There is a new truism for our era: If something can connect to the internet, it collects data. That’s true for everything from wearable fitness trackers to “smart” washing machines. But one TV company went farther than most, in collecting, aggregating, and selling your data, and now it’s in hot water with the Federal Trade Commission.
There’s big money to be had in smart, internet-connected TV sets. The companies who manufacture and sell them to you don’t just sell hardware; they also sell access to you to advertisers, and sell aggregated viewer data to giant data brokerages.
But in 2015, we learned that Vizio was going above and beyond even the standard personal data collection most smart TVs do. And worse, as far as the FTC is concerned: Vizio didn’t disclose what it was doing to 11 million consumers who bought their TVs.
So the FTC sued Vizio [PDF] in federal court, alleging that since 2014, Vizio had been manufacturing TV sets that continuously tracked what consumers were watching and that the company collected that data through software that was enabled by default.
But it wasn’t just new TVs: The complaint claims that Vizio also remotely patched several older models of TV that didn’t ship with the automatic content recognition (ACR) software so that they, too, could report back on what you were watching.
That software, the FTC continues, “captures information about a selection of pixels on the screen,” then sends it back to Vizio where the data is “uniquely matched to a database of publicly available television, movie, and commercial content.”
That applies across basically every kind of content delivery you can think of — broadcast, cable, satellite, external streaming devices, DVD players, and internet service providers. It’s up to 100 billion data points each day from more than 10 million televisions, and Vizio “stores that data indefinitely,” the complaint continues.
But wait, there’s more! The complaint continues: Vizio’s ACR software “also periodically collects other information about the television, including IP address, wired and wireless MAC addresses, WiFi signal strength, nearby WiFi access points, and other items.”
Now if you put that together with data acquired from third parties — as Vizio did, the complaint continues — and you’ve suddenly got an incredibly robust picture of who is watching what, where, and when.
That level of granular data collection and matching is not itself unlawful… but doing it without notifying consumers or getting their consent is, as is holding on to the data indefinitely.
And so now, under the terms of the settlement [PDF], Vizio will be paying fines to both the FTC and the state of New Jersey for these shenanigans. The money breaks down as $1.5 million to the FTC and $700,000 to the New Jersey Division of Consumer Affairs, plus some extra for attorneys fees.
Vizio also has to update its disclosures, “separate and apart” from its privacy policy and terms of use, to “prominently” share what types of viewing data will be collected, used, and shared; with whom; and to what purpose. Data collected previous to March 1, 2016, also has to be destroyed, unless the consumer consents for Vizio to keep it.
[via the Federal Trade Commission]
by Kate Cox via Consumerist