Amazon could be headed for trouble under Europe’s General Data Protection Regulation following the sending of 1,700 Alexa voice recordings to the wrong customer.
German magazine c’t reports say that a consumer requested data on their Amazon account, and that Amazon tried to provide it, as required by the GDPR.
However, another consumer’s Alexa recordings were sent by mistake in a 100MB zip file. The person who received it is not an Alexa user. Reports state that 3% of the files contained personal data, the Star reports.
It was not known at deadline whether authorities plan to investigate or take action.
An Amazon spokesperson told Reuters: “We resolved the issue with the two customers involved and took measures to further optimize our processes. As a precautionary measure, we contacted the relevant authorities.”
In a separate development, it was reported that Alexa came out with strange messages, including, “Kill your foster parents,” as part of an AI experiment last year. The device also made sex-related comments.
This was part of a scheme by Amazon to make Alexa more conversational. However, observers see privacy implications in this too.
“Consumers might not realize that some of their most sensitive conversations are being recorded by Amazon's devices, information that could be highly prized by criminals, law enforcement, marketers and others,” The Star argues.
This news also comes as Amazon has added new features to Alexa, including the ability to read and reply to emails.
GDPR enforcers could examine this at some point based on the possibly of leaks and other infractions. At the least, email marketers could find their messages being deleted or shoved into spam folders.
Surely, Amazon is gathering consent for every one of these users.