Texas Attorney General Ken Paxton launched a series of lawsuits in December 2025 targeting five television manufacturers for their alleged privacy violations through the use of automated content recognition technology. The lawsuits claimed Sony, Samsung, LG, Hisense, and TCL Technology Group Corporation unlawfully collected and monetized consumers' television-viewing data through ACR tech installed into smart TVs.
The legal action is part of a broader privacy enforcement crackdown by Texas, but it also marks a notable shift in the U.S. state enforcement landscape beyond common data collection practices. Paxton argued ACR enables smart TVs to monitor consumers' television screens in real time, including content viewed through cable boxes and other HDMI-connected devices.
Paxton's office obtained temporary restraining orders against Hisense and Samsung, halting certain ACR-related data collection practices in Texas. The orders reflect aggressive state-level interventions against embedded tracking technology in consumer devices.
Paxton claimed the data collected by the embedded trackers was sold to data brokers for advertising purposes, opening the door to cybersecurity and national security risks. The lawsuits particularly highlight concerns about China-based companies' access to U.S. consumer data. Hisense and TCL are owned by Chinese companies.
"Companies, especially those connected to the Chinese Communist Party, have no business illegally recording Americans' devices inside their own homes," Paxton said in a statement introducing the lawsuits. He argued the companies' alleged ACR practices are “invasive, deceptive, and unlawful" while defending how "owning a television does not mean surrendering your personal information to Big Tech or foreign adversaries."
ACR's privacy problem
A major concern highlighted by Texas’ enforcement actions is ACR technology's ability to identify content displayed on a television screen using audio or visual "fingerprinting," which is then matched against large databases. ACR could allow manufacturers to capture viewing data from streaming services, live television and external devices.
ACR challenges traditional assumptions about consent and transparency in consumer data collection. "Like so much in privacy, it boils down to a consumer's reasonable expectation of privacy," Frankfurt Kurnit Klein and Selz Associate Andrew Folks, CIPP/E, CIPP/US, CIPM, FIP, told the IAPP. He said consumers may expect content subscriptions such as streaming services to track viewing behavior within a given app; however, "they might not expect manufacturers to collect information about what they are watching through their DVD player or HDMI port, as ACR enables."
The lawsuits alleged smart TV manufacturers did not adequately provide meaningful notice about this scope of monitoring and instead focused on disclosures during the device's setup. Folks noted onboarding processes have posed problems across connected devices.
According to Folks, grouping consent during device setup "has been an issue since the early days" of connected devices. ACR opt-ins may be combined with essential features required to use the television, which brings questions about meaningful consent.
Paxton claimed companies' use of ACR mechanisms violated the Texas Deceptive Trade Practices Act, which has become one of Texas' commonly used privacy enforcement instruments during its expanded privacy and data security enforcement initiative. The DTPA was applied in privacy cases that led to a USD1.4 billion settlement with Meta in 2024 and a USD1.375 billion settlement with Google last year.
"What Texas has demonstrated is that states have a deep bench of statutes they can leverage to address ACR practices," Folks said, with deceptive practices laws offering clearer enforcement pathways and broader remedies than comprehensive privacy frameworks.
ACR's technological capabilities
The complaints by Paxton's office argued data collected by Hisense and TCL could be subject to China’s National Security Law, which can compel companies to share data with the government. Nonconsensual sharing is one issue, but potential sharing with a foreign adversary brings greater concerns around surveillance of U.S. citizens.
However, the risks should be understood within the technical limits of how ACR systems function. Alva Strategy Center Principal founder Aaron Alva said the TROs are feasible to implement at a technical level.
"Typically, they can take the IP address, which is also another data element that might be a part of what's being collected, and take the IP addresses that are generally in the geographic area of Texas, and then decide to turn off that data collection remotely from their servers," said Alva, who previously spent 10 years as a technology advisor and technologist at the U.S. Federal Trade Commission.
This approach may have broader implications for enforcement beyond smart TVs. Alva noted similar mechanisms could be applied in future cases involving other sensitive data types, such as real-time location data.
"Imagine a state attorney general recognizes that there's someone collecting real-time location data and using it for purposes that they deem to be both unfair and creating harm to consumers," said Alva. "The attorney general taking that sort of temporary restraint or action, seems like a logical step."
Despite these measures, ACR technology does not provide unlimited access to consumer devices or raw video feeds. The technology identifies content within its set parameters. National security concerns could be more focused on the collection of consumer behavioral data rather than surveillance measures.
"Whenever you have sensitive data being sent to unknown actors, whether they be foreign or domestic, then that creates sensitivities when it comes to those entities," Alva said. "Being able to know more about a particular consumer and target them in ways that might cause harm can create national security issues."
Lexie White is a staff writer for the IAPP.
