In one of the first Internet of Things (IoT) class action settlements, the maker of a Bluetooth-enabled personal vibrator called We-Vibe agreed to settle a privacy class action lawsuit for $3.75 million.
The We-Vibe personal vibrator allows a user to connect the product to a smartphone allowing different users to communicate with each other through video chats and text messages and remotely control their partner’s We-Vibe device in real-time using a mobile app.
The class action plaintiffs alleged that the app collected a substantial amount of information about its customers and their usage habits without customer knowledge or consent, including not only usage patterns but also the email address of customers who registered with the app. The company also assured users that the app was “secure” and could initiate “a secure connection between . . . smartphones.” However, in late 2016, two hackers at the Def Con hacking conference demonstrated that the device could be hacked and controlled by unauthorized users, revealing that the vibrator is not as secure as the company allegedly promised.
Take-away: Do not copy others’ privacy policies and make promises that may not be kept. Your privacy policy should accurately reflect the collection, sharing, retention, and security of your customer data.