The FTC’s action follows on the heels of several other privacy developments related to the use of interconnected smart televisions and mobile devices. For instance, within the past year-plus, multiple television manufacturers and entertainment companies have been sued in class actions under the Electronic Communications Privacy Act, the Video Privacy Protection Act, and state privacy statutes for the alleged collection and disclosure of consumer viewing habits and other sensitive personal information without consumers’ knowledge or consent. In one such case, a class of consumers accused a television manufacturer of installing software on its smart televisions — without notice or consent — that tracks and records consumer viewing data, pairs the data with the consumer’s IP address, and transmits the packaged information to a third-party advertising company so it can be sold for marketing purposes. In other cases, television manufacturers were accused of capturing voice commands through a smart television’s voice recognition software, storing the information, and later transmitting it to third-parties. In each instance, it was alleged that the companies’ had engaged in “deceptive” acts and practices in violation of Section 5 of the FTC Act because their privacy policies supposedly did not make clear that such information would be collected, stored, and shared with third parties.
Although the technologies and data collection methods deployed in these cases vary, the FTC has expressed consistent concern over alleged deficiencies in companies’ privacy policies and notice and consent procedures. Accordingly, the FTC’s warning letters strongly caution application developers against misrepresenting their data collection practices and include a recommendation that the developers conform to FTC guidance on best practices for privacy disclosures in mobile applications.
Regulatory activity and scrutiny in the privacy area, as well as private litigation claims, likely will continue to grow at both the federal and state levels. These recent FTC actions serve as a reminder that, prior to a company introducing products and services that collect, use and/or share consumer information into commerce, the company may wish to revisit its privacy policies, data security practices, data collection and use practices, and customer notice and consent procedures to ensure they account for both the functionality of the product or service and current developments in state and federal privacy law.