The FTC this week announced that smart TV manufacturer Vizio has agreed to pay $2.2 million to settle charges that it installed software on its TVs that collected data on 11 million consumers’ viewing habits without their consent.
In addition to paying the fine, Vizio is required to disclose and obtain express consent for any future data collection, to delete all data collected before March 1, 2016, to implement a comprehensive data privacy program, and to assess that program biennially.
According to the FTC and the New Jersey Attorney General’s Office, in February 2014, Vizio began offering smart TVs that captured second-by-second information about video being displayed on the devices.
The company then attached demographic information to that viewing data, including gender, age, income, marital status, education level, household size, home ownership and household value.
Vizio then sold that information to third parties for use in targeted advertising and for other purposes.
Vizio general counsel Jerry Huang said in a statement that the company is “pleased” with the resolution. “Going forward, this resolution sets a new standard for best industry privacy practices for the collection and analysis of data collected from today’s Internet-connected televisions and other home devices,” he said.
Huang added that the program never paired viewing data with personally identifiable information, and only handled viewing data in the aggregate to create summary reports. “Today, the FTC is made clear that all smart TV makers should get people’s consent before collecting and sharing television viewing information and Vizio now is leading the way,” he said.
Eve Maler, vice president for innovation and emerging technology at ForgeRock, told eSecurity Planet by email that the Vizio case demonstrates that the government is becoming more aggressive in asserting consumers’ rights to have a say in how their personal data is used and shared.
“With each gift-giving holiday and each Wi-Fi-enabled slow cooker and smart shirt entering people’s lives, these questions and concerns about the Internet of Things are only intensifying,” Maler said. “Even in the now-traditional Web and mobile worlds, consumers have become acutely aware of the threat of identity fraud and how their digital presence can be abused or misused.”
Still, a recent Blumberg Capital survey of 1,012 U.S. adults found that 45 percent of respondents admitted they wouldn’t be able to tell if they fell victim to a cybercrime without being alerted to it by a vendor or law enforcement authorities.
The most common actions taken by respondents in response to a cyber attack were to change their password (74 percent) and to contact their bank (46 percent).
Fifty-one percent of respondents said identity theft is the biggest cyber security issue facing consumers.
Just 39 percent of respondents are concerned about breaches of their laptop computers, and only 38 percent are concerned about breaches of their IoT devices such as smart appliances or smartphones.
Fifty-five percent of respondents said they believe the most important cyber security problem for businesses is securing customer information.