Published: January 18, 2020 8:37:53 pm
European Union privacy watchdogs are gearing up to police digital assistants after revelations that Amazon.com Inc workers listened in on people’s conversations with their Alexa digital assistants.
Bloomberg first reported in April that Amazon had a team of thousands of workers around the world listening to Alexa audio requests with the goal of improving the software.
Similar issues have been raised over Google and Apple Inc’s digital assistants, triggering privacy fears across the world, as intimate conversations in some users’ homes were laid bare to technicians fine-tuning the technology.
EU regulators are now working on a common approach on how to police the technology, said Tine Larsen, head of the data protection authority in Luxembourg, where the US retail giant has its European base and employs a staff of more than 2,000.
“Because it’s a question of principle, the members of the EDPB should work out a common position in line with the consistency mechanism to apply data protection rules in a harmonized way for this type of treatment,” she said, referring to a panel of regulators from across the 28-nation EU.
The revelations of the snooping into people’s homes came after regulators across Europe were handed beefed-up powers with its General Data Protection Regulation in May 2018, including the right to levy fines of as much as 4 per cent of a company’s global annual sales for the most serious violations. But the move toward common guidelines for digital assistants means companies should avoid fines — for now.
Larsen’s comments echo those of Helen Dixon, head of the Irish watchdog, responsible for overseeing the likes of Apple and Google.
She told Bloomberg in November that the regulator first has to “bottom out fully on whether it’s true” when companies say they need to do transcripts of people’s interactions with the assistants. That’s why a focus will be first on coming up with guidelines, instead of investigations or inquiries, she said.
Amazon said in a statement that “to help improve Alexa, we manually review and annotate a small fraction of 1 per cent of Alexa requests” and that “access to data annotation tools is only granted to a limited number of employees who require them to improve the service.”
EU regulators are working on a common position on the privacy issues surrounding voice assistant systems, said Johannes Caspar, head of the watchdog in Hamburg, Germany. “We urgently need common and reliable industry standards on this to better regulate” privacy protections, he said in an email.
Caspar’s office initiated a number of probes into the issue, including one into Facebook over audio transcriptions from its Messenger users, he said. The questions his office has asked of Facebook have been discussed within the EDPB, the EU body of national regulators. The plan is to use the results to have a more coordinated approach by all European regulators affected by the issue, he said.
The UK, which is set to leave the EU at the end of the month, will soon publish the results of a consultation into security features for smart speakers and other connected devices, with proposals for mandatory industry requirements that could lead to potential new regulation, UK Digital Secretary Nicky Morgan told Bloomberg Wednesday.
Apple, whose Siri virtual assistant is embedded in its operating phone and desktop computer operating systems, pointed to an August blog post about the issue.
“We know that customers have been concerned by recent reports of people listening to audio Siri recordings as part of our Siri quality evaluation process — which we call grading,” it said. “We heard their concerns, immediately suspended human grading of Siri requests and began a thorough review of our practices and policies. We’ve decided to make some changes to Siri as a result.”
Google, which offers similar technology, referred to its September announcement that it would add new security protections to the way its workers listen to audio snippets, meant to help improve the product’s quality.
In a blog post in September, Google said it would tell users that their audio may be listened to if they opt in to a feature that also improves audio quality. “We believe in putting you in control of your data, and we always work to keep it safe. We’re committed to being transparent about how our settings work so you can decide what works best for you,” the company said.
While Amazon is escaping penalties over Alexa, Luxembourg, which is the company’s main privacy watchdog in Europe, is probing the company for other potential breaches.
This follows complaints from activists that the online retailer is illegally tracking and profiling internet users without their permission, as well as not providing full access to users’ data.
The company says it’s “cooperating” with the authority, “which is at an advanced stage of its fact finding,” according to an emailed statement. The data commission declined to comment on any probes, citing local rules.
French privacy activists La Quadrature du Net, filed one of the complaints on behalf of more than 10,000 customers. They urge regulators to crack down on “behavioural analysis and targeted advertising” by Amazon and levy a fine that is “as high as possible” due to the “massive, lasting and manifestly deliberate nature” of the alleged violations without the consent of its users.
None of Your Business (Noyb), a group created by Austrian activist Max Schrems, followed up with a separate complaint last January over data access concerns, accusing Amazon of violating EU law by not handing over all personal data requested by a user of its Amazon Prime service.
Arthur Messaud, a lawyer with La Quadrature du Net, and Schrems said they’d had no updates from the Luxembourg regulator, which is bound by strict secrecy provisions under national law, meaning it can’t reveal details until after any fines have been levies and all avenues of appeal have been exhausted.