What Amazon’s Privacy Breaches Say About Smart Device Security

Omdia analysts offer their opinion on Amazon’s fines and what companies should do to safeguard devices

Scarlett Evans, Assistant Editor, IoT World Today

June 6, 2023

4 Min Read
Getty

Amazon was recently fined more than $30 million for customer privacy breaches, demonstrating the rising need for cybersecurity and data protection at a time where smart devices are becoming increasingly common.

While there is some legislation in place accommodating smart devices, the sheer volume of devices coming online is still proving an industry bottleneck, and a point of concern for customers and vendors alike. 

The Rise of Smart Home Devices

According to ABI research, more than 5.5 billion smart home devices will ship to customers between 2022 and 2030, while Statistica said the number of IoT devices worldwide will almost triple from 9.7 billion in 2020 to more than 29 billion IoT devices in 2030. 

As such, regulations still need to be refined to provide more stringent guidelines on how to keep customers’ data safe, and keep companies accountable.

Subscribe to IoT World Today's newsletter

“The rise of these smart devices has impacted data privacy and data security simply due the volume of data these devices generate,” said Adam Strange, data security analyst at Omdia. “They do not cause any new privacy problems that are in some way outside of the existing data privacy legislation (eg GDPR) that governs other forms of data.

“The vendors offering these devices … tend to give less focus on how they manage and use these huge volumes in a way that conforms to the legislation.”  

Related:Amazon Fined $30M for Alexa, Ring Privacy Violations

Such a problem was seen in Amazon’s handling of data. The company’s Alexa voice assistant stored historical children’s voice data as well as geolocation, while its Ring smart security device stored thousands of videos of customers in their homes.

Under the proposed settlement, Amazon is required to delete customer videos and data that include a customer’s face obtained before 2018, as well as any inactive child accounts.

“The sheer volume of data being generated means it is very difficult to distinguish old from new, current, usable data from old or inactive and then to delete old or unused data,” said Strange. “Typically, all this data gets lumped in together. This is really the problem for these organizations – too much data to then manage in a way that conforms to the regulations. 

“As Amazon has found out, there are penalties out there for organizations that non-comply or ignore the mandate from the regulators.”

Company-Wide Change

Offering proper data privacy training to employees is crucial to ensuring sensitive data is handled correctly, with a lack of company training highlighted as one of the issues in the Amazon case. 

Yet company-wide understanding of cybersecurity legislation is something businesses are still grappling with as the market adapts to meet rising device numbers.

“In order to avoid an on-going series of fines into the future, tech companies (and all companies retaining customer or private data) need to devote far more time and energy into data privacy compliance and subsequent data management,” said Strange. “Or else prepare themselves for further hefty fines to come.”

According to Hollie Hennessy, IoT cybersecurity senior analyst at Omdia, ensuring there’s a good consumer understanding of cybersecurity is also necessary to create a safer environment. 

“The Ring/Alexa issue sheds some important light on how consumer’s privacy can be handled by manufacturers and can educate the consumer on the issues with insecure consumer devices,” said Hennessy. “Consumers need to be able to tell if  the devices they’re purchasing are secure, and unfortunately this hasn’t been the case traditionally – it’s very unclear to consumers and so it can be difficult to make an informed decision.

“In recent years governments and industry have been working together to move the needle on IoT cybersecurity and we can expect legislation and regulation to enforce better cybersecurity for connected consumer devices.”

It’s increasingly in the interests of vendors to address these pain points. With Amazon’s alleged security breaches gaining widespread attention, awareness of cybersecurity issues is only expected to rise and become an even greater demand for shareholders and consumers alike. 

“A recent study by Omdia, commissioned by the CSA, revealed that security features were the most important attribute when purchasing a connected device,” said Hennessy. “Most consumers, based on the study, believe that their devices are secure – and we know from examples like this that it isn’t always the case. 

“Device manufacturers should be aware that consumers are willing to pay for products with better security and likewise the industry and governments should continue to raise awareness around cybersecurity and data privacy.”

About the Author

Scarlett Evans

Assistant Editor, IoT World Today

Scarlett Evans is the assistant editor for IoT World Today, with a particular focus on robotics and smart city technologies. Scarlett has previous experience in minerals and resources with Mine Australia, Mine Technology and Power Technology. She joined Informa in April 2022.

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like