The Federal Trade Commission has fined Cox Media Group $880,000 and two partner firms $25,000 each after finding they misled advertisers about an alleged “Active Listening” product that claimed to harvest voice data from smart‑home devices. The settlement requires the companies to stop false claims, avoid collecting voice recordings, and compensate affected customers.
Cox Media Group Pays $930,000 to Settle FTC Claims of Fake AI‑Powered Eavesdropping Service
What happened
The Federal Trade Commission (FTC) announced a $930,000 settlement with Cox Media Group (CMG) and two smaller marketing firms, MindSift LLC and 1010 Digital Works LLC. The three companies marketed a service called Active Listening, promising advertisers that it could capture snippets of users’ conversations from smart‑home devices, analyze them with artificial intelligence, and deliver hyper‑targeted ads based on the inferred interests and location of the speakers.
According to the FTC’s complaint, no voice data was ever collected. Instead, the firms sold lists of email addresses purchased from third‑party data brokers, inflating the price and falsely representing the source of the data. The companies also claimed that consumers had “opted‑in” to the service simply by agreeing to generic terms of service when installing unrelated apps—an interpretation the FTC says does not satisfy consent requirements for voice‑data collection.
Legal basis
The FTC’s action rests on two primary legal frameworks:
- Section 5 of the FTC Act – prohibits unfair or deceptive acts or practices in commerce. By advertising a non‑existent voice‑listening capability and misrepresenting consumer consent, the companies engaged in deceptive conduct.
- U.S. privacy statutes – while the case did not invoke the California Consumer Privacy Act (CCPA) directly, the FTC’s findings echo CCPA’s requirement for clear, affirmative consent before collecting or selling personal information, especially sensitive data such as voice recordings.
The settlement also references the EU General Data Protection Regulation (GDPR) as a benchmark for consent standards, noting that the alleged “opt‑in” mechanism would not meet GDPR’s strict definition of informed, specific, and freely given consent.
Impact on users and companies
For consumers
- Compensation – The $930,000 pool will be used to reimburse advertisers who purchased the bogus service and, indirectly, the end‑users whose data was misrepresented. The FTC will oversee the distribution of these funds.
- Privacy reassurance – The enforcement action clarifies that no voice recordings were harvested from smart devices, alleviating concerns that everyday conversations were being secretly stored.
For Cox Media Group and partners
- Financial penalty – CMG bears the bulk of the fine ($880,000), while MindSift and 1010 Digital Works each pay $25,000.
- Compliance obligations – The settlement includes a consent decree that bars the three firms from:
- Misrepresenting product capabilities in any marketing material.
- Collecting, storing, or selling voice data without explicit, documented consent.
- Claiming geographic‑targeting powers that are not technically supported.
- Reputational damage – The case highlights the risk of overstating AI capabilities, especially when privacy is involved. Industry observers expect advertisers to scrutinize CMG’s future product claims more closely.
What changes are required
- Clear consent mechanisms – Any future service that processes voice or other sensitive data must obtain a separate, affirmative consent that is specific to that purpose, mirroring GDPR and CCPA standards.
- Accurate marketing disclosures – Companies must ensure that all promotional materials accurately describe the data source, processing methods, and any limitations of the technology.
- Internal compliance programs – The FTC expects CMG and its partners to implement robust privacy‑by‑design practices, including regular audits of data‑collection pipelines and documentation of consent records.
- Third‑party data verification – If a firm intends to use purchased data, it must verify the provenance and ensure that the original collection complied with applicable privacy laws.
broader implications
The settlement sends a clear signal to the advertising technology sector: claims of AI‑driven eavesdropping will be closely examined, and any suggestion that users have consented without a transparent opt‑in will trigger enforcement. As regulators in the U.S., Europe, and California tighten consent standards, marketers must ground their AI narratives in verifiable technical reality rather than hype.
For more details on the FTC’s enforcement actions, see the agency’s official press release here.
Comments
Please log in or register to join the discussion