Privacy & Cybersecurity Law Blog

On April 13, 2026, Kentucky Governor Andy Beshear signed into law HB 692, which amends the Kentucky Consumer Data Protection Act (“KCDPA”) to add certain Smart TV data to the law’s definition of “sensitive data.” The amendments take effect July 1, 2027.

Specifically, HB 692 adds to the law’s definition of “sensitive data” the terms “automated content recognition data” and “smart monitor”:

• “Automated content recognition data” is defined as “data about a consumer’s content viewing history collected through the use of technology that is embedded or operated through a smart television or smart monitor, integrated with internet connectivity and an operating system that identifies, in real time, the specific content displayed by analyzing audio or video fingerprints, including but not limited to content received through broadcast, cable, satellite, streaming services, or external inputs, through digital fingerprinting, watermark detection, or similar comparison techniques.”
  • Excluded from this definition are (1) data collected about a consumer’s interactions with content provided by the controller’s own services, (2) data generated in the course of providing a feature or service requested by a consumer, and (3) data collected for the purpose of enforcing terms of service.
• “Smart monitor” is defined as a “digital, display device that integrates hardware and software components to enable internet connectivity, application execution, and media content streaming independently of an external computer or media source.” The term does not include a voice assistant device or mobile device.

Under the amended KCDPA, controllers will be prohibited from collecting automated content recognition data without a consumer’s consent. The Act defines consent as “a clear affirmative act signifying a consumer’s freely given, specific, informed, and unambiguous agreement to process personal data relating to the consumer.”