10 comments

[ 5.4 ms ] story [ 32.2 ms ] thread
This is one of the real dangers of GDPR. If you make it really easy to download the entirety of someone's online life mistakes and fraud will occur where the wrong person receives it. This was probably some human error and not malicious but I will bet the malicious cases are coming (or are already occurring).
Really? I read this as the exact opposite. This is a huge benefit of GDPR because now companies' horrible internal privacy practices are being exposed.
GDPR is the only reason we now know how much data Amazon is keeping at the minimum, which apparently is quite a lot.
That's quite a spin on the story.

This is not one of the dangers of the GDPR, it's a danger of companies keeping sensitive user data with them forever when they clearly are incapable of being good stewards of it (and no, you don't deserve to be called good stewards if you have even one leak).

Perhaps, just perhaps, this will incentivize companies to have strict data expiry policies (at the very least), but I am not holding my breath.

An important detail not directly addressed in the article (or I missed it) is do the audio recordings include conversations between Alexa commands? Or where the audio recordings specifically related to the human issuing commands to the device? Either way, it's a huge issue the data was leaked to the wrong customer.

I find it hard to believe this was a one-time mistake.

Audio recordings are of the wake word and following command. The device has lights to indicate when it's listening/recording.
Note that Alexa keeps listening after giving a response, so you can give a followup question without a wake word.