31-01-2025
Proposed Class Action Alleges Amazon Allows Third Parties to ‘Covertly Siphon' Consumer Location Data
One California customer is accusing Amazon of getting a little too personal.
In a proposed class-action lawsuit filed on Wednesday in California's Northern District Court, Felix Kolotinsky, a California resident, argues that Amazon is illegally tracking and selling consumers' geolocation data to third parties.
More from Sourcing Journal
UPS Lowers Amazon Volume; Hapag-Lloyd Sees Rise in Container Transport
Amazon Makes Plans to Launch Drone Delivery in the United Kingdom
Amazon Slapped with $96M Complaint by Chinese Ocean Carrier for Breaking Contract
Kolotinsky alleges that the technology and e-commerce giant does so through a software development kit (SDK), which it uses to gain 'backdoor access to consumers' devices.' The complaint further notes that, in order to do so, Amazon allows its SDK, called Amazon Ads SDK, to be integrated into a variety of apps, like NewsBreak and Speedtest by Ookla, without consumers' consent.
The plaintiff reportedly used the Speedtest by Ookla app, allegedly exposing him to the Amazon Ads SDK and allowing Amazon to access sensitive data without his understanding. That, he notes, violates consumers' privacy.
'[Amazon's] business model is to collect information from consumers and sell access to its ill-gotten data to brands and advertisers,' Kolotinsky said in the complaint.
By collecting data like timestamped latitude and longitude geolocation coordinates, Amazon can easily identify a user's identity, the lawsuit states, citing MIT data that shows a handful of data points on location can sufficiently identify an individual.
'Amazon has effectively fingerprinted consumers and has correlated a vast amount of personal information about them entirely without consumers' knowledge and consent,' Kolotinsky alleges.
The plaintiff proposed a class inclusive of all California residents who downloaded and used a mobile app that had Amazon Ads SDK embedded without publicly disclosing the software in its notices or privacy agreements. Kolotinsky and his counsel estimate that millions of consumers could qualify for the class, should the judge certify it. Kolotinsky alleges that Amazon violated a section of California penal code and California's Comprehensive Computer Data Access and Fraud Act. Kolotinsky seeks $5,000 per violation from the company on the former claim and additional damages from the latter claim.
He also asks the judge to certify the class, appoint Kolotinsky as lead plaintiff, declare that Amazon did violate California law with the SDK and enjoin Amazon from unlawful activities as set out throughout the complaint.
'Ultimately, the Amazon Ads SDK has allowed Amazon to secretly create a detailed log of [Kolotinsky's] and the putative class's precise movement patterns, along with a dossier of their likes and interests, all without their consent or permission,' he alleged.
Amazon did not respond to Sourcing Journal's request for comment.
Related cases have been popping up across the United States, with the Federal Trade Commission (FTC) getting involved in some instances. Last year, the agency announced four cases that took issue with how companies collect and use consumers' geolocation data. It filed cases against Mobilewalla, Gravy and its subsidiary Venntel, InMarket and X-Mode and its successor Outlogic and eventually prohibited each of the companies from collecting and selling sensitive consumer location data.
