They all laughed when Kellyanne Conway said that “you can surveil someone through their phone, through their television sets … microwaves that turn into cameras.” But it’s time to get serious, folks. You may or may not be able to surveil people (yet). But you can collect data on them with the devices that make up the Internet of Things. And you can get into trouble for doing it.
Take Standard Innovation Corp., maker of the We-Vibe massager and its We-Connect app. An Illinois woman identified as N.P. has won a $3.75 million settlement against the firm for collecting her personal data without her permission, The Chicago Tribunereports.
The lawsuit alleges that the Canadian company collected “date, time, usage details and registered users’ email addresses to company servers without their knowledge,” the Tribune continues.
N.P. had purchased the $130 We-Vibe Rave and downloaded the companion We-Connect app. Consumers who use the app “can text and video chat with partners and control the device remotely through a paired smartphone, adjusting the settings on their own device or a partner’s,” the Tribune says.
Here are the terms of the federal court settlement. Standard Innovation has to set aside roughly $3 million for people downloaded the app, and $750,000 for those who bought only the device. Each app user could receive up to $10,000, and those who used only the device could get $199.
The financial settlement isn’t all — the company also has to destroy the data it gathered, and cease collecting emails and personal user information.
So what’s the lesson here?
The company has denied wrongdoing, and let’s assume that its intentions were good. But that’s no way to collect email addresses.
What’s the possible harm? It’s not hard to imagine possible scenarios. For one, a company like Standard Innovation could send a triggered email when a person uses the device.
“Feel good after your massage? You’d feel even better if you had used our coconut massage oil.”
Creepy, isn’t it? And think about other possible uses for the IOT — monitoring peoples’ health, for example. Senior citizens can wear a monitor that sends blood pressure readings to their doctor’s office, Tech.co reported last year.
These are powerful tools, and we’re barely at the start of this phenomenon. But the data can only be used with the person’s permission. And that’s the key takeaway here.
Assuming this is what it appears to be, Standard Innnovation would have never gotten in trouble if it asked for consent upfront. That would have required stating what it was up to, and providing the customer with control. The firm says it is working with experts to do that that and improve the app.
It’s surprising that a Canadian outfit stumbled into this. But if it can happen to them, it can happen to U.S. companies in our Wild West environment. So let’s learn from his $$3.75 million fiasco.