According to the Federal Trade Commission (FTC), home security camera company Ring compromised its customers’ privacy by allowing any employee or contractor to access consumers’ private videos. The FTC highlights that by failing to implement basic privacy and security protections, the company enabled hackers to take control of consumers’ accounts, cameras and videos.
Under a proposed FTC order, Ring will be prohibited from profiting from unlawfully accessed consumer videos and pay $5.8 million in refunds.
In a complaint, the FTC says Ring deceived its customers by failing to restrict employees’ and contractors’ access to its customers’ videos, using these videos to train algorithms, among other purposes, without consent and failing to implement security safeguards.
The FTC also says the company failed to take any steps until January 2018 to adequately notify customers or obtain their consent for extensive human review of customers’ private video recordings for various purposes.
Under the proposed order – which must be approved by a federal court before it can go into effect – Ring will be required to delete products such as data, models and algorithms derived from videos it unlawfully reviewed. It also will be required to implement a privacy and security program with novel safeguards on human review of videos as well as other stringent security controls, such as multi-factor authentication for both employee and customer accounts.
“Ring’s disregard for privacy and security exposed consumers to spying and harassment,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The FTC’s order makes clear that putting profit over privacy doesn’t pay.”