In 2016, Amazon sold millions of Amazon Echos worldwide. Brands have taken notice, and begun to develop and release third party software integrations, or "Skills" as Amazon calls them, for the Alexa platform as well as for other voice-enabled platforms and devices. Once again, the law is playing catch-up with technology, and we are here to help you navigate the thorny issues.
Alexa, what are voice-enabled platforms and devices?
For purposes of this post, voice-enabled platforms and devices are those that use a combination of software and hardware to continuously listen and respond to the surrounding environment. The most well-known device dedicated to this "always-on" functionality is the Amazon Echo. The Amazon Echo, based on the Alexa platform, uses a far-field microphone to listen at all times for the wake word "Alexa," and upon identification of that word, records and transmits subsequent sounds over the internet in order to determine and provide an appropriate response. Other examples of voice-enabled devices that combine software and hardware from a single manufacturer include Google Home (based on the Google Assistant platform) and Microsoft Kinect (based on the Windows Cortana platform). While Apple does not offer a standalone device at this time, it provides similar "always-on" functionality through its iOS platform when a user utters the key phrase, "Hey Siri."
What makes the voice-enabled platforms and devices from Amazon and Google particularly attractive to brands is that they are now widespread among target audiences and allow brands to integrate their own services through the use of APIs. There are two types of APIs offered at this time. The first type of API allows brands to integrate Skills into the voice-enabled platform. For example, a brand could create a weather Skill that responds to users' questions about the weather. Under this scenario, the brand would develop and make the weather Skill available through the voice-enabled platform, users would find and install the weather Skill through the voice-enabled platform, and users would trigger the Skill through a key phrase, such as by stating the name of the brand and then asking about the weather. Upon triggering of the Skill, the voice-enabled platform operator would record and exchange subsequent information with the brand, including a transcript of the recorded sounds. If you think this process sounds familiar, you are right – it is comparable to the app ecosystems available on smartphone operating systems.
The second type of API has far more expansive implications and allows brands to integrate the voice-enabled platform into their own brand-developed hardware. For example, a refrigerator manufacturer could integrate the voice-enabled platform into its refrigerators to provide smart home functionality to its users. As brands are only just starting to use the second type of API, this post will focus on the privacy concerns implicated by the development of Skills. We will address the integration of voice-enabled platforms in brand-developed hardware in a subsequent post.
Okay Google, what are some of the privacy issues here?
Glad you asked.
One significant issue brands should consider is whether their use of information collected through a Skill complies with the governing privacy policies of the applicable voice-enabled platform. Similar to smartphone app stores, voice-enabled platforms have their own developer agreements that govern use of the platform. Brands need to carefully review these developer agreements to make sure their intended use of the collected information does not violate the provisions within the developer agreements and give the operator of the voice-enabled platform grounds for bringing legal action against the brand or claiming ownership of the data collected by the brand.
Voice-enabled platforms and devices also raise unique issues regarding law enforcement access to data. Last month, police in Arkansas issued a warrant to Amazon to turn over records collected by an Amazon Echo to assist with the investigation of a murder. While the police turned to Amazon in this case, given that Amazon declined to give police the requested information, in future cases police may instead seek the information from a brand that operates a Skill installed by the murder suspect. Brands should make sure that their privacy policies preserve the ability to respond to lawful subpoenas, government and regulatory requests, and discovery requests, and that they are prepared to object to such requests where such requests are overbroad or seek information that brands are prohibited by law from disclosing under applicable law.
Hey Siri, how do I find out more?
The legal landscape of voice-enabled platforms and devices is rapidly evolving, and we will continue to monitor and keep you updated on the latest trends.
This post first appeared in Frankfurt Kurnit's Focus on the Data blog (www.focusonthedata.com). It provides general coverage of its subject area. We provide it with the understanding that Frankfurt Kurnit Klein & Selz is not engaged herein in rendering legal advice, and shall not be liable for any damages resulting from any error, inaccuracy, or omission. Our attorneys practice law only in jurisdictions in which they are properly authorized to do so. We do not seek to represent clients in other jurisdictions.