Amazon could be
headed for trouble under Europe’s General Data Protection Regulation following the sending of 1,700 Alexa voice recordings to the wrong customer.
German magazine c’t
reports say that a consumer requested data on their Amazon account, and that Amazon tried to provide it, as required by the GDPR.
However, another consumer’s Alexa recordings were sent
by mistake in a 100MB zip file. The person who received it is not an Alexa user. Reports state that 3% of the files contained personal data, the Star reports.
It was not known
at deadline whether authorities plan to investigate or take action.
An Amazon spokesperson told Reuters: “We resolved the issue with the two customers involved and took measures
to further optimize our processes. As a precautionary measure, we contacted the relevant authorities.”
In a separate development, it was reported that Alexa came out with strange
messages, including, “Kill your foster parents,” as part of an AI experiment last year. The device also made sex-related comments.
This was part of a scheme by Amazon to make Alexa
more conversational. However, observers see privacy implications in this too.
“Consumers might not realize that some of their most sensitive conversations are being recorded by Amazon's
devices, information that could be highly prized by criminals, law enforcement, marketers and others,” The Star argues.
This news also comes as Amazon has added new features to
Alexa, including the ability to read and reply to emails.
GDPR enforcers could examine this at some point based on the possibly of leaks and other infractions. At the least, email marketers
could find their messages being deleted or shoved into spam folders.
Surely, Amazon is gathering consent for every one of these users.