Do You Trust Amazon With Your Biometric Data?

By Betsy Burton

This week a number of musicians and privacy activists signed a letter protesting the use of Amazon’s palm scanner, named Amazon One, at the iconic RedRocks music venue in Colorado.

This move begs the question, “when is collecting personal data too much?” How much and what types of data are you willing to put in the cloud and trust with Amazon, Google, Facebook/Meta, etc.?

You Always Have Your Hand

Amazon sold the Red Rocks ticketing company AXS, and its parent company AEG Worldwide, on putting the palm reading devices in place in September 2021. Previously the Amazon palm recognition system was only available at Amazon stores, such as Whole Foods.

The ticketing company argues that this technology will help them process concertgoers more quickly, which means attendees will be able to get to the seats faster. In addition, they argue that the technology is more convenient because, unlike a phone or paper ticket, “your hand is always attached to your body.”

A Bridge Too Far?

One of the aspects that make many modern technologies so attractive is that they augment human behavior over time – so giving more and more personal data away becomes normalized. 

My first Red Rocks concert (Talking Heads) was paid for in cash at the University of Colorado ticket office. Over time people got accustomed to paying online with a credit card and printing out tickets, then paying and using their phone, and, now, using their palm for payment and entrance. 

Where is the line where sharing data with a provider is too much for convenience?

• Hacking and Stealing Biometric Data: The primary concern is that Amazon is storing this biometric data in the Amazon cloud. Unlike a credit card or phone, your biometric data can’t be changed if the system is hacked or stolen.
• Biometric Data Sharing: The second concern is that Amazon, as well as Google and Meta, have privacy policies which cite that they will share data with others including when they deem it appropriate; “we believe release is appropriate to comply with the law, enforce or apply our terms and other agreements, or protect the rights, property, or security of AWS, our customers, or others”. People using these systems need to assume their data could be shared with third parties and government entities.

Amazon, Google, and Meta are in the information as a commodity business.

P.S. this is one of the reasons I have never taken one of those Ancestry DNA tests.

Bottom Line

I will admit, it may be because of my age and experience that I would be extremely reluctant to allow an untrusted and unregulated (e.g., HIPA) company to put my biometric data in the cloud or within their systems. However, my millennial friends were completely open to this concept. I am sure that Amazon is starting this effort with venues that are more frequented by digital natives and millennials.

It is important to remember, these companies are in the business of making money off your data. “The lack of a decision is a decision.” Do not blindly follow the technology only because it is slightly more convenient.

Regardless of age, location, background, etc. each person must figure out what type and how much data they are willing to share. And make clear decisions based on those parameters.