Key Takeaways:
- Texas Attorney General Ken Paxton launched lawsuits against five television manufacturers for alleged privacy violations through automated content recognition (ACR) technology.
- The lawsuits claim that Sony, Samsung, LG, Hisense, and TCL Technology Group Corporation unlawfully collected and monetized consumers’ television-viewing data through ACR tech installed into smart TVs.
- The legal action is part of a broader privacy enforcement crackdown by Texas, highlighting concerns about data collection practices and national security risks.
- ACR technology allows smart TVs to monitor consumers’ television screens in real time, including content viewed through cable boxes and other HDMI-connected devices.
- The lawsuits raise concerns about China-based companies’ access to U.S. consumer data, with Hisense and TCL being owned by Chinese companies.
Introduction to the Lawsuits
Texas Attorney General Ken Paxton launched a series of lawsuits in December 2025 targeting five television manufacturers for their alleged privacy violations through the use of automated content recognition technology. The lawsuits claimed Sony, Samsung, LG, Hisense, and TCL Technology Group Corporation unlawfully collected and monetized consumers’ television-viewing data through ACR tech installed into smart TVs. The legal action is part of a broader privacy enforcement crackdown by Texas, but it also marks a notable shift in the U.S. state enforcement landscape beyond common data collection practices. Paxton argued ACR enables smart TVs to monitor consumers’ television screens in real time, including content viewed through cable boxes and other HDMI-connected devices.
ACR Technology and Privacy Concerns
Paxton’s office obtained temporary restraining orders against Hisense and Samsung, halting certain ACR-related data collection practices in Texas. The orders reflect aggressive state-level interventions against embedded tracking technology in consumer devices. Paxton claimed the data collected by the embedded trackers was sold to data brokers for advertising purposes, opening the door to cybersecurity and national security risks. The lawsuits particularly highlight concerns about China-based companies’ access to U.S. consumer data. Hisense and TCL are owned by Chinese companies. A major concern highlighted by Texas’ enforcement actions is ACR technology’s ability to identify content displayed on a television screen using audio or visual "fingerprinting," which is then matched against large databases. ACR could allow manufacturers to capture viewing data from streaming services, live television, and external devices.
Challenges to Traditional Assumptions
ACR challenges traditional assumptions about consent and transparency in consumer data collection. "Like so much in privacy, it boils down to a consumer’s reasonable expectation of privacy," Frankfurt Kurnit Klein and Selz Associate Andrew Folks, CIPP/E, CIPP/US, CIPM, FIP, told the IAPP. He said consumers may expect content subscriptions such as streaming services to track viewing behavior within a given app; however, "they might not expect manufacturers to collect information about what they are watching through their DVD player or HDMI port, as ACR enables." The lawsuits alleged smart TV manufacturers did not adequately provide meaningful notice about this scope of monitoring and instead focused on disclosures during the device’s setup. Folks noted onboarding processes have posed problems across connected devices. According to Folks, grouping consent during device setup "has been an issue since the early days" of connected devices. ACR opt-ins may be combined with essential features required to use the television, which brings questions about meaningful consent.
Texas Deceptive Trade Practices Act
Paxton claimed companies’ use of ACR mechanisms violated the Texas Deceptive Trade Practices Act, which has become one of Texas’ commonly used privacy enforcement instruments during its expanded privacy and data security enforcement initiative. The DTPA was applied in privacy cases that led to a USD1.4 billion settlement with Meta in 2024 and a USD1.375 billion settlement with Google last year. "What Texas has demonstrated is that states have a deep bench of statutes they can leverage to address ACR practices," Folks said, with deceptive practices laws offering clearer enforcement pathways and broader remedies than comprehensive privacy frameworks. The lawsuits highlight the importance of state-level enforcement in addressing privacy concerns and the need for companies to be transparent about their data collection practices.
Technical Limitations and Implications
The complaints by Paxton’s office argued data collected by Hisense and TCL could be subject to China’s National Security Law, which can compel companies to share data with the government. Nonconsensual sharing is one issue, but potential sharing with a foreign adversary brings greater concerns around surveillance of U.S. citizens. However, the risks should be understood within the technical limits of how ACR systems function. Alva Strategy Center Principal founder Aaron Alva said the TROs are feasible to implement at a technical level. "Typically, they can take the IP address, which is also another data element that might be a part of what’s being collected, and take the IP addresses that are generally in the geographic area of Texas, and then decide to turn off that data collection remotely from their servers," said Alva, who previously spent 10 years as a technology advisor and technologist at the U.S. Federal Trade Commission. This approach may have broader implications for enforcement beyond smart TVs. Alva noted similar mechanisms could be applied in future cases involving other sensitive data types, such as real-time location data.
National Security Concerns
Despite these measures, ACR technology does not provide unlimited access to consumer devices or raw video feeds. The technology identifies content within its set parameters. National security concerns could be more focused on the collection of consumer behavioral data rather than surveillance measures. "Whenever you have sensitive data being sent to unknown actors, whether they be foreign or domestic, then that creates sensitivities when it comes to those entities," Alva said. "Being able to know more about a particular consumer and target them in ways that might cause harm can create national security issues." The lawsuits highlight the need for companies to be transparent about their data collection practices and to ensure that they are complying with relevant laws and regulations. The use of ACR technology raises important questions about the balance between consumer privacy and national security, and the need for effective enforcement mechanisms to protect consumers’ rights.
