As noted by Founder-Teterieller, Kohler Privacy Policy says Kohler may use customer data to “create aggregated, anonymized and/or anonymous data that we may use and share with third parties for our legitimate business purposes, including to analyze and improve the Kohler Health Platform and our other products and services, to market our business, and to train our artificial intelligence and machine learning models.”
In his statement, Kohler said:
If the user consents (which is not required), Kohler Health may anonymize the data and use the anonymized data to train the AI that operates our product. This consent checkbox appears in the Kohler Health app and is optional and not pre-installed.
Words matter
Kohler isn't the first tech company to confuse people with the term E2EE. In April, controversy erupted over whether Google actually provides Gmail for Business E2EE Usersbecause in addition to the sender and recipient having access to decrypted messages, people within the user organization who deploy and manage the KACL (Key Access Control List) server can access the key needed for decryption.
In general, the most important thing is whether the product provides the level of security that users require. Ars Technica Senior Security Editor Dan Goodin wrote on the Gmail E2EE debate:
“The new feature has potential value for organizations that must comply with onerous regulations that require end-to-end encryption. It is definitely not suitable for consumers or those who want sole control over the messages they send. Privacy advocates, take note.”
When the product in question is an Internet-connected camera that sits inside your toilet, it's important to question whether any technology will ever make it private enough. For many, no correct terminology could explain such a device.
However, if a company is going to market “medical” products to people who may have health concerns and perhaps limited knowledge of cybersecurity and technical privacy, that company has a responsibility to communicate clearly and directly.
“Throwing around security terms that the public doesn't understand to create the illusion of privacy and security of data that is your company's top priority is misleading to the people who bought your product,” Cross said.
