The recent proposed settlement of the We-Vibe privacy class action lawsuit provides helpful lessons for businesses that collect customers’ personal information.
The class action lawsuit was commenced in the United States in September 2016 and was based on claims that the defendant Canadian manufacturer of We-Vibe brand personal vibrator devices secretly collected, recorded and transmitted customers’ highly sensitive information (including date and time of device use, user-selected vibration intensity level and vibration mode or pattern, and device temperature and battery life) about customers’ use of their devices and the corresponding We-Connect mobile app (which could be used by a customer or a “connected” lover to remotely control the customer’s device). The defendant denied all wrongdoing and maintained that its data collection practices were lawful.
Privacy Law Compliance – Valid Consent
Canadian privacy laws are based on the fundamental principle that, subject to limited exceptions, an individual’s valid consent is required for the collection, use or disclosure of the individual’s personal information except where consent is inappropriate. An individual’s consent is legally valid only if it is reasonable to expect that the individual understands the nature, purpose and consequences of the collection, use or disclosure of the personal information to which they are consenting.