An Amazon customer has filed a class action lawsuit in California on Wednesday, accusing the e-commerce giant of secretly collecting the geo-locations of shoppers via their cell phones – exposing sensitive details such as reproductive health and sexual orientation.
What’s more, the proposed class action lawsuit, filed in San Francisco federal court, accuses Amazon of not only tracking consumers' “sensitive movements and locations” without their knowledge but also selling the information it collected.
According to court documents, the Seattle-based online retailer surreptitiously obtained "backdoor access to consumers’ devices” by creating a software development kit (“SDK”) for Amazon ads and then disseminated the kits to “tens of thousands of mobile app developers” to embed in their products.
The case argues that essentially Amazon is responsible for providing a “direct data collection pipeline” for itself and its advertising partners – all without the consumers’ explicit consent or the ability to opt-out.
Geolocation data “can reveal a consumer’s home address, work address, and any other location they visit,” the lawsuit said.
The lawsuit further cited a study conducted by MIT which found out of 1.5 million people, only four timestamped locations were sufficient to identify 95% of individuals. When using 11 data points, that number becomes 100%.
The plaintiff filing the suit, Felix Kolotinsky of San Mateo, California, accuses Amazon of collecting his personal information through the "Speedtest" app by Ookla installed on his mobile phone. "NewsBreak" by Particle Media is another app mentioned in the suit.
‘Fingerprinting consumers’
The trove of personal data collected by these embedded SDKs reveals private details about the consumers, including religious worship, reproductive health, sexual orientation, medical conditions, mental health, addiction treatment, and even if a person is homeless or a domestic violence survivor or other at-risk populations, the filing argues.
"Amazon has effectively fingerprinted consumers and has correlated a vast amount of personal information about them entirely without consumers' knowledge and consent," the complaint said.
“This enormous volume of data enables Amazon and its advertising partners to build a comprehensive profile about each consumer, including their movements and whereabouts,” it said.
Among the sensitive data collected by the SDKs :
- Precise and timestamped latitude and longitude
- Geolocation coordinates from consumers’ devices
- Mobile advertising IDs (“MAIDs”)
- Device fingerprint data (device make, model, current OS, hardware, software, screen size, pixel density, and more)
The lawsuit charges that Amazon’s conduct violates California's penal law and state law against unauthorized computer access and that the company and its advertisers “were unjustly enriched and profited from the data taken.”
Although the exact monetary award sought and the number of class members seeking damages is not known at this time, the Plaintiff states that Amazon’s siphoning of his geolocation and personal information without consent would result in the same damages for the millions of other Class members.
Earlier this month, the Texas Attorney General sued Allstate on claims that the insurance giant illegally collected, used, and sold the private driving data of over 45 million Americans – also through mobile apps and without their knowledge or consent.
Allstate and other insurers would then use the “world’s largest driving behavior database” to jack up the insurance rates of Texas residents, or even deny coverage.
Since the January 13th suit, at least eight other private lawsuits have been filed against Allstate for similar reasons, Reuters reported.
Your email address will not be published. Required fields are markedmarked