A smart TV manufacturer called Vizio has been fined $2.2m for deliberately collecting viewing habits from its devices without user permission in a case that underlines the risks of 'always-on' devices.
The case was brought jointly by the FTC and the Attorney General of New Jersey and in a US Federal Trade Commission (FTC) blog, the watchdog explains that the issue was not just the collection, but that the data was then monetised and sold on to advertisers.
The feature was described as "Smart Interactivity" and was used to "enable program offers and suggestions". But a New Jersey court decided that wasn't explicit enough to explain that this would entail the collection of a viewers' data and the fact it would be sold on.
The FTC says that up to 100 billion data points were collected from Vizio TVs every single day, and that they were matched by scraping the pixels, meaning that it was possible to identify habits not just from content fed directly to the television, but also from any device connected to it, including set-top-boxes, games consoles, optical disc players and computers.
The company told consumers nothing of all this and while the data was anonymised by name when sold, it was still collecting sex, age, income, marital status, household size, education and home ownership which, apart from being invasive in and of itself, represents data that can be turned back into identifiable information with very little social engineering.
Vizio was accused of not only adding the feature but retroactively "upgrading" TVs to include the feature through a remote update.
It has agreed to stop collecting data, destroy "most" of the data it has already collected, agree to apply for explicit consent from the consumer before any future data collection, and set in place a privacy programme to evaluate the practices of the company and anyone it deals with.
Cases like this are part of the argument for caution in dealing with the Internet of Things, as we let more and more devices with the potential to spy on us into our homes. A recent case of Mirai malware relying on a botnet of IoT devices has added to the problem, whilst just this week it emerged that 160,000 printers were hacked in a similar way.
38-year-old Alexander Vinnik faces up to 55 years in jail
Threadripper also available from today if you want a lot more power - but you'll have to wait for the motherboards to appear
Personal data belonging to hundreds of thousands of customers was stolen
Whitman to remain as CEO of HPE, while rumours swirl that she'll be taking over at troubled Uber