It’s why we always ask our monthly interviewees ‘what they listen to’.

Music preferences and listening habits reveal a lot more about you than just your favourite bands or artists. They are a window into your personality, ethnicity, religious views, politics, innermost thoughts and feelings – not to mention your current mood.

Bose understands the value of this information. It’s why the company allegedly purpose built an app to spy on and collect data on the listening habits of its customers and to onsell that private information to third parties.

If a court finds this to be true, it means you can no longer assume that you’re safe and alone in the space between your headphones. While you’ve been blissing out with the latest Father John Misty track, frighteningly, Bose has secretly been tracking you too.

You are what you listen to

A $5 million class-action lawsuit is being brought against Bose, the headphone and speaker giant, for breaching the United States Federal Wiretap Act and Privacy legislation by collecting and selling private information about its customers to third parties without their knowledge or consent.

Introduced in 2016, the company has been using an app named ‘Bose Connect’ – which enables listeners to remotely control particular Bose headphones and speakers from smartphones.

While it is possible to use the headphones without engaging the smartphone app (by using an audio cable or Bluetooth connection) the company actively encourages users to “get the most out of your headphones” and enjoy extra features by downloading the Bose Connect app. This is where the data collection allegedly happens.

The headphone products cited in the lawsuit include QuietComfort 35 headphones, SoundSport Wireless, Sound Sport Pulse Wireless, QuietControl 30, SoundLink Around-Ear Wireless Headphones II, and SoundLink Color II.

Why is this a big deal? 

The class action against Bose alleges that ‘Bose Connect’ was intentionally designed and programmed to secretly collect customers’ usage data, including:

• titles of music, audio tracks and podcasts
• artist and album information

A customer’s registration information (including product serial numbers, full names, email addresses and telephone numbers) along with personal music listening histories and habits are allegedly collected by Bose, allowing the company to put together detailed profiles about its customers.

According to the complaint, listeners are not given a notification or warning that their usage is being monitored and collected in real time and there is no disclosure that listener’s data, along with other personal identifiers, is automatically sent to third-party companies—including a data miner—without its customers’ knowledge or consent.

According to the complaint:

One’s personal audio selections – including music, radio broadcast, Podcast, and lecture choices – provide an incredible amount of insight into his or her personality, behavior, political views, and personal identity. In fact, numerous scientific studies show that musical preferences reflect explicit characteristics such as age, personality, and values, and can likely even be used to identify people with autism spectrum conditions.

And that’s just a small sampling of what can be learned from one’s music preferences. When it comes other types of audio tracks, the personality, values, likes, dislikes, and preferences of the listener are more self-evident. For example, a person that listens to Muslim prayer services through his headphones or speakers is very likely a Muslim, a person that listens to the Ashamed, Confused, And In the Closet Podcast is very likely a homosexual in need of a support system, and a person that listens to The Body’s HIV/AIDS Podcast is very likely an individual that has been diagnosed and is living with HIV or AIDS. None of [Bose’s] customers could have ever anticipated that these types of music and audio selections would be recorded and sent to, of all people, a third party data miner for analysis.”

If the allegations are accurate, this not only violates the privacy rights of consumers but also a number of Federal and State laws in the United States, including the Federal Wiretap Act. According to the complaint:

[Bose] never obtained consent from any of its customers before intercepting, monitoring, collecting, and transmitting their Media Information. To the contrary, [Bose] concealed its actual data collection policies from its customers knowing that (i) a speaker or headphone product that monitors, collects, and transmits users’ private music and audio tracks to any third party—let alone a data miner—is worth significantly less than a speaker or headphone product that does not, and (ii) few, if any, of its customers would have purchased a Bose Wireless Product in the first place had they known that it would monitor, collect, and transmit their Media Information.”

If Bose is found by the court to be in breach, in this case, and if similar data collection has occurred in Australia, it is likely that similar litigation will follow.

What do you think? Is music an inherently personal and private experience, or just another convenient way for companies to use our data for profit? Let us know in the comments!

The University of Melbourne is reportedly monitoring student movements around campus using mobile Wi-Fi networks, while the University of Sydney apparently matches their student online activities with demographic data to forecast which students may be predisposed to dropping out.

The idea is to assist universities in more accurately predicting a student’s study habits, boost engagement, anticipate susceptibility to failing or withdrawing from subjects and facilitate early intervention.

One of the major issues with the way learning analytics are currently being used in Australia is that students are likely not being informed about this data collection agenda nor providing meaningful consent.

Learning analytics an unreliable predictor of overall student performance

The increasing use of learning analytics among Australian tertiary institutions raises a number of possibly serious ethical, privacy and discrimination concerns.

The University of Sydney is trialling programs that combine first year student demographics from enrolment details with information about engagement during the first 6-weeks of the semester (with online materials, discussions and resources), checking how often a student logs into e-learning systems, submits assessments and attends lectures to determine if the student is at high risk of failing or dropping a course. Students identified as high risk, are contacted by phone by the university and offered additional support.

But aren’t students already under enough pressure to perform in compulsory exams and assessments without the added stress of knowing universities are tracking their every movement around campus, assessing backgrounds and monitoring engagement with online learning and group discussions?

**For the record, some of the most successful graduates have been known to spend most of their undergraduate degrees at the Uni Pub having animated discussions about current affairs rather than spending 8-hours per day in the library.

Those students who are identified as at risk or who appear to be ‘disengaged’ really don’t need the extra burden of having every move on campus watched. This type of ‘surveillance’ could well be a tipping point for many students, even those who are not thinking of dropping out.

Additionally, does learning analytics factor in the kaleidoscopic range of student lifestyles, commitments, personalities and varying study or learning styles?

Unlike high school, university students are adults and capable of self-directed learning. Most students have a range of responsibilities that extend beyond the realm of campus life and which have no bearing on their capacity to complete a degree. For example:

• What if you work in an office job and physically cannot attend lectures but are still able to catch up on recorded materials, readings and complete the required assessments at night?

• What if you are a single mum who puts in enough hours to pass each unit but cannot commit to attending every tutorial or actively participating in online content or discussions?

• What if you are suffering from study burn out, and take a few weeks off to regroup, but have no intention of stopping your course of study?

• What if you are an international student with English as your second language and don’t feel comfortable regularly participating in online discussions but are still able to excel at assessments?

Under the learning analytics scheme, the behaviour of students who happen to not spend much time on campus or participate in online discussions may raise a number of red flags that trigger unnecessary or inappropriate university intervention.

For students already balancing a number of competing life priorities (as most do), this additional expectation which requires students to be seen to be studying according to the university’s preconceived idea of a model student has the potential to cause harm. 

It’s a strategy that could result in a negative study experience for many students. Aside from the potential to undermine personal rights and cause damage to student morale and wellbeing, the continued use of learning analytics is likely to erode student confidence in higher education institutions.

Student privacy rights

Now, this whole justification for improved student retention probably sounds a bit odd or, more to the point, an invasion of privacy.

In the light of the recent Federal Court case Privacy Commissioner v Telstra Corporation Limited [2017], it would seem that if data collected in the learning analytics process is ‘about an individual’ then it is governed by Australia’s privacy laws.

The digital tracking process involved with learning analytics is certainly focused on monitoring the behaviour and performance of individual students (potentially including student IDs) with a view to ultimately identifying those individuals who may be predisposed to dropping out.

According to Australian privacy legislation, this means that universities should be obtaining the consent of every student before they collect and use individual student data.

What does the recent Privacy Commissioner v Telstra case mean?

The Privacy Act 1988 places limitations on the collection of personal information and provides everyone with a range of privacy rights, including the right to know about, and the ability to access, information that is being held about them.

‘Personal information’ is defined in the Privacy Act as:

information or an opinion (including information or an opinion forming part of a database), whether true or not, that is recorded in a material form or not, about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion.”

This case focused on whether anonymous mobile network data, including phone network information such as the IP address, URLs visited on the account, cell tower locations during web use, and data on inbound calls was ‘about’ a person.

The Federal Court decided that the data Telstra holds about customers is only ‘about’ a person when it is linked to other data, which makes it possible to ascertain that person’s identity. As such, the data in question could not be considered ‘personal information’ for the purposes of this case.

While some analysts consider the outcome of the case to be a poor result, it seems clear that this appeal concerned only a narrow question of statutory interpretation which was whether the words ‘about an individual’ had any substantive operation. It was not concerned with when metadata would be considered to be about an individual.

So what does this mean for universities using learning analytics?

Linking students’ online activity to demographic data through learning analytics without permission surely leaves universities that employ learning analytics at risk of being found to breach the Privacy Act.

Such data seems to fall within the scope of ‘personal information’ when compared with the circumstances of the Privacy Commissioner v Telstra case above. Here your identity ‘is apparent and can be reasonably ascertained’ from the learning analytics process.

Unlike Privacy Commissioner v Telstra, in some instances, the data universities are collecting isn’t anonymous. Data linkage isn’t just a hypothetical here, it’s the whole rationale.

To me, this feels like an invasion of privacy masquerading as an altruistic concern for the ‘student experience’. Until we have a case that tests this hypothesis, we will just have to live with the uncomfortable feeling that we are being watched and are helpless to do anything about it.

That is, until, someone decides to make a complaint to their university or to the Privacy Commissioner.

What do you think? Is data collection on university students justifiable, or a clear invasion of privacy? Let us know in the comments!