Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Privacy & Security Litigation

Plaintiffs Increasingly Seek to Stretch Scope of VPPA

VPPA VHSTwo recent rulings in lawsuits against streaming video services under the Video Privacy Protection Act (VPPA) have tested the limits of those services’ VPPA compliance.  The VPPA, enacted in 1988, prohibits the knowing disclosure of certain information about a consumer that “identifies a person as having requested or obtained specific video materials.”  The actions described below address first, the relationship a person must have with a streaming service to be considered a “consumer” under the VPPA and second, the connection between a consumer’s identity and the identity of specific video material disclosed to a third party that a plaintiff must demonstrate when stating a VPPA claim.

First, in an action against AMC Network Entertainment, District Judge Naomi Reice Buchwald of the U.S. District Court for the Southern District of New York dismissed the complaint with leave to amend, finding that the plaintiff did not qualify as a “consumer” under the VPPA.  The VPPA defines “consumer” to mean “any renter, purchaser, or subscriber of goods or services from a video tape service provider.” Since the plaintiff was neither a renter nor a purchaser, the court focused on the meaning of “subscriber,” which is not defined in the VPPA.  In light of that term’s plain meaning and its treatment in prior cases, the court concluded that the plaintiff was not a subscriber because there was no ongoing relationship between the plaintiff and AMC.

The court’s decision, however, did not result in the end of the litigation, because after the briefing and oral argument on the motion to dismiss, the plaintiff informed the court that she “registered for AMC’s newsletter” relating to a specific show and received promotional emails regarding that show including a link to “unsubscribe” should she choose to do so.  Despite granting AMC’s motion to dismiss, the court also granted the plaintiff’s motion to amend the complaint with this new information potentially relevant to her classification as a “subscriber.”  That said, the court gave no indication whether the plaintiff’s subscription to the AMC newsletter was sufficient to establish the plaintiff as a “consumer.”

In a second case, Magistrate Judge Laurel Beeler of the U.S. District Court for the Nothern District of California granted Hulu’s motion for summary judgment, finding that Hulu’s mere disclosure of a user identification number in a cookie in connection with the title of a video viewed did not suffice to state a claim under the VPPA.  The plaintiffs, viewers of online video content through Hulu’s Internet-based service, claimed that Hulu violated the VPPA by disclosing viewers’ unique user identification numbers in combination with the pages that they viewed on Hulu, which included the titles of their streaming video selections. The court disagreed, finding that a VPPA violation requires a connection between the consumer’s identity and the identity of specific video materials, and concluding that there was no genuine issue of material fact that Hulu knew that Facebook might link the user-identifying information in the cookie with title-bearing page addresses.  Without such a connection, the court concluded that there was no “knowing” disclosure of “personally identifiable information” as defined by the VPPA.

These cases demonstrate that courts are looking very carefully at the plain language of the VPPA when applying it to newer technologies, and that plaintiffs are willing to test the bounds the 27-year-old statute in the context of streaming services.  Companies offering streaming content thus should carefully consider how they integrate third-party cookies and plug-ins into web pages through which they offer streaming content.

Katherine Armstrong, Counsel in our Washington, D.C. office, contributed to this post.