iRobot, the Massachusetts-based company behind the Roomba, a popular robotic vacuum cleaner, recently filed for bankruptcy. While best known for its in-home use, iRobot robotic cleaning systems are also used in offices, hotels, and hospitals. The news of this bankruptcy comes after years of growing competition, rising production costs, and more recently, increased concerns surrounding rising US tariffs on imports. As part of the restructuring, iRobot will transfer to private ownership, and 100 percent of its equity will be acquired by a China-based robotics company.
iRobot was previously set to be acquired by Amazon, but the acquisition was terminated in January 2024 after both the United States Federal Trade Commission and regulators in the European Union expressed antitrust concerns. Interestingly, such issues directly related to Amazon’s potential use of iRobot’s user data. For example, part of the data collected by a Roomba and therefore maintained by iRobot includes the layout and images of a home or business where a Roomba vacuum was used. Regulators in the US and the EU expressed consumer privacy and surveillance concerns as, in theory, Amazon could combine iRobot’s home-mapping data with existing Amazon consumer data.
The acquisition of iRobot by a Chinese-based company raises similar consumer protection and data privacy worries over how iRobot’s data will be used. As a US-based company, iRobot’s use and treatment of consumer data was governed by both federal and state privacy statutes in addition to representations made by iRobot to users through its privacy notices relating to its data collection, retention, and deletion policies.
However, the acquisition by a China-based company raises concerns relating to cross-border data transfers and iRobot’s ongoing security obligations. The acquisition also presents the question of how iRobot’s data (including floorplans and pictures) may be used. iRobot maintains an app for its users to control a Roomba. iRobot’s app includes not only home and building mapping data but also Roomba usage patterns, behavioral routines, images of the environment, and app-linked personal identifiers. In the interim, Roomba users and users of any iRobot products can exercise their opt-out rights relating to how iRobot collects and uses their personal data.
Because this data is both collected and maintained in normal operations and will be transferred during the restructuring, questions arise regarding what regulatory frameworks and data transfer restrictions will be in place. Issues relate to how the data will be accessed, used, transferred, and stored—or potentially repurposed and by whom. Furthermore, if there are any changes in the processing of data, it will be vital to note whether any such changes are consistent with existing privacy notices and commitments made by iRobot. Moreover, changes in iRobot’s internal resources relating to staffing implicate heightened cybersecurity concerns for the protection of consumer data from data breaches.
Meanwhile, New Jersey, Florida, Delaware, Connecticut, and California, among other states, have implemented individual privacy statutes that create additional considerations for businesses whose data is collected by iRobot, such as the right to access or delete data. If your business has used iRobot devices and you are concerned about how iRobot’s bankruptcy filing could affect you and your data, please contact one of the authors or any member of McCarter & English’s Cybersecurity and Data Privacy team.