Your TV May Be Watching You, Too
VIZIO allegedly used 11 million televisions to collect data on its customers, and now it must pay. The TV maker agreed to pay $2.2 million to settle a case with the Federal Trade Commission (FTC) and the New Jersey attorney general’s office after being accused of collecting—and selling—data about its customers without their knowledge or consent.
According to the FTC’s compliant, VIZIO’s smart TVs captured “second-by-second” information about the pixel display, which the agency says VIZIO ran through a database capable of matching the pixilation to the corresponding television, movie, or commercial content. The FTC further alleged that VIZIO collected customer IP address information that, with the assistance of a data aggregator, allowed the company to link customer viewing habits with information about the viewers themselves, including sex, age, income, marital status, household size, education, home ownership, and household value.
VIZIO will delete all viewing data that it had collected prior to March 2016, under the terms of the settlement order. It must also prominently display its data collection and privacy policies—including the type of data it will collect, how it will use or share that data, and with whom it may share that data—to consumers, as well as create a program to ensure compliance with its data privacy policies.
The VIZIO case highlights the importance of providing thorough consumer disclosures. The extent to which consumers reasonably expect that information concerning their location, demographics, and viewing habits will be recorded and used for various purposes by television and streaming device manufacturers, software developers, and the advertising industry remains unclear.
The Internet of Things (IoT) holds many potential benefits for consumers, but some see privacy and security concerns, which in turn could lead to increased oversight by regulators. In a concurring statement, Acting FTC Chairman Maureen Ohlhausen observed that this is the first instance in which the FTC has alleged that individualized television viewing activity constitutes “sensitive information,” and indicated that further FTC consideration may be necessary to clarify what practices cause “substantial injury” to consumers and are considered unfair practices under the Federal Trade Commission Act.
The FTC continues to engage in matters concerning privacy and security, including those affecting the IoT industry. Just recently, the FTC announced its IoT Home Inspector Challenge—a contest inviting the public to develop a tool capable of mitigating security vulnerabilities caused by out-of-date software in IoT devices. IoT device manufacturers, distributors, and retailers should routinely evaluate their privacy and security practices in light of continuing regulatory developments in this area.