Vizio settles huge TV privacy case after spying on viewers [Updated]

Vizio will pay $2.2m in penalties to settle a huge privacy lawsuit, that alleged its smart TVs tracked millions of viewers and then sold that personal data without permission. According to the Federal Trade Commission (FTC), in a joint-complaint filed with the New Jersey Attorney General, Vizio automatically tracked what owners of its connected TV sets were watching, despite not warning viewers that the monitoring was taking place. That information was then sold to advertisers and others for a profit.

It's no small-scale problem, either. According to the FTC, Vizio began enabling the data collection by default from sets manufactured from 2014. However, it also pushed out a firmware update to older smart TVs that added them to the data collection system.

In no case, it's argued, did Vizio inform owners that it would be tracking their viewing habits. That's despite the technology being some of the most invasive you can imagine, going far beyond simply logging what the TVs' onboard tuners were set to. Instead, Vizio used complex pixel-matching to identify content from a huge variety of sources.

By comparing a set of pixels on-screen second by second, the FTC says, and comparing that to a content database, Vizio could figure out exactly what was being viewed. That's whether it was broadcast over cable or satellite, streamed from internet sources like Netflix or Amazon Prime Video, or played from a DVD or Blu-ray player. The result, it's alleged, was up to 100 billion data points each day, harvested from millions of televisions.

As you might expect, that unlocked a significant amount of personal information. Vizio sold the data to aggregators, it's said, and though they weren't allowed to identify viewers by name, there isn't much else they couldn't find out. That includes "sex, age, income, marital status, household size, education, and home ownership," the FTC says. Meanwhile, Vizio also allowed cross-device tracking.

Dubbed "Smart Interactivity" in the settings, the feature billed itself as providing custom recommendations of content to watch. The FTC argues that, in reality, it was intentionally vague, and intended to mask Vizio's actual activities. Both that, and the data collection and handling itself, go against the FTC Act.

As a result, Vizio has settled with the two organizations. It'll pay a $1.5m fine to the FTC, in addition to a further civil penalty to New Jersey. Existing data held on viewers must, for the most part, be deleted; it "has agreed to stop unauthorized tracking, to prominently disclose its TV viewing collection practices, and to get consumers' express consent before collecting and sharing viewing information" the FTC says.

Meanwhile, a privacy program must be put in place by the company, intended to evaluate what it – and its partners – are doing. Vizio will have to make clear to TV owners what they are agreeing to and, if they later change their minds, how to alter the privacy settings. In a year's time, the FTC is expecting a report from Vizio detailing exactly what steps have been undertaken to make things more transparent.

The lingering question, of course, is whether now that consumers know what has been going on, they'll ever trust their Vizio devices again. The potential for smart home technology and connected gadgets to act as a spy within the home has become a topic of increasing concern over the past few years, as such devices proliferate at a much faster rate than security technology does.

Update: This article has been updated to correct the penalty Vizio will pay, which is a total of $2.2m. Vizio also provided SlashGear with a statement on the settlement:

"VIZIO is pleased to reach this resolution with the FTC and the New Jersey Division of Consumer Affairs. Going forward, this resolution sets a new standard for best industry privacy practices for the collection and analysis of data collected from today's internet-connected televisions and other home devices. The ACR program never paired viewing data with personally identifiable information such as name or contact information, and the Commission did not allege or contend otherwise. Instead, as the Complaint notes, the practices challenged by the government related only to the use of viewing data in the 'aggregate' to create summary reports measuring viewing audiences or behaviors. Today, the FTC has made clear that all smart TV makers should get people's consent before collecting and sharing television viewing information and VIZIO now is leading the way" Jerry Huang, VIZIO General Counsel