Texas Sues Five Major TV Manufacturers Over Smart TV Surveillance Without Consent

Bottom Line Up Front: Texas Attorney General Ken Paxton has filed lawsuits against Samsung, Sony, LG, Hisense, and TCL, alleging their smart TVs secretly spy on viewers through Automated Content Recognition (ACR) technology that captures screenshots every 500 milliseconds and sells that data to advertisers without meaningful consent—marking the latest in Texas's aggressive campaign against Big Tech data privacy violations.

Your Smart TV is Watching You: A Decade of Privacy Violations From Vizio to Texas’s 2025 Lawsuits

TL;DR: Texas Attorney General Ken Paxton’s December 2025 lawsuits against Samsung, Sony, LG, Hisense, and TCL represent the culmination of a decade-long pattern of smart TV manufacturers secretly surveilling viewers. From Vizio’s $17 million settlement to Samsung’s voice recognition scandal, the smart TV industry has repeatedly chosen profit over

Secure IoT HouseSecure IoT House

The Surveillance in Your Living Room

Texas Attorney General Ken Paxton filed lawsuits on December 15, 2025, against five of the world's largest television manufacturers, accusing them of transforming millions of American living rooms into mass surveillance systems. The companies—Samsung, Sony, LG, Hisense, and TCL—allegedly use Automated Content Recognition (ACR) technology to secretly monitor everything viewers watch and monetize that data without proper consent.

The Texas lawsuits describe ACR as "an uninvited, invisible digital invader" that can capture screenshots of a user's television display every 500 milliseconds, monitor viewing activity in real time, and transmit that information back to the company. According to the complaints, this surveillance extends beyond streaming content to include cable television, over-the-air broadcasts, gaming consoles, Blu-ray players, and any other device connected via HDMI.

"These companies have been unlawfully collecting personal data through Automated Content Recognition ('ACR') technology," Paxton's office stated in the announcement. "This software can capture screenshots of a user's television display every 500 milliseconds, monitor viewing activity in real time, and transmit that information back to the company without the user's knowledge or consent. The companies then sell that consumer information to target ads across platforms for a profit."

What Makes This Technology So Invasive

ACR technology operates like a video version of Shazam—the popular music identification app—but for television content. Built into smart TVs at the chipset level, ACR continuously analyzes both the audio and visual components of on-screen content, comparing them against massive databases to identify exactly what's being watched.

This represents the same type of invasive surveillance concerns facing all IoT devices in connected homes, where convenience increasingly comes at the cost of privacy.

What makes ACR particularly concerning from a privacy perspective is its comprehensive reach. Unlike web cookies or app-based tracking that monitor specific platforms, ACR tracks:

• All streaming services (Netflix, Hulu, Disney+, HBO Max)
• Traditional cable and satellite TV
• Over-the-air broadcast television
• External devices connected via HDMI (gaming consoles, Blu-ray players, laptops)
• DVDs and physical media playback
• Anything displayed on the screen, potentially including banking information, passwords, or private documents

Research from University College London, University of California Davis, and Universidad Carlos III de Madrid found that LG TVs send digital fingerprints to tracking servers every 15 seconds, while Samsung devices transmit data every minute. This creates a constant stream of surveillance that builds detailed profiles of viewing behavior including:

• What content is watched and for how long
• When viewers change channels or skip commercials
• Viewing patterns across different times of day
• Content preferences across all connected devices

Assess your smart home IoT security with our comprehensive risk assessment tool to understand your vulnerability to these types of surveillance technologies.

The technology raises particular alarm because it can capture sensitive information displayed on screen. "This technology puts users' privacy and sensitive information, such as passwords, bank information, and other personal information at risk," Paxton's office warned. The EU Data Act, which became applicable in September 2025, attempts to address similar concerns by giving users greater control over data generated by their connected devices.

The Chinese Connection: National Security Concerns

The Texas lawsuits place special emphasis on two of the defendants—Hisense and TCL—both based in China. Paxton's office argues that these companies' Chinese ties create heightened national security risks under China's National Security Law, which can compel companies to provide data to the Chinese government upon request.

"Companies, especially those connected to the Chinese Communist Party, have no business illegally recording Americans' devices inside their own homes," Paxton declared. "This conduct is invasive, deceptive, and unlawful. The fundamental right to privacy will be protected in Texas because owning a television does not mean surrendering your personal information to Big Tech or foreign adversaries."

The complaints against Hisense and TCL include additional allegations that the Chinese Communist Party could use ACR data "to influence or compromise public figures in Texas, including judges, elected officials, and law enforcement, and for corporate espionage by surveilling those employed in critical infrastructure, as part of the CCP's long-term plan to destabilize and undermine American democracy."

The Hisense lawsuit specifically alleges that the company "fails to disclose to Texas Consumers that under Chinese law, Hisense is required to transfer its collections of Texas consumers' personal data to the People's Republic of China when requested by the PRC."

The Consent Deception: Dark Patterns and Buried Settings

A central allegation in all five lawsuits is that TV manufacturers use deceptive practices to obtain purported "consent" for ACR tracking while making it extraordinarily difficult for consumers to opt out.

The One-Click Trap

During initial TV setup, consumers encounter a screen titled "Smart Hub Terms & Conditions" that presents four different notices with only one prominent button: "I Agree to all." According to the Texas complaints, this design pushes consumers toward accepting all tracking with a single click.

The lawsuit against Samsung details how the company "provides consumers with a one-click enrollment option to opt-in during the initial start-up process" but makes opting out require navigation through a labyrinth of settings menus.

The 15-Click Maze

To fully opt out of ACR and related ad tracking on Samsung Smart TVs, the Texas lawsuit alleges consumers must:

1. Navigate to Settings
2. Select Additional Settings
3. Choose General Privacy
4. Access Terms & Privacy
5. Find Viewing Information Services
6. Select Disable
7. Navigate to separate menus for Interest-Based Ads
8. Toggle Ad Personalization
9. Access Privacy Choices

This process involves "approximately 15+ clicks" across four or more separate menus, creating what privacy advocates call "dark patterns"—interface designs deliberately crafted to make privacy-protective choices difficult.

The contrast is striking: one click to accept comprehensive surveillance, but 15+ clicks across multiple hidden menus to decline.

Deceptive Naming Conventions

The lawsuits also challenge how companies name their ACR features, arguing the terminology obscures what's actually happening:

• Samsung calls it "Viewing Information Services"
• LG uses "Live Plus"
• Roku labels it "Smart TV Experience"
• Vizio refers to "Smart Interactivity"

None of these names clearly communicate that the feature enables continuous surveillance and data monetization. As one Texas lawsuit states: "The so-called 'consent' Samsung obtains is meaningless. Disclosures are hidden, vague, and misleading."

Texas's Pattern of Big Tech Enforcement

This lawsuit represents the latest action in Attorney General Paxton's aggressive campaign against Big Tech privacy violations. Texas has established itself as one of the most aggressive states in holding technology companies accountable for data collection practices, securing massive settlements that dwarf those obtained by other states.

Paxton has built an impressive track record:

$1.4 Billion Meta Settlement (July 2024)

Texas secured the largest single-state privacy settlement ever obtained when Meta agreed to pay $1.4 billion for unlawfully collecting biometric data through Facebook's facial recognition software. The case alleged Meta ran facial recognition on virtually every face in photographs uploaded to Facebook without users' informed consent, violating Texas's Capture or Use of Biometric Identifier (CUBI) Act.

$1.375 Billion Google Settlement (October 2025)

Texas secured another record-breaking settlement with Google for violations involving geolocation tracking, deceptive practices around Chrome's Incognito mode, and unauthorized collection of facial geometry and voiceprints. This settlement was 3.5 times larger than the $393 million secured by a 40-state coalition, demonstrating Texas's strategy of pursuing individual enforcement rather than joining multistate actions.

Allstate Data Privacy Lawsuit (January 2025)

Texas sued Allstate Corporation for illegally collecting and monetizing drivers' personal data through mobile apps and vehicle tracking technology, alleging the company's Arity subsidiary embedded tracking software into apps like GasBuddy, Life360, and Fuel Rewards without explicit consent.

TikTok Minors Privacy Lawsuit (October 2024)

Paxton filed suit against TikTok for violating privacy rights of minors and breaching Texas laws designed to protect parental authority, alleging the platform illegally harvested and shared sensitive personal data belonging to minors without proper parental consent.

Roblox Child Safety Lawsuit (November 2025)

Texas sued Roblox Corporation for allegedly allowing predators to exploit children while misleading families about safety protections, accusing the gaming platform of putting "pixel pedophiles and corporate profit ahead of safety."

The smart TV lawsuits follow this established pattern: aggressive state-level enforcement against major technology companies for privacy violations under the Texas Deceptive Trade Practices Act and other Texas consumer protection laws.

The Legal Framework: What Laws Were Violated?

The Texas lawsuits allege violations of the Texas Deceptive Trade Practices Act (DTPA), seeking substantial damages and injunctive relief. Under the DTPA, Texas can pursue:

• Up to $10,000 per violation affecting any consumer
• Up to $250,000 per violation affecting people 65 years or older
• Restraining orders prohibiting the collection, sharing, and selling of ACR data while lawsuits are pending

The complaints allege TV manufacturers violated the DTPA through:

1. Misrepresentations regarding the collection of personal information
2. Failure to disclose the use of ACR technology and its surveillance capabilities
3. Deceptive consent processes that manipulate consumers into accepting tracking
4. Inadequate privacy controls that make opting out unreasonably difficult

For Hisense specifically, Texas adds an allegation of failure to disclose that under Chinese law, the company may be required to transfer Texas consumers' personal data to the People's Republic of China when requested.

"Consumers never agreed to Samsung Watchware," one lawsuit states. "When families buy a television, they don't expect it to spy on them. They don't expect their viewing habits packaged and auctioned to advertisers."

The Business Model: How ACR Makes Money

Understanding why companies implement such invasive surveillance requires examining the economics of the smart TV industry. The lawsuits allege that TV manufacturers have transformed their devices from simple display screens into data collection platforms that generate revenue in multiple ways:

Primary Revenue Stream: Data Sales

Companies collect ACR data and sell it to advertisers, data brokers, and marketing companies who use it to:

• Build detailed consumer profiles
• Target advertisements across multiple platforms
• Track ad effectiveness and viewer engagement
• Inform content creation and distribution decisions

A 2021 report revealed that smart TV manufacturer Vizio profited more from selling customer data than from selling the televisions themselves—a business model that fundamentally redefines what a "television" actually is.

Cross-Platform Targeting

The data doesn't stay confined to TV advertising. According to the lawsuits, companies use ACR data to target consumers across multiple platforms including:

• Mobile apps
• Social media
• Web browsers
• Connected devices
• Streaming services

This creates comprehensive cross-device tracking profiles that follow consumers throughout their digital lives.

Real-Time Bidding Integration

ACR data feeds into programmatic advertising ecosystems where advertisers bid in real-time for the opportunity to show ads to specific viewer profiles. The granular viewing data—updated every 500 milliseconds—enables unprecedented precision in ad targeting.

The Privacy Implications Extend Beyond Advertising

While targeted advertising represents the obvious commercial application of ACR data, the privacy implications extend far beyond personalized commercials:

Financial Information Exposure

When consumers access banking websites or financial apps through smart TVs or connected devices, ACR technology could potentially capture account numbers, balances, transaction details, and login credentials displayed on screen.

Use our PII Risk Assessment Tool to evaluate what personal information you might be exposing through connected devices.

Healthcare Privacy Concerns

Viewers researching medical conditions, watching health-related content, or accessing telehealth services through connected devices risk having sensitive health information captured and potentially included in advertising profiles.

Political Surveillance

The ability to track which news networks, political programs, and advocacy content individuals watch creates detailed political profiles that could be exploited for manipulation, targeting, or discrimination.

Professional Espionage

The lawsuits specifically mention corporate espionage concerns, noting that ACR can capture content from laptops and other devices connected via HDMI. This means work presentations, confidential documents, or proprietary information displayed on a TV could potentially be captured. This mirrors the surveillance concerns in smart office environments, where IoT devices create unprecedented monitoring capabilities.

Domestic Situations

In households with domestic violence or stalking concerns, ACR data revealing viewing patterns could expose victims' whereabouts, support network research, or escape planning.

Historical Context: The Vizio Precedent

This isn't the first time smart TV surveillance has faced legal scrutiny. In 2017, the Federal Trade Commission and New Jersey Attorney General settled with Vizio for $2.2 million over charges that the company tracked consumer viewing without proper disclosure or consent.

The Vizio case revealed that since February 2014, Vizio manufactured and sold smart TVs (and retrofitted older models remotely) that captured detailed viewing information including content from cable, streaming services, and DVDs. Vizio attached demographic information like sex, age, income, and education to the collected data and sold it to third parties for targeted advertising.

The FTC settlement required Vizio to:

• Provide clearer disclosures about ACR tracking
• Obtain affirmative express consent before tracking
• Offer opt-out mechanisms
• Delete historical ACR data

However, the settlement focused on insufficient disclosure rather than questioning whether manufacturers had the right to track viewing in the first place—a distinction the Texas lawsuits now challenge more fundamentally.

Industry Response and Statements

Of the five companies sued, only three have provided public responses:

Sony, LG, and Hisense each issued nearly identical statements indicating they would not comment on pending legal matters.

Samsung and TCL have not responded to media requests for comment as of publication.

Notably, none of the companies have disputed the technical capabilities described in the lawsuits or claimed the characterizations of ACR technology are inaccurate. The silence on the substance of the allegations is itself telling.

How to Protect Yourself: Disabling ACR

While the lawsuits work their way through the courts, consumers can take steps to limit smart TV surveillance by disabling ACR features. However, as the Texas complaints detail, manufacturers have made this deliberately difficult.

Samsung TVs

Navigate through Settings → Additional Settings → General Privacy → Terms & Privacy → Viewing Information Services → Disable. Also separately disable Interest-Based Ads and Ad Personalization in Privacy Choices menus.

LG TVs

Access Settings → General → System → Additional Settings → Live Plus (or AI Service on newer models) → Toggle off.

Sony TVs (Google TV Platform)

During setup, choose "Basic TV" instead of "Google TV" mode, or navigate to Settings → Privacy → Ads → Delete advertising ID and disable personalized advertising.

Roku TVs

Settings → Privacy → Smart TV Experience → Uncheck "Use info from TV inputs." Separately manage ad personalization through online account privacy settings.

TCL and Hisense

These typically use Roku OS or Google TV—follow the respective instructions above.

Nuclear Option

For maximum privacy protection:

1. Factory reset your smart TV
2. Never connect it to the internet
3. Use an external streaming device (Apple TV, Roku stick) for streaming content
4. Keep the TV itself as a "dumb" display

This approach ensures ACR technology cannot transmit data even if enabled, though it sacrifices smart TV features.

What This Means for Consumers

The Texas lawsuits raise fundamental questions about consumer expectations and corporate accountability in the connected device era:

The Death of Privacy in the Home?

If upheld, these lawsuits would establish that consumers have not implicitly consented to comprehensive surveillance simply by purchasing and using modern televisions. The outcome could set precedent for privacy expectations across all IoT devices.

The True Cost of "Smart" Features

When a TV costs $500 but generates more profit through data sales than device sales, consumers aren't buying a product—they're becoming the product. The lawsuits force confrontation with this business model.

Consent Theater

The gap between the one-click acceptance process and the 15+ click opt-out maze exemplifies what privacy advocates call "consent theater"—the appearance of choice without meaningful control.

Corporate Accountability

With Texas securing multi-billion dollar settlements against Meta and Google for similar privacy violations, these lawsuits signal that data collection without genuine consent carries substantial legal and financial risks.

Broader Implications for the Tech Industry

State-Level Enforcement Rising

Texas's success in securing settlements dramatically larger than multistate coalitions suggests individual state enforcement may become more common. California, New York, and other large states may follow Texas's lead in pursuing separate actions rather than joining collective efforts.

Biometric Data Scrutiny Intensifying

With two billion-dollar-plus settlements focused on biometric data (Meta's facial recognition, Google's voiceprints and facial geometry) and now lawsuits addressing ACR's screenshot capabilities, companies collecting any biometric identifiers face heightened scrutiny and liability.

Assess your biometric data exposure with our specialized risk assessment tool to understand what identifiers you're sharing with devices and services.

The growing concerns about biometric surveillance extend beyond consumer devices into workplace environments, where IoT sensors and smart office systems create comprehensive employee monitoring capabilities.

The Regulatory Gap

Federal privacy legislation remains stalled in Congress, leaving states to establish patchwork privacy protections. Texas's aggressive enforcement demonstrates how individual states can drive corporate behavior change even without comprehensive federal law.

Connected Device Liability

As the IoT ecosystem expands—smart speakers, security cameras, appliances, vehicles—the Texas TV lawsuits may preview similar actions against other device categories that embed surveillance capabilities without transparent disclosure.

The Summer 2025 IoT security landscape demonstrated massive vulnerabilities across connected devices, including the BADBOX 2.0 botnet that infected millions of IoT devices with pre-installed malware, primarily affecting low-cost Android-based products manufactured in China.

The $110 billion smart office market faces similar challenges, with IoT attacks surging 124% in 2024 and over 50% of IoT devices having critical vulnerabilities that hackers can exploit immediately.

The China Factor in Tech Privacy

The Texas lawsuits' emphasis on Hisense and TCL's Chinese ownership highlights growing tensions between technology integration and national security concerns:

Data Localization Requirements

China's National Security Law and other regulations require Chinese companies to provide data to government authorities upon request, creating unavoidable conflicts with U.S. privacy expectations.

Supply Chain Vulnerabilities

Even non-Chinese manufacturers often rely on Chinese suppliers for components, chipsets, and software—creating potential data collection points throughout the supply chain.

The TikTok Precedent

The ongoing TikTok controversy demonstrates how concerns about Chinese data access can lead to calls for bans, forced sales, or operational restrictions—outcomes that could extend to hardware manufacturers.

Strategic Competition

The lawsuits frame ACR data collection through Chinese-manufactured TVs as potential threats to judges, elected officials, law enforcement, and critical infrastructure employees—language that positions privacy violations as national security concerns.

Next Steps and Timeline

The five lawsuits were filed in district courts across several Texas counties on December 15, 2025. The legal process will likely unfold over months or years:

Immediate Impact

Texas is seeking restraining orders to prohibit collection, sharing, and selling of ACR data while the lawsuits are pending. If granted, these orders could immediately affect millions of Texas TV owners.

Discovery Phase

The discovery process will likely reveal internal company documents about ACR implementation, data sales, consent processes, and the economic value of viewer surveillance—information that could prove damaging during trial.

Settlement Negotiations

Given Paxton's track record of securing billion-dollar settlements with Meta and Google, the TV manufacturers may pursue settlements rather than risk trial. However, unlike those tech giants, TV manufacturers have smaller profit margins and may fight more aggressively.

Potential Class Actions

While Texas is pursuing enforcement under the DTPA, the lawsuits could encourage private class action litigation from consumers nationwide, multiplying the manufacturers' legal exposure.

Protecting Your Connected Home Beyond Smart TVs

While disabling ACR on your television is important, comprehensive smart home security requires a broader approach. The same vulnerabilities that enable TV surveillance exist across your entire IoT ecosystem.

Network Segmentation Strategy

Setting up a secure home network should be your first line of defense. Create a separate guest network for all IoT devices, isolating them from computers and devices containing sensitive information. This prevents a compromised smart TV from accessing your laptop or financial data.

Comprehensive Device Management

The Summer 2025 smart home security retrospective revealed that most consumers are unaware of the extent of data collection across their connected device ecosystem. Regular security audits should include:

• Firmware updates for all IoT devices at least monthly
• Review of privacy settings on each connected device
• Assessment of which devices actually need internet connectivity
• Evaluation of manufacturer support and update frequency

Understanding Your Data Rights

The EU Data Act provides a model for consumer data rights, giving users greater control over information generated by their connected devices. While U.S. consumers don't yet have similar comprehensive protections, state laws like Texas's TDPSA are moving in this direction.

Advanced Privacy Tools

For technically capable users, implementing tools like Pi-hole for network-wide ad blocking can prevent ACR data from reaching tracking servers even if the feature remains enabled on your TV. These DNS-level blocking solutions intercept tracking domains before data leaves your network.

Conclusion: The Living Room Battlefield

The Texas lawsuits against Samsung, Sony, LG, Hisense, and TCL represent more than another privacy enforcement action—they challenge the fundamental transformation of consumer electronics into surveillance devices.

When families purchase a television, they expect to watch content. They don't expect that television to watch them back, capturing screenshots twice per second, analyzing their viewing habits across all connected devices, building comprehensive behavioral profiles, and selling that intimate data to the highest bidder.

The cases will test whether "smart" televisions can legally transform American living rooms into data collection operations without meaningful consent. With Texas's proven track record of securing record-breaking privacy settlements, the TV industry faces a potential reckoning over business models built on covert surveillance.

As Attorney General Paxton stated: "The fundamental right to privacy will be protected in Texas because owning a television does not mean surrendering your personal information to Big Tech or foreign adversaries."

For the millions of Americans who own smart TVs, these lawsuits may finally shine a light on the invisible watchers in their own homes—and force an industry to choose between surveillance capitalism and genuine consumer trust.

Privacy Assessment Tools

Take control of your digital privacy with our specialized assessment tools:

• Biometric Data Risk Assessment - Evaluate your biometric data exposure and get personalized recommendations
• PII Risk Assessment Tool - Assess what personal information you're exposing through connected devices
• Smart Home Security Scorecard - Comprehensive security assessment for your IoT ecosystem

Related Privacy & Security Articles

Texas Privacy Enforcement:

• Texas vs. Allstate: The Battle Over Data Privacy
• Texas Secures $1.4 Billion Settlement with Google Over Privacy Violations
• Texas Sets New Standard: $1.375 Billion Google Settlement
• Meta's $8 Billion Privacy Settlement: Key Compliance Lessons
• Texas Sues TikTok for Sharing Minors' Personal Data
• Texas Sues Roblox Over Child Safety Failures

Smart Home Security:

• The Growing Risk of Smart Home Hacks: How Safe Are Your Devices?
• The Summer of Smart Scrutiny: A 2025 IoT Security Retrospective
• Your Smart Home, Your Data: Understanding the EU Data Act
• How to Set Up a Secure Home Network
• Setting Up Pi-hole and Other DIY Security Tools

Smart Office & Workplace Privacy:

• The Surveillance Blind Spot: How Smart Offices Are Eroding Workplace Privacy
• The $110 Billion Smart Office Security Crisis
• AI-Powered Smart Offices: Balancing Innovation and Security
• The Workplace Automation Revolution: New Security Nightmares

Privacy Laws & Compliance:

• Understanding the Texas Data Privacy and Security Act
• Capture or Use of Biometric Identifier Act (CUBI)