Vizio fined $2.2m for snooping on smart TV viewers

Snooping

Smart TV manufacturer Vizio has been fined $2.2 million for spying on 11 million people, after a US consumer watchdog complained it had installed data tracking software on devices without the consent of its customers.

The automated content recognition technology is able to track what is being watched at any given time, which Vizio exploited to store "as many as 100 billion data points a day from millions of TVs", according to the complaint brought by the Federal Trade Commission (FTC) on Monday.

"On a second-by-second basis, Vizio collected a selection of pixels on the screen that it matched to a database of TV, movie, and commercial content," the complaint read. "What's more, Vizio identified viewing data from cable or broadband service providers, set-top boxes, streaming devices, DVD players, and over-the-air broadcasts."

Vizio, which is one of the world's largest manufacturers and sellers of smart TVs, began fitting devices with tracking technology as far back as 2014, and even retrofitted older models remotely, which were capable of transmitting data back to company servers, according to the complaint. At no point were customers informed that their viewing data was being harvested, the FTC alleged.

The firm even sold this "mountain of data" to advertisers and third-party companies, the FTC said. Importantly, this was not just superficial information, but included a host of personal details. "The company provided consumer's IP addresses to data aggregators, who then matched the address with an individual consumer or household," explained FTC senior attorney Lesley Fair, in a blog post summarising the complaint.

Vizio said the scheme did not match viewing data with people's names or contact details, however.

Fair added: "Vizio's contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details - for example, sex, age, income, marital status, household size, education and home ownership. And Vizio permitted these companies to track and target its consumers across devices."

The FTC also alleged that Vizio made no attempts to inform customers this was happening, and although the technology had a settings menu labelled "Smart Interactivity", its program description was deliberately misleading.

"The ACR (data collection) program never paired viewing data with personally identifiable information such as name or contact information, and the commission did not allege or contend otherwise," said Vizio general counsel Jerry Huang, in a statement. "Instead, as the complaint notes, the practices challenged by the government related only to the use of viewing data in the 'aggregate' to create summary reports measuring viewing audiences or behaviours."

"Today, the FTC has made clear that all smart TV makers should get people's consent before collecting and sharing television viewing information and Vizio now is leading the way," added Huang.

Vizio were charged with engaging in unfair trade practices that violated the FTC Act and were unconscionable under New Jersey law. Vizio agreed to settle the matter on Monday by ceasing all collection of user data and promising to create transparent guidelines on future collection practices. The company was also forced to pay $1.5 million to the FTC and a civil penalty to New Jersey of a further $700,000.

Contributor

Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.