As a former Cognitive and Inscape employee, @mikeryan is largely correct. Note that fingerprinting happens on the TV - no actual content was sent back to us. Still absolutely creepy.*
Once the data is sold, the cat is out of the bag. The service might not send sensitive info by itself but the DBs of the buyers might contain enough data for cross-referencing to personally identify you without a shadow of doubt.
As another poster here asked: were there any ethical discussions in the organization?
* Not the opinion of my (former) employer.