A Washington state privacy law faces its first major test as Amazon confronts a class-action lawsuit over alleged unauthorized collection of consumer health data.
A lawsuit filed in U.S. District Court in Seattle alleges Amazon's advertising network secretly gathered health-related data through mobile apps without user consent. The case centers on Amazon's software development kits (SDKs) embedded in thousands of applications, which allegedly collect location data and other personal information that could reveal users' health-seeking behaviors.
This marks the first legal challenge under Washington's My Health My Data Act, which took effect March 31, 2024. The law extends privacy protections beyond traditional healthcare settings, covering sensitive health data not protected by HIPAA regulations.
Amazon strongly denies the allegations. "Customer privacy is a top priority," a company spokesperson said, explaining that their publisher agreements specifically prohibit sharing consumer health data and any accidentally received data is immediately discarded.
Sen. Vandana Slatter, who sponsored the legislation while serving in the state House, sees the law as a crucial step in protecting both Washington residents and visitors seeking healthcare in the state.
The lawsuit could reshape how tech companies handle personal health information. With potential penalties reaching $7,500 per violation and thousands of affected users, the financial implications for Amazon could be substantial. More importantly, the case may set precedents for health data privacy in the digital age.
Washington's landmark legislation emerged in response to growing concerns about health data privacy, particularly after the Supreme Court's 2022 Roe v. Wade decision. The law specifically addresses fears that personal data, such as location tracking and period-tracking apps, could be used to identify and potentially prosecute individuals seeking reproductive care across state lines.
The implications extend far beyond reproductive health. As one of the first laws of its kind in the U.S., Washington's initiative is attracting attention from other states looking to protect consumer health data that falls outside traditional medical privacy regulations. The Amazon case could set important precedents for how courts interpret these new privacy protections and influence pending legislation in other states.
A Washington state law that protects personal health data from being collected without users' knowledge, covering data not protected by HIPAA.
The lawsuit claims Amazon gathered biometric data and precise location information that could indicate attempts to receive health services or supplies.
Unlike most privacy laws, Washington's legislation allows individuals to sue companies directly rather than waiting for government enforcement.