Bose has been slapped with a class-action lawsuit accusing the company of essentially spying on their wireless headphone customers by secretly collecting and transmitting the users’ private music and other audio selections to third parties without disclosure and user consent. 

The lawsuit alleges Bose violated the federal Wiretap Act, the Illinois Eavesdropping Statute and the Illinois Consumer Fraud and Deceptive Business Practice Act based on Bose’s non-consensual data practices. In the lawsuit filed in the Northern District of Illinois, Plaintiff Kyle Zak, who downloaded the Bose Connect app on his phone and is now seeking more than $5 million in damages, asserts that he did not realize that the app transmitted the names of every track he played to third parties including data mining companies.

This lawsuit emphasizes the need for companies to have in place transparent and user-friendly privacy policies where they clearly explain what data about or from their users they will collect, use, and disclose to third parties. The lawsuit also demonstrates that the collection, use, and disclosure of data should be proportional to the business needs for the data. 

Major privacy concerns for internet of things devices can arise, for example, if users’ listening habits reflect religious, political, health care, or other sensitive data that a user has not consented to share and the collection of which the user is not aware of. 

As new technologies and practices emerge, companies should continue to periodically verify that they are acting in accordance with their published privacy policies and notices, diligently assessing their data needs and giving users an opportunity to opt out of data collection that is not necessary for purposes of using the technology.