The Federal Trade Commission (FTC) has been looking into Ring, the home security camera company, for compromising its customers’ privacy. A complaint against Ring said that the company deceived its customers by failing to restrict access to customer videos and other problems. The FTC have released a proposed order, to be approved by the federal court, requiring Ring to abide by a number of provisions and pay a fine.
Complaint
The complaint raised a number of concerns with practices taking place with the home security camera company. The FTC said they deceived customers by:
- Failing to restrict employees’ and contractors’ access to its customers’ videos
- Using customer videos to train algorithms, among other purposes, without consent
- Failing to implement security safeguards.
It was stressed that these failures amounted to violations of users’ privacy. One major example that was mentioned referenced an employee who was able to view thousands of video recordings belonging to female users from intimate areas of their homes such as bathrooms and bedrooms. The employee wasn’t stopped until another member of staff discovered the misconduct.
Even after Ring implemented stricter access on who could access customer videos, they had no way to establish how many other employees had been accessing videos inappropriately. This was due to their inability to implement basic monitoring and detection measures.
Another major issue that was raised was that Ring took no steps to notify customers or obtain consent for their videos to be used for various purposes, including training algorithms. Steps were only taken in January 2018, but the complaint stated that Ring buried the information in its Terms of Service and Privacy Policy.
Security Failures
Further concerns were raised regarding Ring’s security measures. The complaint stated that Ring failed to protect customers from common and well-known threats. Even after the company suffered attacks in 2017 and 2018 Ring didn’t implement any basic features, like multi-factor authentication, until 2019. But the implementation was described as sloppy and therefore meant they were not as effective. This led to around 55,000 US customers still being impacted by hacking efforts resulting in some customers even being harassed, threatened, and insulted customers through their security system.
Proposed Order
The FTC have said that Ring should be required to delete data products such as data, models, and algorithms that it derived from videos that were viewed unlawfully. They will also need to implement a privacy and security program with more safeguards on who can review videos and better security controls.
Additionally, the FTC have said Ring should be required to pay $5.8 million to refund impacted customers. Ring will also be required to submit compliance reports for 10 years and annually certify to the FTC they are compliant with the order for 20 years.
Value Privacy’s experts are on hand to make sure that you and your company aren’t caught out by new or existing privacy laws.
You can find out more about the services we offer or just get in touch with us directly with any questions you have about how privacy laws impact you.
