Amazon and its advertising division have found themselves at the center of a legal dispute over allegations of covertly collecting personal data from users of mobile applications. The lawsuit claims that the company tracked users’ locations without their knowledge and sold the data to third parties.
At the heart of the allegations lies Amazon Ads SDK, an advertising tool embedded in third-party mobile applications. Beyond displaying ads, the SDK purportedly harvests confidential user data, including detailed geolocation information. According to the lawsuit, Amazon acquires precise movement patterns, enabling it to determine users’ home and work locations, as well as frequented places, such as medical facilities, religious institutions, and other sensitive venues.
Such practices have sparked regulatory concern. Previously, the Federal Trade Commission (FTC) took action against Mobilewalla and Gravy Analytics for engaging in similar data collection activities. The agency underscores that geolocation data allows for the creation of highly detailed digital profiles, revealing individuals’ preferences, routines, and lifestyles.
The lawsuit identifies specific applications that incorporate Amazon Ads SDK, including NewsBreak and Speedtest by Ookla. Plaintiffs argue that users are completely unaware that their data is being collected and transmitted to unknown third parties. They do not receive explicit notifications about the SDK’s operations nor are they given the option to opt out.
Amazon faces accusations of violating California’s privacy laws, including the California Comprehensive Computer Data Access and Fraud Act (CDAFA) and the state’s prohibition on unauthorized use of pen registers to secretly log user data. However, legal precedent in such cases remains ambiguous, as California courts have issued conflicting rulings on the applicability of these statutes to data collection via SDKs.
Similar allegations were recently leveled against Allstate and its analytics subsidiary, Arity, which allegedly gathered user data through their proprietary SDK without obtaining explicit consent.
As of now, Amazon has not issued an official statement regarding the accusations.
