Amazon One palmprint biometrics accused of opacity, jeopardising privacy
Embedded Files
Occurred: August 2021
Page published: January 2022
Amazon's palm-scanning payment system, Amazon One, collected irreplaceable biometric data from consumers while providing little information about how user data is stored, used and potentially shared, according to a lawsuit filed against the tech company.
What happened
What happened
Launched at Amazon's cashier-less Go stores in the United States, Amazon One is a palm-scanning device that enables users to make purchases by placing their palms over a scanning device at the point of sale, with biometric data linked to a saved credit card.
Beyond payments, the technology is also used for identification, age verification, and accessing venues and buildings.
Following the enactment of New York City’s Biometric Identifier Information Law in 2021, Amazon allegedly operated its "Just Walk Out" technology in New York locations without informing customers that they were being biometrically tracked, according to a 2023 lawsuit filed by the Surveillance Technology Oversight Project (STOP).
Despite later adding signage, the suit argued the notices were poorly placed and misleadingly suggested that only those who opted into palm scanning were being monitored. It also claimed that the system's sensors and Amazon One palm scanners captured unique physical characteristics, such as hand shape and body size, to identify and track shoppers.
Why it happened
Why it happened
The controversy was driven by the technical requirements of Amazon’s "Just Walk Out" system, which relies on "computer vision, deep learning algorithms, and sensor fusion" to distinguish between individuals in a crowded store.
The controversy was exacerbated by transparency limitations: Amazon initially failed to provide the specific legal notices mandated by local privacy laws.
Additionally, the company's decision to store biometric "signatures" in the AWS Cloud, rather than on a user's local device, raised red flags for security experts and lawmakers who viewed the centralised database as a potential high-value target for hackers.
What it means
What it means
For consumers, the incident serves as a warning that "convenience-first" technology often comes at the cost of invisible surveillance.
For society, the case illustrates the risk of allowing large-scale commercial biometric collection to outpace legal protections. The combination of palm data, purchase histories and Amazon account information creates a uniquely powerful profiling tool.
For policymakers, Amazon One is a clear signal that the U.S. needs federal biometric privacy legislation. Illinois enacted BIPA in 2008, becoming the first state to implement a law protecting citizens against biometric data collection, and it is seen as the most stringent regulation of its kind and a blueprint for other U.S. states.
System 🤖
System 🤖
Amazon One
Operator: Amazon
Developer: Amazon
Country: USA
Sector: Retail
Purpose: Verify identity; Authorise transactions
Technology: Palm print scanning
Issue: Accountability; Privacy/surveillance; Security; Transparency
Timeline ⏰
Timeline ⏰
September 2020. Amazon launches Amazon One at Amazon Go stores in Seattle.
August 2021. Amazon’s offers USD 10 credit to new users enrolling their palm prints in the programme. U.S. senators write to Amazon CEO Andy Jassy expressing privacy and competition concerns over Amazon One, and asking the company to provide information about how it keeps users’ data safe.
March 2023. Class action lawsuit is filed in New York alleging Amazon violated NYC Biometric Identifier Information Law at Amazon Go stores.
July 2023. Amazon announces Amazon One rollout to all 500+ Whole Foods locations.
2023. Amazon and Starbucks sued in federal court for misusing customers' biometric identifiers.
November 2024. US District Judge denies Amazon's motion to dismiss BIPA-related class action over Just Walk Out stores.
2025. Federal class action over Amazon One dismissed.
January 2026. Amazon announces discontinuation of Amazon One for retail, citing limited adoption.
Legal, regulatory ⚖️
Legal, regulatory ⚖️
Rodriguez-Perez v. Amazon.com, Inc.
News, commentary, analysis 🗞️
News, commentary, analysis 🗞️
https://techcrunch.com/2021/08/02/amazon-credit-palm-biometrics/
https://www.yahoo.com/now/amazon-is-offering-10-in-credit-for-your-palm-print-data-114014151.html
https://hypebeast.com/2021/8/amazon-register-palm-print-data-biometric-data-payment
https://nypost.com/2021/08/03/amazon-will-pay-you-10-to-scan-your-palm-report/
AIAAIC Repository ID: AIAAIC0693
Page updated
Google Sites
Report abuse