Vizio — privacy concerns with “smart” devices are making the internet of things a focus for U.S. regulators

Vizio, a manufacturer of “smart” television sets, was sued by the Federal Trade Commission (“FTC”) on claims that the company enabled approximately 11 million televisions to collect viewing data from consumers without the consumers’ knowledge or consent. In February 2017, Vizio entered into a settlement order which requires Vizio to pay $2.2 million to the FTC and New Jersey Division of Consumer Affairs. The settlement order also required Vizio to delete all consumer data that it improperly collected. 

The FTC has vocally asserted its determination to expand its enforcement role concerning privacy and the Internet of Things (“IoT”). In a recent interview, Jessica Rich, former Director of the FTC’s Bureau of Consumer Protection, commented that “The proliferation of the internet of things has fundamentally changed the notion of privacy and security, and consumers need better tools to make informed choices over how their data is handled. Ultimately, privacy policy must be driven by market forces.”  Rich observed that some connected devices don’t even have an interface to disclose privacy policies to consumers. “As new technologies emerge, there are new types of information that need protection, including geolocation data, online credentials and content of communications.”  Rich pointed out that the dangers are no longer just data security, but a real risk of actual physical danger.  Many IoT devices, including pacemakers and automobiles, can be hacked and remotely controlled.

Other nations are well ahead of the U.S. in regulating privacy and the IoT. Canada, the EU and a number of other countries have robust laws and regulations regarding the collection, use and sharing of personal data obtained by use of smart devices. The U.S. does not yet have a solid statutory or regulatory framework for protecting such information, but the FTC has signaled its determination to drive corporate conduct by using its consumer protection enforcement powers. 

This Data Security & Privacy Alert is intended to keep readers current on developments in the data security & privacy world and in the law, and is not intended to be legal advice. If you have any questions, please call Sandy B. Garfinkel, Chair of the firm’s Data Security & Privacy Group, at 412‐566‐6868.

Share This Post

Author

Sandy Brian Garfinkel

Member - Pittsburgh