back to article Turn me up some: Smart speaker outfit Sonos blasted in complaint to UK privacy watchdog

Sonos stands accused of seeking to obtain "excessive" amounts of personal data without valid consent in a complaint filed with the UK's data watchdog. The complaint, lodged by tech lawyer George Gardiner in a personal capacity, challenges the Sonos privacy policy's compliance with the General Data Protection Regulation and the …

  1. My-Handle

    <quote>"has never and will never sell" any of its customers' data</quote>

    Ah, the Facebook email password excuse. "Yes we collect it, but we don't save it. And even if we do, we don't do anything with it...".

    The point of GDPR is to stop companies collecting data like this in the first place. As far as I remember, explicit consent is required for data collection and provision of services should not be contingent on consent.

    1. A Non e-mouse Silver badge

      The point of GDPR is to stop companies collecting data like this in the first place

      This premise goes back to the original Data Protection acts: Only collect what you need to.

      People are "blaming" GDPR for a lot of things but the fundamentals were in earlier acts in the UK.

    2. I ain't Spartacus Gold badge

      As far as I remember, explicit consent is required for data collection and provision of services should not be contingent on consent.

      Actually, it's a little more subtle than that. As stated above, only collecting what you need was already in the old data protection act - as was quite a bit of the consent rules.

      But the GDPR doesn't actually want you asking for consent for everything. Consent has to be optional - refusal isn't supposed to kill the service. So you're supposed to use the consent model to gain data to use for optional extras like marketing of the company's other services and personalisation.

      Where consent breaks the product/service on offer you're not supposed to ask for it. That's supposed to be in the legitimate interests bucket - and you're supposed to just tell the customer what data you're gathering and why - with most of the details in the privacy policy. That's where the "take-it-or-leave-it" consent is supposed to come from, with consent forms for the extras only.

      1. Cynical Pie

        Explicit consent only applies to special category data (sensitive PD as was under the old act with a couple of extra bits like biometrics) but for uses of 'normal' category data assuming you don't have another condition for processing and you are going with consent then you need 'informed' consent i.e. make people aware of what they are consenting to and why.

        Its at that point you need to provide the ability to opt out.

        This is why the vast majority of data controllers are avoiding consent like the plague as they often have another basis for processing anyway.

      2. Graham Triggs

        It seems to be more a problem that Sonos is trying to simplify having a single set of terms and conditions.

        In reality, the system probably doesn't collect any more information than necessary - if you get one of the smart speakers, and want to use the assistant functionality, then there is obviously voice recordings and data associated with that which needs to be collected. But a Sonos Connect or Amp isn't going to do that.

        Similarly, they recently introduced functionality to present you with a recently played list. But in order to do that, they need to collect the information on what you have played. By default, this functionality is DISABLED, and you have to opt in to the data collection in order to use that functionality.

        Which all leads me to believe that there is a gap between the overall consent that you are giving for the terms and conditions, and the data that is actually collected based on what you opt in to use.

      3. Lusty

        "Where consent breaks the product/service on offer you're not supposed to ask for it."

        I am the one who raised the original issue in 2017 and I can assure you that's not correct. At the time none of the products I had purchased collected recordings of my home. Sonos then retrospectively added that functionality and updated the terms. That's not OK and I had not consented to being spied on. For this reason, they DO need to collect permission individually for individual services.

        Keeping recordings is not necessary to make voice control work anyway and so would (should!) not break anything and Sonos should not be asking to keep the recordings. In fact, they don't need to keep ANY of my information in order for a wifi speaker to work. They might need to keep my name and serial numbers to register ownership for warranty purposes, but literally everything else I don't give consent for and is therefore illegally being collected.

        You can't design a "need" into a service, it has to be a legitimate requirement for the product to work, otherwise privacy law wouldn't work at all.

  2. Andy Non Silver badge

    Makes mental note...

    Don't buy any Sonos equipment.

    1. Zog_but_not_the_first
      Meh

      Re: Makes mental note...

      Overrated tripe in any case.

      1. MrXavia

        Re: Makes mental note...

        All smart speakers are pretty crappy, and if you buy one type, they don't work with anyone else's eco system so you are locked in...

        Sonos were even worse though, because their soundbar wouldn't even do 5.1 surround sound unless you had a TV capable of outputting the surround on the optical out, which most TV's couldn't when I brought my TV, so it would 'fake it'!

        Smart speakers are a great idea, I have a few of them myself, but even though I chose the best I could find, they are still just good pieces of hardware with crappy software!

        1. Lusty

          Re: Makes mental note...

          Sorry, which ones are "good pieces of hardware"? Sonos sound quality isn't a patch on even cheap hifi's from the 1990's. They are convenient, but to say either the hardware or software is high quality is simply not true.

    2. }{amis}{
      Thumb Down

      Re: Makes mental note...

      They lost a sale to me with the terms release I was considering buying their gear but saw those terms and instead opted for a Sony speaker bar with no internet functionality.

    3. I ain't Spartacus Gold badge

      Re: Makes mental note...

      My brother's got Sonos gear. And it's expensive, but does sound decent, is easy to use and works for how he wants to use it. They're all doing separate jobs round the house, but can be paired up to the telly for surround sound home cinema goodness, or set-up in pairs in the kitchen, dining room and garden for party music (80s in the kitchen with Mum, horrible in the garden with the kids).

      Not cheap, and could be done as well in other ways, but maybe not as easily to use. Does link up nicely to the phones, and family PC, and guests can play music from their phones too.

      On the other hand, seemingly every time I go round, I have to update the app. And the speakers seem to want a firmware update every 5 minutes as well. Which rather ruins the easy to useness - but then I suppose you notice that less if you're using them every day.

      It's not what I'd choose, but I can see the point of them. But changing the privacy policy and effectively bricking devices if you don't agree is not good. Given they're virtually useless without the apps. And it would take a lot for me to ever trust them now, I'd no longer recommend them. But then any IoT kit that dies without the company maintaining servcers and apps makes me very suspicious.

      1. MrXavia

        Re: Makes mental note...

        "But then any IoT kit that dies without the company maintaining servcers and apps makes me very suspicious."

        That is so true, most IoT tat needs a server, I specifically chose Samsungs Smart Things purely because their hub works while offline and has battery backup for power cuts so connected smoke alarms etc will still communicate over the house! I still don't expect their app to keep working with the hub forever, eventually they will do what Samsung always do which is to bring out a new app that breaks functionality!

        1. Anonymous Coward
          Anonymous Coward

          Re: Makes mental note...

          I've got some wireless (not Bluetooth) pucks that I plug in to the hifi upstairs and downstairs. I only use them to play music on my Mac via Airplay and they don't seem to mind being locked out of the internet via the router's firewall. Given that they work OK I don't see much reason to update them unless Apple messes with Airplay.

    4. Korev Silver badge

      Re: Makes mental note...

      I'm the very happy owner of a Naim Mu-so, the only problem I have with it is that the poor sound insulation at Korev Towers means I can't use it to its full potential without the neighbours getting upset...

    5. Roopee Bronze badge
      Meh

      Re: Makes mental note...

      I made that same mental note, and the more pertinent one (from Sonos' point of view) to actively advise people against buying Sonos, when I had the pleasure of setting up a Sonos system for a client and noticed the non-optional agreement to their unacceptable T&Cs.

      Personally I use normal hi-if speakers with amps and network streamers that don't need to connect to the Internet unless to access streaming services, and can be controlled by non-proprietary DLNA apps or AirPlay. Some even have 'legacy' IR remotes, and even, gasp, real knobs and buttons. Slightly more work to set up but no harder to use than locked-in systems, especially considering that really 'technically challenged people are not even going to consider this sort of wizardry!

  3. Wilseus
    Megaphone

    This sort of thing is exactly why I am, and always will be, sticking with hifi separates. Well, that and the fact separates sound miles better.

    1. The Pi Man

      Sonos Connect plugged into a separates system. It’s ace.

      1. Wilseus

        "Sonos Connect plugged into a separates system. It’s ace."

        Perhaps, but what will it do in that situation that a Pure A2 for £40, say, can't?

        1. Anonymous Coward
          Anonymous Coward

          Never heard of those, thanks for letting the geeks here know!

      2. RancidOrange

        NAS stores flac files linked to Sonos Connect with Naim amps and pro speakers. Much enjoyment had here.

  4. Anonymous Coward
    Anonymous Coward

    Good luck to him.

    Too much trying to get around the genuine consent to collect data IMO. I get cheesed off with those websites that don't allow a simple 'not accepted' but divert you to pages of how to jump through hoops to prevent it on each of your devices, plus here's a list of links to places that also grab info from here, you can go try to deal with them too if you can manage to find out how.

    1. Alan Brown Silver badge

      "websites that don't allow a simple 'not accepted' but divert you to pages of how to jump through hoops "

      The ICO needs to make a statement about those - along the lines of taking off and nuking them from orbit.

      Although I suspect that will come from mainland European data privacy regulators. The ICO is quite deliberately choked of funding to limit its effectiveness

  5. Aristotles slow and dimwitted horse

    Lol Sonos...

    Overpriced and overrated. I demo'd Sonos and then Musicast by Yamaha. What I liked about Musicast was that not only was it 1/2 the price of the Sonos stuff, but that it sounded much MUCH better, and that it is baked into their separates by design.

    As a company Sonos remind me a bit of Beats headphones, and a pair of Crocs - i.e. for middle class people with no taste in musical fidelity... or shoes.

    1. Wellyboot Silver badge

      Re: Lol Sonos...

      Sonos is just another brand for people who conflate price & marketing twaddle with actual quality.

      1. I ain't Spartacus Gold badge

        Re: Lol Sonos...

        I don't think Sonos' customers care about sound quality. So long as it's not awful, and they're OK.

        They're after ease of use. It doesn't sound awful, and that's enough for most people - who want music on in the background at parties or in family kitchens. And like the ability to control from an app, and move stuff around easily.

        Few people sit down and really listen to music, such that the quality is going to matter to them. For most people it's stuff on in the background while they get on with other things.

        1. Is It Me

          Re: Lol Sonos...

          Sonos also sell the Connect, which plugs in to your own amp etc. to provide quality that is supposed to be as good as the file format the music is stored in.

          My ears are too cloth like to tell anyway.

        2. Alan Brown Silver badge

          Re: Lol Sonos...

          "They're after ease of use"

          Sonos doesn't even win there. Seriously.

  6. Doctor Syntax Silver badge

    "We take the privacy of our customers extremely seriously and our privacy policy is aligned with the latest legislation."

    Where have I heard that "aligned with the latest legislation before". Oh, yes, Paypal justifying, as they think, sending your login ID to every merchant you buy from. A carefully crafted phrase to mean nothing but look, as they think, persuasive. Neither of their thoughts are convincing and it doesn't read any better coming from Sonos.

    1. Shadow Systems

      "We take your privacy seriously."

      Every time I hear some corp say shite like that I wish a big red X would appear behind them & a very loud buzzer would go off in classic game show style of "EEEENG! Wrong Answer!".

      Bonus points for a donkey to back in, rear up, & smash-kick them in the crotch so hard it sends them flying & flailing in pain.

      I'm so fekkin' tired of buzzword bingo bullshite that it makes me want to start hurting the cockwombles that spew it..

  7. Chris G

    We take

    The privacy of our customers as much and as often as we can, we take this very seriously.

    Similarly a majority of Googles android apps don't work when you deny the absurd permissions they ask for, in theory you have paid to use them when you bought the phone with android installed. So in my case maps, compass, pedometer and a raft of other handy apps don't function.

  8. NATTtrash
    Coat

    You're getting old...

    You know that you're getting old when you do remember buying equipment that didn't require any registration, monthly fees to ensure continued operation, were for you to (decide what to) do with, didn't stop functioning (optimally) past a predetermined OEM set EXP date, allowed easy battery exchange, allowed repair (has screws in stead of glue?) to start with anyway, didn't require (or even has) an app, needed no (unrestricted) net access to be able to function, or required a DNA and pee sample before you were allowed to buy it in the 1st place...

    'We didn't ought to 'ave trusted 'em. I said so, Ma, didn't I? That's what comes of trusting 'em. I said so all along. We didn't ought to 'ave trusted the buggers. But which buggers they didn't ought to have trusted Winston could not now remember.

    1. Tikimon
      Devil

      Re: You're getting old...

      The usual context of "You know you're getting old..." implies a tired old habit-bound creature who can't handle change. Sometimes, yes, but not for most current technology trends.

      Where technology is concerned this means us old farts have accumulated WISDOM through those years of experience. We've lived through planned obsolescence in cars and can spot it in tech design. We've seen manufacturers try to lock us in to proprietary products before. The sordid marketing tricks, half-ass design and poor customer support is nothing new to us.

      You know you're getting old when you have wisdom and historical perspective. Fresh-faced little fanbois can jump on Shiny New if they want, they'll definitely feel smug about their gullibility and make ignorant jokes about those of us too wise to fall for marketing ploys. Poor things, they'll learn one day.

  9. Captain Hogwash

    I hope this guy wins

    It's for exactly this Sonos data slurpage that I now use my speakers as just speakers with Raspberry Pis (running LMS/Squeezelite) plugged into the aux sockets. It does the same job just as well. As the Sonos speakers reach EOL (they don't last forever) they will be replaced by dumb speakers.

    1. rfrazier

      Re: I hope this guy wins

      I used to use LMS/Squeezelite. I moved to MPD/snapcast. It also plays sync'd. It can also play to phones and tablets (Android). Nice opensource control programs (F-droid). So I use old tablets to control and play (to old active speakers) in the shed and workshop. I run the server (snapserver) on my ODROID-HC1 NAS, and snapcast on x86 computers (linux / amp and speakers), RPI (integrated amp and old speakers), tablets, and phones. It is nice to be able to re-purpose old gear.

      Best wishes,

      Bob

      1. Captain Hogwash

        Re: I hope this guy wins

        I looked into MPD but it absolutely killed the WLAN. Glad it works for others though.

    2. Headley_Grange Silver badge

      (they don't last forever)

      @Capt. H: software aside - why don't they last forever? My hi-fi bits are mostly 30 years old (Rega, Cyrus, Castle) and the Cyrus II/PSX were already second hand when I bought them in 1990. They all work fine - the deck gets a new stylus when it needs it and I changed the belt (for the first time) about 2 years ago.

      My radios from the 60s/70s all work fine and the Ferguson one I've owned since 1978 has never needed a repair other than contact cleaner in the vol pot and a bit of sticky tape to hold the battery cover on. My guitar amp is probably late 70s and that's on its original speaker. Even my Sinclair Scientific still works, although the on-off switch is a bit dodgy, just like it was when first made over 40 years ago.

      So, assuming you're not talking about the SW- why don't you think that the Sonos speakers will last forever? Serious question.

      Also - thanks for your post because it's just made me think about using a Raspberry-Pi for Airplay - which means I've got something to do until the weather perks up and it's warm enough to go outside. Cheers.

      1. Captain Hogwash

        Re: (they don't last forever)

        An update bricked the first one I bought so, as you say, probably a software thing. I was never able to get it working again and it was several years out of warranty so that was the end of that.

        1. Headley_Grange Silver badge

          Re: (they don't last forever)

          @Capt. - understood.

          Airplay on Raspberry Pi got too difficult too quickly. I’d need to buy a monitor, keyboard and mouse too - which I can’t be arsed to do, nor find the space for. I just assumed I could plug it into a Macbook and programme it from there. Oh well - at least I know the option's there.

          1. Daniel 18

            Re: (they don't last forever)

            Surely if you have a macbook you can open an xwindows session between the pi and an X server on the mac, and use its screen, mouse, and keyboard?

            1. Headley_Grange Silver badge

              Re: (they don't last forever)

              Thanks Daniel. Your post prompted me to do a bit more "research" and it looks like it might be possible to get started without monitor and keyboard - so I'll have a go.

              Have a good weekend.

  10. Blockchain commentard

    Makes a mockery of 'smart' since it's the smart users who rail against them. Can't Sonos just make a dumb, connected by cable/Bluetooth speaker system? You know, how manufacturers used to make quality speakers.

    1. Headley_Grange Silver badge

      Bluetooth

      @BC: I had a QED Bluetooth receiver to play from my Mac to the HiFi - one of the very early ones. When it worked it was OK - but there were lots of problems with connectivity and audio quality till I just got fed up and binned it. The HiFi is only across the room so in the end I just trailed a cable until I started using AirPlay.

    2. File Not Found

      In effect they do - I use one of their Play5s (8 years old now) via line-in as a dumb speaker for my cinemainashed, with the advantage that I can wirelessly connect a stereo pair....On the whole I agree that hifi it’s not, but the system works well and is handily mobile, and their customer support for occasionally challenged elderly nontech users is brilliant, even if their PR/dataslurp dept is obviously industry standard.

  11. adam payne

    "We take the privacy of our customers extremely seriously and our privacy policy is aligned with the latest legislation."

    Yawn

    1. spold Silver badge

      We take the privacy of our customers extremely seriously

      Whenever you see this, you can be assured that the marketing department added it to paper over the myriad of travesties they have still to think of in respect of your data... and no-one else in the company gives a flying-fuck about your privacy... and they don't understand it anyway,

      Got a complaint? We are turning our speaker up! La la la la la!

  12. Anonymous Coward
    Anonymous Coward

    razer needs taking to court as well

    razer requires an online account with unknown amount of slurping

    just to use a fucking mouse, it forces you to connect to it's cloud shit.

    And there fucking excuse "It adds value to people who go to competitions" as they can just connect to the cloud to get there mouse config.

    yep, forced due to helping 0.0000001% of users

    Fuck em

  13. Detective Emil

    Whoops, they did it again

    Sonos has just introduced a "recently-played" feature with storage on their own servers. It requires email-based login and acceptance of Ts&Cs. Happily, ignoring the nag does not stop anything working. However, Sonos equipment is very naggy, so I may not be safe for long. The devices are perpetually whining about updates that usually provide noticeable new functionality only to newer equipment. A recent automatic update bricked their remote control app I'd been using on an old but perfectly good iPad. (And they bricked their own first-party remote a while back.) So, low marks for continued user satisfaction: brown goods should not be so demanding.

    Besides, why on earth would they implement "recently-played" as server-based.? Because they have some nefarious use for the data, perhaps?

    1. My-Handle

      Re: Whoops, they did it again

      Your description of your Sonos gear puts me in mind of Talkie Toaster, but at least with him you could clip the wire for the speaker and still have a working appliance :)

      1. Pascal Monett Silver badge

        Or you could just buy a normal toaster and not encourage that kind of bullshit.

  14. Anonymous Coward
    Anonymous Coward

    Welcome to predatory computing, my friends!

    There were people trying to warn us about end-user digital rights but we had a good laugh at them.

  15. Gra4662

    Sonos slurp

    I am really concerned that a bad actor (not Adam Sandler) could get hold of a list of what songs I have listened to and that I have a kitchen and bedroom. Useful info

    1. Headley_Grange Silver badge

      Paranoid?

      What if Adam Sandler finds out that you listen to very loud heavy-metal music in your bedroom on Thursdays between 6pm and 8pm? He could empty your fridge without you hearing him.

  16. Friar

    Sonos is particularly aggressive with its update policy and the reasons behind this are particularly worrying. As others have stated they don't appear to be for the benefit of customers, but to increase the control and data gathering of the Sonos organisation. Customers are powerless to resist these updates, as the alternative is to lose service; if not immediately then at some point in the future.

    The issue first surfaced some time ago when Sonos issued an update that bricked their own controllers. Customers soon found that although the update was supposedly 'optional', in practice it was not. The system constantly prompts if it is not updated, and is vulnerable to anyone using the system triggering an update.

    Sonos, like other companies, relies on the fact that its users have a large investment in the system and cannot afford to refuse to go along bu opting out and junking their kit.

    Much as I like their hardware I would no longer recommend it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like