Amazon Sued in First ‘My Health, My Data’ Privacy Dispute (2)

Amazon.com Inc. was accused of violating federal wiretap and Washington state privacy laws by harvesting location data of tens of millions of unsuspecting Americans by licensing its software development tools to a variety of apps.

Amazon tracked users’ location data without their consent, using it for targeted advertising and other means of enriching its business, according to a complaint filed by an Amazon app user Monday in the US District Court Western District of Washington.

Information collected by these apps also included “biometric data and precise location information that could reasonably indicate a consumer’s attempt to acquire or receive health services or supplies,” putting it in violation of Washington’s My Health My Data Act, the complaint said.

Amazon denied the allegations. “These claims are not accurate, and we look forward to explaining this in court,” an Amazon spokesperson wrote in an email.

The company prohibits publishers from sending it precise location and biometric data, the spokesperson said.

My Health My Data prohibits covered entities from collecting or selling health data that can be tied to an individual without that person’s express consent. The law, which went into effect in March 2024, allows individuals to bring suit against alleged violators seeking as much as $25,000 per plaintiff in damages. The complaint against Amazon is the first under the law passed in response to concerns about reproductive health data privacy.

Plaintiffs’ My Health My Data claims are just one among seven made in the dispute targeting Amazon’s profits off mobile data collection. Among the litany, it’s unclear if these claims “which make only cursory allegations of harm” will survive Amazon’s motion to dismiss, said Felicity Slater, an associate at Hintze Law PLLC.

My Health My Data remains an untested ground for privacy litigation, and plaintiffs’ ability to stave off a motion to dismiss could open a “flood” of complaints, similar to the surge in California Invasion of Privacy Act claims related to health data, Slater said.

Amazon software development kits were used by “thousands of developers,” according to the complaint. SDKs are prepackaged software development kits used to easily add certain functions to an app. The Amazon Ads SDK “perform various advertising-related functions such as mediation, measurement, attribution,” according to the complaint.

Plaintiff Cassaundra Maxwell is a Washington resident who used two apps known to include Amazon ad tracking software, OfferUp and Weather Channel. While users including Maxwell may have consented to individual apps tracking their data, they had no idea “Amazon will have equal access to sensitive geolocation data that it can then exfiltrate and monetize,” the complaint states.

Amazon is also accused of violating the Stored Communications Act and Computer Fraud and Abuse Act.

Maxwell and the proposed class are seeking that the court grant permanent injunctive relief to prohibit Amazon from continuing to collect data from its SDKs without consent, damages, and disgorgement of Amazon profits related to unlawful behavior.

Amazon did not immediately respond to a request for comment.

Maxwell is represented by Keller Rohrback LLP.

The case is Maxwell v. Amazon.com, Inc., W.D. Wash., No. 2:25-cv-00261, Complaint filed 2/10/25.