Personally identifiable data is being swept up via Bose's wireless headphones.
Personally identifiable data is being swept up via Bose's wireless headphones.

Audio equipment manufacturer Bose was sued in a federal court in Chicago earlier this week for selling user data without permission, according to a report on BlastingNews.

The charge claims that personally identifiable data is being swept up via Bose's wireless headphones and sold to third parties which further distribute it.

The audio manufacturer is charged with "listening in" to its customers' information via a number of its high-end headphone offerings.

The lawsuit claimed that Bose collected data on a headphone user's listening habits  – including names and titles of music, podcast, as well as audio tracks being played through the device – along with Bose's mobile app Bose Connect.

The suit alleges that this data is tagged to the user's unique identifiable serial number and sold to third-party data firms, such as the customer data platform, Segment, according to the BlastingNews report.

The law firm working on behalf of the plaintiff said the data being gathered constitutes wiretapping and runs afoul of federal wiretap law. The gathered data – e.g., perhaps a controversial podcast – could be used against the user, the law firm stated.

However, the case might prove challenging for the plaintiff, depending on the end user license agreement.

“Bose is not alone here," Bob Noel, director of strategic relationships and marketing for Plixer International, told SC Media on Thursday.

A recent webinar reviewed how several companies are stealing personally identifiable information (PII) from their customers, Noel told SC. "One important part of the equation to understand in this case is whether or not there is an end user license agreement (EULA) outlining the PII that Bose is taking. In many cases the EULA you agree to when you download an application gives the manufacturer the right to collect and/or sell that data."

An important factor to consider is whether consumers have the ability to verify the data collected aligns to what was agreed upon when the EULA was accepted, Noel said. "In many cases, this can be difficult because the data collection occurs across an encrypted tunnel. You know data is being collected, but as a consumer, it is impossible to verify what data is being taken, and what the manufacturer is doing with that data.”