone to input a credit or debit card number and a CVV security code,” the complaint reads. “It does not verify that the person ‘consenting’ is the child’s parent as required by COPPA.”

— Zack Budryk contributed to this report, which was updated at 9:09 p.m.