Video Privacy Protection Act

In Perry v. Cable News Network, the Eleventh Circuit dealt another loss to putative class-action plaintiffs seeking to use the Video Privacy Protection Act (“VPPA”) as a weapon against free online video services. The court affirmed that to be a “subscriber” of a video service—someone who can sue under the VPPA—one must have a genuine commitment, relationship, or association with that service. Because the Perry plaintiff could not show that, he lost.

The VPPA creates a cause of action for video service providers that disclose their consumers’ personally identifiable information alongside their viewing information. The typical Internet example is a paid video service that gives an advertiser a paying subscriber’s email address and viewing history.

To sue under the VPPA, a person must be a “consumer.” The VPPA defines that term as meaning a renter, purchaser, or subscriber of goods or services from a video service provider. “Subscriber” has raised the question of whether someone who downloads and uses a free app can be a “consumer” who can sue under the VPPA. At least in the Eleventh Circuit, Ellis v. Cartoon Network, Inc. answered that question: something more than mere use is needed. Instead, Ellis held that a proper VPPA plaintiff needs “some type of commitment, relationship, or association (financial or otherwise)” between the plaintiff and the video service provider.

In Perry, the district court relied on Ellis to dismiss plaintiff Perry’s suit without leave to amend because he was merely a user of CNN’s free app. Perry argued he could state a VPPA claim because he subscribed to CNN’s television channel through his cable package. This cable subscription let Perry access exclusive content via the CNN app. Perry said this made him a CNN app subscriber. He also said he paid CNN indirectly through his cable subscription. Perry appealed to the Eleventh Circuit on those theories.
Continue Reading Eleventh Circuit Hands Another VPPA Loss to Video App Plaintiffs

In two cases last week, two courts entered widely divergent rulings on the central question of the specific definition of “personally identifiable information,” or “PII,” under the Video Privacy Protection Act (“VPPA”).  The VPPA defines PII as information that “identifies a person as having [obtained a video]” from a video tape service provider (“VTSP”).

In Yershov v. Gannett, the First Circuit took a broad view of that definition, deciding that even information such as unique device IDs in connection with GPS coordinates can be PII.  In Perry v. CNN, issued just a few days before Yershov, a federal district court in Georgia took a far more limited view under Eleventh Circuit precedent, holding that MAC addresses are not PII because they are tied to devices, not specific individuals. 
Continue Reading Video Privacy Protection Act Rulings in Gannett and CNN Reach Opposite Conclusions

On October 9, the Eleventh Circuit affirmed in Ellis v. Cartoon Network, Inc. that a person who downloads and uses a free mobile application to view freely available content is not, without more, a “subscriber” under the Video Privacy Protection Act (“VPPA”).

Cartoon Network offers a free mobile app that people can download to watch

On Tuesday, March 31, the U.S. District Court for the Northern District of California granted Hulu’s motion for summary judgment in a complaint alleging that Hulu had violated the Video Privacy Protection Act (VPPA) by sharing user information with Facebook.  In granting summary judgment, the court found no genuine issue of material fact regarding whether Hulu “knowingly” disclosed video viewing information connected to individual Hulu users to Facebook, a required element for VPPA liability.  While the court’s holding may be too fact-bound to have widespread impact on other VPPA cases, it does highlight the important role of the VPPA’s knowledge requirement in determining liability under the statute.
Continue Reading Court Grants Summary Judgment on VPPA Claims Against Hulu Based on Lack of ‘Knowing’ Disclosure

The United States District Court for the Eastern District of Michigan has allowed a putative class action under Michigan law to proceed against several magazine publishers that allegedly sold lists of their customers’ names, addresses, and subscription choices to third parties.  Earlier this week, in a case styled Halaburda v. Bauer Publishing Co., Judge Steeh of the Eastern District denied a motion to dismiss by defendants Bauer, Hearst Communications and Time, Inc., which had argued that the plaintiffs’ lacked standing to sue in federal court and that the complaint did not state a claim upon which relief could be granted. 

The plaintiffs sued under the Michigan Video Rental Privacy Act (“VRPA”), a statute that, despite its name, generally prohibits companies “engaged in the business of selling at retail, renting or lending books or other written materials, sound records, or video recordings” from disclosing “a record or other information concerning the purchase, lease, rental, or borrowing of those materials by a customer that indicates the identity of the customer.”  The plaintiffs alleged that the publisher defendants “sell[] at retail . . . written materials” and that the defendants have disclosed information about subscription choices in violation of the statute’s disclosure prohibition. 

In their motion to dismiss, the defendants argued that the plaintiffs had not sufficiently alleged standing to bring their suit because the complaint did not plead a cognizable “injury” to plaintiffs.  The court rejected this argument, holding that because the VRPA allows a plaintiff to recover statutory damages, no allegation of actual injury is necessary for standing under the U.S. Constitution or under the statute itself.  In reaching this conclusion, the court distinguished Sterk v. Best Buy Stores (N.D. Ill Oct. 17, 2012), which held that plaintiffs suing under the federal Video Privacy Protection Act (“VPPA”) had failed to establish an injury sufficient for standing.  The court noted that while the VPPA contains language requiring an actual injury (plaintiffs must be “aggrieved” to recover), the VPRA does not.


Continue Reading Action Against Magazine Publishers for Sale of Customer Lists Allowed to Proceed

Yesterday, President Obama signed into law the “Video Privacy Protection Act Amendments Act of 2012,” a law that amends the VPPA’s notoriously vague consent provision.  As originally enacted, the VPPA allowed “video tape service providers” to disclose consumers’ “personally identifiable information” (including their video viewing histories) with a consumer’s consent only if that consent were “informed, written . . . [and] given at the time the disclosure [was] sought.”  Even in the brick-and-mortar world of 1988 (when the VPPA was passed), this consent provision was confusing.  What did it mean to provide consent “at the time the disclosure [was] sought”?  “Sought” by whom (the video tape service provider, the consumer or a third party)?  Could a consumer authorize a disclosure in advance of its occurrence? 

The application of the consent provision has become even more vexed over time, as video distribution has changed radically.  Some have argued that the VPPA is broad enough to govern the disclosure of video viewing activities online, and so online video service providers have grown increasingly interested in this once-obscure statute.  Late last year, Congress acted to help clarify the consent issue.

After the jump, we provide our final analysis of the amendments. 


Continue Reading The Video Privacy Protection Act Amendments: A Final Analysis

Continuing the flurry of activity around privacy legislation that we have seen over the past few weeks, the House today passed an amendment to the Video Privacy Protection Act (“VPPA”), 18 U.S.C. § 2710.  The bill would amend the VPPA by clarifying that a consumer may consent to the disclosure of her video viewing information

Last week, Judge Armstrong of the Northern District of California dismissed a putative class action against Pandora alleging the Internet radio service had violated two Michigan state statutes by disclosing to third parties information about the plaintiff’s listening activity.  The plaintiff in Deacon v. Pandora Media, Inc. alleged that by (1) making publicly available his Pandora profile information and (2) posting his listening activity on Facebook, Pandora violated Michigan’s Video Rental Privacy Act (“VRPA”), Mich. Comp. Laws § 445.1711-1715, and its Consumer Protection Act (“CPA”), Mich. Comp. Laws § 445.903. 

The VRPA is among more than a dozen state analogues to the federal Video Privacy Protection Act (“VPPA”), 18 U.S.C. § 2710, which limits the ability of “video tape service providers’” to disclose information about specific video materials their customers have requested or obtained.  Although the VRPA similarly limits the ability of such entities to disclose information about their customers, the statute also applies to a broader class of entities and media.  Specifically, the VRPA provides that, absent a statutory exception:

“a person, or an employee or agent of the person, engaged in the business of selling at retail, renting, or lending books or other written materials, sound recordings, or video recordings shall not disclose to any person, other than the customer, a record or information concerning the purchase, lease, rental, or borrowing of those materials by a customer that indicates the identity of the customer.”

The plaintiff in Deacon asserted that by sharing information about his listening activities with third parties, Pandora ran afoul of this provision’s prohibition against disclosure of information about a customer’s having obtained “sound recordings.” 


Continue Reading Court Dismisses Privacy Lawsuit Against Pandora

Last Friday, Rep. Zoe Lofgren (D-CA) introduced the ECPA 2.0 Act, H.R. 6529, which would strengthen the legal standards for law enforcement to gain access to electronic communications and location information.  The Electronic Communications Privacy Act (ECPA) is more than 25 years old and is widely seen as needing modernization to address changes in digital storage, the cloud, and location-based services.  As we’ve previously noted, government access to location information is an ongoing issue for legislators, courts, and government officials.  


Continue Reading Rep. Lofgren Introduces Legislation to Update ECPA