Companies often collect data from products to help build better user experiences
Companies often collect data from products to help build better user experiences

A connected sex toy company will pay out a hefty sum after it was revealed that it was collecting data on its customer's habits without permission. Standard Innovation Corporation is to settle a class action suit, filed by users of one of the company's products last year. The suit, filed by two unnamed women in late 2016, will pay out CA$4 million (£2.5 million).

At the centre of this lawsuit is the We-Vibe 4 Plus, a vibrator which can connect to smartphones over Bluetooth to provide a mutually intimate experience for couples. The filing alleges that Standard Innovation "designed We-Connect to collect and record highly intimate and sensitive data regarding consumers' personal We-Vibe use, including the date and time of each use and the selected vibration settings, and transmit such usage data -- along with the users' personal email address -- to its servers in Canada."

Around the time the suit was filed, the company disclosed on its website that it did collect certain data from the device including IP addresses, times of use, app features and other details. The note also described the use of third party providers to collect analytical data “to help us improve our products and the quality of the We-Connect app.” The notice ensured that all data was anonymous.

Companies often collect information about their customers in order to improve service and refine an understanding of what its customers want, but that can occasionally creep into sinister invasions of privacy.

“One would hope that WeVibe were collecting information purely for product improvement”, Ken Munro, founder of Pen Test Partners told SC Media UK. “However, along the way the mobile app collected rather more data. Accidental or intentional ‘permission creep' in the mobile app led to users being identifiable in some cases.”

Munro also promised the release of similar research from Pen Test Partners: “so expect to see much more litigation along these lines.”

This case may bring to mind Uber's “Rides of Glory” experiment. By collecting data from its users, the ride sharing app's researchers found what nights, hours, neighbourhoods and cities were the best to have a one night stand.

A blogpost from Uber discussing the research judged its findings to be “fascinating”. The research was roundly met with disapproval and though the data used was anonymised, it was still damned as intrusive and sinister. The controversy-ridden company quickly took the disclosing blogpost down.

David Venable, vice president of cybersecurity at Masergy and former intelligence officer at the National Security Agency told SC that “This is just the tip of the amount of user data that's being inappropriately stored and analysed by private companies.  Hopefully this payout will serve as a disincentive for other companies who are currently employing these practices, or thinking about doing so.”