Dear Reader,

The slipping sands of privacy agreements have been a subject of this column before. You always hope you can write something and be done with it, as if your words have just changed the universe, but it is never that easy. The same things keep happening, so people like me need to keep writing about them.

Sonos, the company that makes smart speakers and other audio products, was in the news this month. Following along with an update to the app that controls their speakers was an update to the policy that controls the company's use of customer data. Read about it in the Verge [1]. According to the report, the privacy policy used to read:

Sonos does not and will not sell personal information about our customers. However, certain data practices described throughout this Privacy Statement may constitute a "sale" or "sharing" of data under California and/or other US state laws. See the below CA Addendum for more information applicable to CA residents. We want you to understand that information about our customers is an important part of our business. We only disclose your data as described in this Statement.

The new version for US customers does away with the first sentence that states Sonos "does not and will not sell personal information about our customers." If they hadn't been so bold and unambiguous about declaring their intention to protect personal data in the first place, they probably wouldn't be drawing so much fire for coming back later and saying "uh … never mind?" The worst part was the way the statement extended into the future, "Sonos does not and will not sell personal information about our customers," which means customers had a reasonable expectation that the policy would continue and not disappear one day. And keep in mind that the Sonos environment isn't just software. Many Sonos customers have invested thousands of dollars in high-end stereo speakers, which leaves them locked in to the Sonos system unless they want to scrap it all and start over.

Of course, because of the oddly placed caveats in the original text, it is possible that the original text didn't really mean what it looked like it meant. They say, "We only disclose your data as described in this Statement," which means, as long as they disclose how they are disclosing your data later in the disclosure, the bold "does not and will not" statement never did have any meaning in the first place. (The full privacy statement is longer than this one page, so I can't provide a full analysis of it here.) If that were the case, it would still be annoying – just a different kind of annoying.

The biggest issue for me, as a US citizen, is that they kept the clause in for other countries but took it out for us, which gets down to the question of who is the real culprit for this kind of spyware monkey business? Corporations are always going to pursue profits, even if that means acting amorally. It is up to the government to set the rules. In the US, privacy has increasingly become a game with no rules. A full-on boycott of Sonos over a one-sentence change in the privacy agreement doesn't seem likely – the Sonos board knows it, and the consumers know it. A far better scenario would be for the US Congress to do its job, like the other governments in the world, and protect its citizens from disappearing promises.

Joe Casad, Editor in Chief