IRIS Special - Smart TV and data protection

Is my smart TV working for Big Brother? The European Audiovisual Observatory has published in February 2016 a report entitled "Smart TV and data protection".

More details

Pages : 72
Place : Strasbourg
Date of publication : March 2016
Editor : European Audiovisual Observatory

5,00 €

Add to wishlist

The electronic file of the IRIS Special publication is free on line. We propose you the print copy for a cost price.


The structure of this study is built around the following questions:

  • What is smart TV?
  • How does smart TV compare with other forms of audiovisual media?
  • What regulatory frameworks govern smart TV?
  • What guidance can be found in selected country-specific case studies?
  • What are the dangers associated with the collection, storage and processing of private user information by commercial parties?
  • How are relevant regulatory frameworks likely to evolve?


Samsung have warned owners of their smart TVs that the system’s voice recognition could actually be recording and sharing their private conversations. This “bad buzz” comes at a time when Brussels is in the process of adopting new legislation – the General Data Protection Regulation (GDPR) - aimed at protecting us from abuse and misuse of our private data and consumer behaviour big data collected by smart equipment such as television sets. The European Audiovisual Observatory, part of the Council of Europe in Strasbourg, is keeping track of these developments and has published this IRIS Special report entitled "Smart TV and data protection".


This is a joint publication by the Observatory and partner institution, the Dutch Institute for Information Law (IViR in Amsterdam). It inspired an expert workshop organised in Strasbourg December 2015, which looked at “the grey areas between media regulation and data protection”.


Chapter I explores the different terminological and definitional approaches to ‘smart TV’ and thereby positions it in relation to other forms of (interactive) audiovisual media. It identifies the main distinctive features of smart TV (for privacy-related/data protection purposes) as: speech recognition, motion sensing, facial recognition, interactive capacity (e.g. via apps and social media) and integrated user accounts (e.g. Samsung). These features of smart TV facilitate the collection, storage and processing of personal information by commercial parties. These features then serve as key focuses for the exploration of the regulatory framework and case studies in subsequent chapters.

Chapter II explains how audiovisual media regulation and privacy/data protection regulation have traditionally developed in isolation from one another. Convergence and the emergence and expansion of intelligent technologies are forcing regulators in both sectors to find each other and pursue new regulatory approaches that reflect and address these developments. This chapter examines the lack of relevance of the AVMSD; the limited relevance of the Framework and Access Directives; the growing relevance of the Data Protection and E-Privacy Directives, and the likely implications of the (draft) General Data Protection Regulation. It also explains the relevance of consumer law and human rights law.

Building on the analysis of the complex regulatory framework, Chapter III offers an overview of how relevant legal issues are arising and being dealt with in practice at the national level. Four case studies form the core of the chapter, drawing on experiences in Germany, the Netherlands (two case studies) and the United States:

  1. Germany: Joint position, technical test of smart TVs and guidance document;
  2. The Dutch Data Protection Authority’s investigation into the processing of personal data with or through Philips smart TV by TP Vision Netherlands;
  3. The Dutch Data Protection Authority’s investigation into the processing of personal data by Ziggo relating to of interactive digital services;
  4. Electronic Privacy Information Center v. ‘Samsung’: Complaint to the US Federal Trade Commission about the routine interception and recording by Samsung of private communications of consumers in their homes.


Each of the case studies involves a detailed analysis of the legal issues involved and their broader implications for regulatory approaches to smart TV.

Chapter IV builds on the preceding chapter and, while reflecting on future regulatory developments (in particular the likely implications of the draft General Data Protection Regulation), focuses on the distinctive features of smart TV as identified above, and the (potential) harms that arise from the collection, storage and processing of personal data, as enabled by those technological features.


Get smart about Smart TVs – get this new must-read report!


Content list




1. Definitions and Features

1.1. What is a smart TV?

1.2. What data can a smart TV collect?

1.2.1. Voice recognition

1.2.2. Motion control and facial recognition

1.2.3. (Samsung) Account

2. Regulatory frameworks

2.1. Audiovisual Media Services Directive

2.2. E-Communications Framework

2.3. Provisions on e-privacy and data protection

2.3.1. Scope of application

2.3.2. General definitions and principles Personal data Processing Controller Consent

2.3.3. E-Privacy Directive

2.3.4. Data Protection Directive Confidentiality and security of processing International data flows

2.3.5. New data protection regulation

2.4. E-Commerce Directive and EU Consumer Protection Law

2.5. Human Rights Framework

3. Case studies by country

3.1. Germany

3.1.1. The joint position

3.1.2. The technical test

3.1.3. Guidance Document on Data Protection Requirements for Smart TV Services

3.2. The Netherlands

3.2.1. Case study 1 – CBP v. TP Vision Factual background Legal framework

3.2.2. Case study 2 - CBP v. Ziggo Factual background Legal framework Future implications

3.3. An American Example

3.3.1. Electronic Privacy Information Center v. Samsung Factual background Legal framework Likely implications

4. The General Data Protection Regulation

4.1. Smart TVs and the General Data Protection Regulation

4.1.1. Definitions Any information Relating to Identified or identifiable person Natural person Special categories of data Territorial scope

4.1.2. Application Voice recognition Motion control and facial recognition Account creation

4.2. The Regulation’s level of protection

4.2.1. Key provisions Contractual duties Legitimate interests of the controller Consent

4.2.2. Other relevant provisions

4.3. What is an adequate level of protection, and is it offered by the Regulation?

4.3.1. What requires protection and why?

4.3.2. What is adequate protection?

4.3.3. Does the Regulation provide an adequate level of protection? Anonymity Consent Other requirements

Concluding Analysis

Online Services

IRIS e-Newsletter

Legal Observations of the European Audiovisual Observatory

> Database IRIS Merlin 

Database on legal information relevant to the audiovisual sector in Europe

> AVMSDatabase

Database on the transposition of the AVMS Directive into national legislation

Database LUMIERE

Database on admissions to films released in Europe


The European film directory on European films available on VOD services in Europe

> Database MAVISE

Database on TV and on-demand audiovisual services and companies in Europe