On February 6, 2017, the FTC announced that it has agreed to settle charges that VIZIO, Inc. (“VIZIO”), installed software on about 11 million consumer televisions to collect viewing data without consumers’ knowledge or consent. The stipulated federal court order requires VIZIO to pay $2.2 million to the FTC and New Jersey Division of Consumer Affairs.
According to the complaint, beginning in February 2014, VIZIO and an affiliated company manufactured smart televisions and installed automated content recognition software that, by default, captured second-by-second information about video displayed on the televisions, including video from consumer cable, broadband, set-top box, DVD, over-the-air broadcasts and streaming devices. VIZIO then shared this information with third parties who used the data for their own purposes, including audience measurement, analyzing advertising effectiveness and displaying targeted advertising. The complaint alleged that VIZIO also provided viewers’ IP address information to data aggregators which facilitated the appending of specific consumer demographic information to the viewing data, including sex, age, income, marital status, household size, education level, home ownership and household value. VIZIO did all of this without sufficiently informing consumers that the televisions’ settings enabled the collection of consumers’ viewing data or obtaining their informed consent.
Under the terms of the stipulated federal court order, in addition to the $2.2 million payment, VIZIO is prohibited from making misrepresentations about the privacy, security or confidentiality of consumer information it collects, and must, among other things:
- prominently disclose and obtain affirmative consumer express consent for its data collection and sharing practices, including (1) the types of viewing data that will be collected, used and shared with third parties, (2) to whom the data will be shared and (3) the purposes of such sharing;
- delete relevant viewing data collected before March 1, 2016; and
- implement a comprehensive data privacy program and biennial assessments of that program.