Bose Lawsuit For Collecting Headphone Data Is Flimsy, But Highlights Continued Lack Of Real Transparency

from the dumb-tech-is-often-smarter dept

Being transparent about what private consumer data is being collected and sold appears to be a hard lesson for hardware vendors to learn. Earlier this month, Bose was hit with a new lawsuit (pdf) accusing it of collecting and selling personal subscriber usage data of the company's $350 QC 35 noise-canceling headphones. More specifically, the lawsuit claims that the Bose Connect smartphone companion app is collecting user preferences when it comes to "music, radio broadcast, Podcast, and lecture choices" -- and then monetizing that data without making it clear to the end user:

Unbeknownst to its customers, however, Defendant designed Bose Connect to (i) collect and record the titles of the music and audio files its customers choose to play through their Bose wireless products and (ii) transmit such data along with other personal identifiers to third-parties—including a data miner—without its customers’ knowledge or consent...Though the data collected from its customers’ smartphones is undoubtedly valuable to the company, Defendant’s conduct demonstrates a wholesale disregard for consumer privacy rights and violates numerous state and federal laws.

To be clear, the complaint, filed last week by Bose customer Kyle Zak in federal court in Chicago, seems more than a little thin. The suit appears to piggyback on growing concern about the wave of internet of things devices (from televisions to smart dildos) that increasingly use internet connectivity to hoover up as much as possible about consumers. Often, this data is collected and transferred unencrypted to the cloud, then disseminated to any number of partner companies without adequate disclosure.

That said, while Bose marketing insists users need the app to "get the most out of your headphones" and get the "latest features" for their headphones, in this instance, users can avoid data collection by simply not using the Bose companion app. And while Bose only appears to be collecting metadata, the suit tries to somehow claim that collecting this type of metadata -- which any and every music service also happily collects -- somehow violates the Wiretap Act:

... customers must download and install Bose Connect to take advantage of the Bose Wireless Products’ features and functions. Yet, Bose fails to notify or warn customers that Bose Connect monitors and collects—in real time—the music and audio tracks played through their Bose Wireless Products. Nor does Bose disclose that it transmits the collected listening data to third parties.

Were Bose, say, using the headphone jack on a headset to monitor actual user communications, the case might have legs. That said, while the suit's central Wiretap Act claims may be weak, the suit once again highlights that consumer data collection policies, if disclosed at all, are often buried in overlong privacy policies few if any consumers actually read -- using language carefully crafted to obfuscate what precisely is happening. Bose doesn't really help its case all that much in a statement on its website that declares the lawsuit "inflammatory" and "misleading," before being a little misleading itself:

We understand the nature of Class Action lawsuits. And we’ll fight the inflammatory, misleading allegations made against us through the legal system. For now, we want to talk directly to you. Nothing is more important to us than your trust. We work tirelessly to earn and keep it, and have for over 50 years. That’s never changed, and never will. In the Bose Connect App, we don’t wiretap your communications, we don’t sell your information, and we don’t use anything we collect to identify you – or anyone else – by name.

While Bose insists it doesn't "sell your information" -- its app privacy policy does note that it "may partner with certain third parties" to "engage in analysis, auditing, research, and reporting" (hey, it's not selling if we call it something else). And while Bose may not personally identify you "by name," we've long noted that "anonymized" data is far from anonymous. Study after study has made it clear that it only takes a shred of additional contextual data to make "anonymous" data easily and personally identifiable. If "trust" were truly Bose's top priority, they'd actually explain precisely what the app is doing, who data is sent to, and why.

Again, many may not care that Bose is collecting this data. Especially in an age where everybody carries around a miniature computer in their pocket, happily oblivious that their every step and click are being monetized by cellular carriers, app vendors, OS makers, advertising networks, and everybody else in the food chain. The problem is that companies continue to believe there's nothing wrong with hoovering up every shred of data they can, then hiding this collection in overlong, carefully-worded privacy policies -- and the false sense of security "anonymization" is supposed to provide.

Filed Under: information, kyle zak, privacy, tracking, transparency, wiretap act
Companies: bose

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    discordian_eris (profile), 26 Apr 2017 @ 4:04pm

    Two things. Recent efforts have shown that very little data can actually be completely anonymized. And this fetish for transparency is corrosive when, again, events have shown that the big boys can then say: "See? We are perfectly transparent so quit yer bitching." Transparency, or full disclosure, leads to industries trying to get away with everything they can think of. And succeeding. Just look to the pharma industry for an example. We told you that this drug could kill ya, and it did, well that's you're problem. We told ya that your data wasn't safe with us (on page 57 of the EULA) so the fact it was stolen, and then your identity was, is your problem.

    Instead of efforts to force de-anonymization and transparency, they should simply be banned from collecting anything but the most basic, and absolutely required, data.

    (Well, that and ban contracts of adhesion, but that's a different ball of wax.)

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.