Texas AG Sues 5 Major TV Makers Over “Watchware” ACR Surveillance; New York Vetoes Health Privacy Bill (102 characters)

Want to receive these privacy recaps in your inbox each week? Subscribe here.

The Texas Attorney General filed lawsuits against Sony, Samsung, LG, Hisense, and TCL seeking up to $250,000 per consumer for allegedly collecting viewing data through Automatic Content Recognition technology without informed consent, and a temporary restraining order has already been obtained against Hisense. 

Meanwhile, New York’s governor vetoed the Health Information Privacy Act, which would have imposed strict authorization requirements for processing health data, citing concerns about overbroad obligations and business costs.

Keep reading to learn more about the news and discover my takeaways.

Note: A Little Privacy, Please, takes a seasonal break after this update, and will be back with new insights starting the week of January 6, 2026. Happy holidays!

United States

Texas AG Sues 5 TV Companies for Deceptive “Watchware”

The Texas Attorney General filed lawsuits against Sony, Samsung, LG, Hisense, and TCL based on claims that the smart TV companies’ collection, through Automatic Content Recognition (ACR) technology, and sale of consumer viewing information for advertising purposes without informed consent violates the Texas Trade Practices Act. 

The Texas AG is seeking $10,000 to $250,000 per violation (i.e., per consumer), plus permanent injunctions against each of the companies. A temporary restraining order has already been issued against Hisense, prohibiting the company from collecting personal data through ACR.

TAKEAWAY

All five complaints include nearly identical allegations, summarized below. 

Although the amount and nature of data captured, as well as the location of two of the companies in China, seem to be driving forces behind the complaints, several key lessons applicable to any company can be derived from the allegations. 

In particular, the more complex and unexpected the data collection activities are, the more important it is for disclosures to be clear, specific, and conspicuous, for choices to be easy to find and exercise, and for data collection to be limited to what is necessary to achieve the disclosed purposes. 

1. Consumer consent is not informed

All 5 companies allegedly explain ACR to consumers using “non-intuitive nomenclature” and “misleading labeling” (e.g., we may collect usage data “for the purpose of producing statistics results regarding performance of our products and services” or “if you opt-in on the Smart TV for the Viewing Information Service, you allow us to process your viewing history“), which the complaints allege doesn’t inform consumers that the ACR technology permits real-time capturing of every sound and image on their Smart TV every 500 milliseconds. 

The companies also allegedly asked for consent during forced initial setup, for example, by presenting an “accept all” button to agree to several policies at the end of a long process, which nearly all customers allegedly click to simply finish the initial setup.  

2. Privacy choices are not meaningful 

The opt-in and opt-out choices presented by all five companies were claimed to undermine the adequacy of meaningful choice because they buried privacy choices behind multi-step menus, paths, and toggles or within their End User License Agreement, required users to opt out of multiple agreements scattered across separate menus to fully opt out, and/or did not meaningfully describe the opt-out. 

This contrasts with the one-step process to opt in during the setup process. The complaints allege that these are “quintessential examples of unlawful dark patterns“.  

3. Users cannot reasonably understand the surveillance model

The companies’ disclosures were allegedly false, deceptive, and misleading because they didn’t disclose that ACR can collect viewing data from HDMI ports, cable/satellite boxes, DVDs/Blu-rays, gaming consoles, and laptops connected as monitors and used vague euphemisms for behavioral advertising (e.g., “customized content“, “personalized experience” or “personalized communications“). 

The complaints also indicated that the lack of a visual cue, such as a red light or a message advising that the TV is “recording”, meant that consumers could not reasonably infer surveillance was happening on their Smart TVs.  

4. The system defaults toward maximal data extraction

The final allegation is that the viewing data collected far exceeded what is reasonably necessary for the disclosed purposes. As examples, the complaints allege that providing consumers with “personalized content” does not require capturing ACR fingerprints every 500 milliseconds or tracking on external devices. 

Furthermore, the intrusiveness, granularity, continuity, and cross-device nature of ACR tracking conducted by companies allegedly far exceeded what was reasonably necessary to provide consumers with targeted, precise behavioral advertisements.   

United states

New York Governor Vetoes Health Privacy Bill

New York SB 929, the New York Health Information Privacy Act, which was sent to the governor for signature on December 8, has been vetoed.

TAKEAWAY

The law resembled Washington’s My Health My Data Act in many ways and was even broader in scope in some ways. Among other requirements, the law would have required “valid authorization”—a strict standard going far beyond traditional consent—to process or sell “Regulated Health Information”, broadly defined as “any information that is reasonably linkable to an individual or a device and is collected or processed in connection with the physical or mental health of an individual.” The governor cited overbroad obligations, significant costs and confusion for businesses, and impact on innovation as reasons for the veto.

A LITTLE MORE PRIVACY, IF YOU PLEASE

• CalPrivacy Issues Enforcement Advisory on Data Broker Registration
• Enforcement of Louisiana Children’s Privacy Law is Permanently Enjoined
• Noyb announces TikTok Complaints and Austrian Court Ruling Against Meta
• The 7 best server-side tagging tools for 2026: Compare features, pricing, and performance

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.