On February 6, 2017, smart TV maker VIZIO entered into a stipulated Order granting injunctive relief and a monetary judgment to the FTC and New Jersey Division of Consumer Affairs. The FTC brought its claims pursuant to Section 13(b) of the Federal Trade Commission Act, 15 U.S.C. § 53(b), and the New Jersey DCA brought claims pursuant to the New Jersey Consumer Fraud Act, N.J. Stat. Ann. § 56:8-1 et seq. VIZIO and a subsidiary will pay $2.2 million to settle claims that the companies improperly tracked consumers’ viewing habits and sold this information without compensating viewers. According to the Complaint filed the same day as the stipulated Order, Vizio and its subsidiary since February 2014 continuously collected viewing data on a “second-by-second” basis without any notice to the consumer. Complaint at ¶ 14. This action comes on the heels of the FTC’s smart TV workshop this past December.
It is not entirely clear what incentive currently exists for consumers to voluntarily provide their viewing data to VIZIO given their initial smart TV purchases exist apart from any potential future relationship with VIZIO. In other words, VIZIO really has nothing new to offer for this viewing data – it can only offer something on behalf of those who buy or broker this data. Accordingly, VIZIO may act in the future as a new stream of commercials. It has already been suggested that Netflix could make billions by bringing ads to its streaming offerings.
It has been reported that over half of US households use an internet-enabled television. The VIZIO settlement with the FTC and New Jersey DCA does a great job of highlighting the peril of collecting IoT data such as TV viewing data without proper consent. Samsung and LG faced similar pressure in 2015 but that was far from a clarion call given the lack of any hefty fine.
The VIZIO resolution may actually be more similar to the major shift brought on after CardSystems was breached over a decade ago. CardSystems had no excuse for unsecurely maintaining track 2 data for its potential marketing purposes so that breach definitely helped promulgate the PCI data security standard. Similarly, the VIZIO settlement may lead to more safeguards regarding the use of IoT data. Rather than Visa or Mastercard waiting in the wings to enforce compliance we would have the FTC and state regulatory bodies. Nevertheless, such efforts will still have to garner consumer support given the backdoor of affirmative consent that still exists even after the VIZIO resolution. In other words, there may still have to be something in it for the consumer.
As previously suggested, it may finally be time for consumers to just be paid cash for their consumer data.