Plaintiffs are becoming increasingly creative in their attempts to seek relief involving alleged privacy violations resulting from their online activity. This includes raising allegations of violations of the Video Privacy Protection Act, a federal law enacted in 1988 largely in response to privacy concerns surrounding businesses’ use of individuals’ video tape rental histories.
A federal court in the Southern District of New York recently interpreted the VPPA as it relates to data privacy concerns in the modern area. In Carter et al v. Scripps Networks, LLC, the home and lifestyle network giant HGTV fended off a VPPA class action, after the court found that the plaintiffs were not “consumers” within the meaning of the Act.
But what makes the VPPA so special for plaintiffs in recent years (with more than 100 claims filed since 2022 alone), and how can companies prepare and respond?
Law targets video stores
The VPPA was born after the video rental history of U.S. Supreme Court nominee Robert Bork was leaked to the media. (His history was innocuous.) The law prohibits a “video tape service provider” from disclosing data identifying individuals’ requested or obtained video materials. Because “video tape service provider” encompasses purveyors of “audio-visual materials” similar to video tapes, plaintiffs have broadly interpreted the definition to include website or mobile app providers that offer videos on their platforms, such as HGTV or CNN.
Meta’s Pixel and third-party sharing
Data sharing on websites often comes in the form of cookies and code imbedded on websites that tracks the activity of website users. For instance, Facebook/Meta’s Pixel is code embedded on the websites of several companies that tracks certain activity of website users. Some plaintiffs allege that the information is transmitted to Facebook/Meta, which can then link the information to the users’ Facebook accounts. This can include information about a user’s video watching habits, which they argue violates the VPPA.
Carter et al v. Scripps Networks, LLC
In Carter et al v. Scripps Networks, LLC, subscribers to the HGTV.com newsletter brought a class action against HGTV, arguing that HGTV was collecting and disclosing their HGTV.com video-streaming activities to Facebook (via the Meta Pixel) in violation of the VPPA.
Like many other recent VPPA cases, Carter turned on whether the newsletter subscribers were "consumers" under the VPPA. To file a VPPA claim, an individual must be a "renter, purchaser, or subscriber of goods or services." The plaintiffs, who were not subscribers to HGTV’s television offerings, argued that their subscription to HGTV’s newsletter made them “consumers” within the meaning of the VPPA. The court disagreed, finding that simply opting in to a newsletter does not make someone the type of subscriber who is a “consumer” for VPPA purposes.
In determining whether an individual is a VPPA “consumer,” courts typically consider whether there was a payment, registration, commitment, delivery, expressed association, or access to restricted content. According to the court in Carter et al v. Scripps Networks, LLC, merely subscribing to a newsletter is not enough.
Avoiding VPPA litigation
With VPPA suits on the rise, companies should assess whether their websites or mobile apps put them at risk for a VPPA suit. Here are some questions to ask:
- What cookies are used on the website or mobile app?
- Is Meta Pixel on the website?
- Is the video content on the website or mobile app freely available?
- Do users have to create an account or subscribe to view videos?
- Do users get access to any additional or enhanced content after signing up for any service or newsletter?
- Do users have to provide personal information to get access to the video or, more generally, to the website or mobile app?
- Do users receive notice of the company’s data sharing practices?
Court decisions in VPPA cases are not consistent, but we continue to monitor.
For additional information about proactive steps companies can take to help address VPPA risks or for assistance in defending litigation involving VPPA claims, The Constangy Cyber Team can help. Contact us any time at cyber@constangy.com.
- Partner
Allen Sattler is a partner and vice chair of the Constangy Cyber Team. He is based in Orange County, California. He has significant experience serving clients as incident response counsel, having managed the responses to hundreds of ...
The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation.
Subscribe
Contributors
- Suzie Allen
- John Babione
- Bert Bender
- Ansley Bryan
- Jason Cherry
- Christopher R. Deubert
- Maria Efaplomatidis
- Sebastian Fischer
- Laura Funk
- Lauren Godfrey
- Taren N. Greenidge
- Chasity Henry
- Julie Hess
- Sean Hoar
- Donna Maddux
- David McMillan
- Ashley L. Orler
- Todd Rowe
- Melissa J. Sachs
- Allen Sattler
- Brent Sedge
- Matthew Toldero
- Alyssa Watzman
- Aubrey Weaver
- Xuan Zhou