A judge in the Northern District of California recently agreed with the Seventh Circuit that the Video Privacy Protection Act (“VPPA”) does not provide a private right of action premised solely on an allegedly unauthorized retention of information. 

Plaintiffs sued Sony Computer Entertainment America LLC (“SCEA”) and Sony Network Entertainment International LLC (“SNEI”) for alleged violations of the VPPA.  The VPPA limits the retention and disclosure of “personally identifiable information,” including information about a person’s requesting or obtaining video materials or services from a “video tape service provider.”  Plaintiffs were a class of Sony customers whose video watching and gaming information the company allegedly retained for longer than 30 days. 

In addition to dismissing claims that Sony unlawfully retained plaintiffs’ information, the court dismissed plaintiffs’ claims (1) that SCEA unlawfully disclosed such information to SNEI and (2) that SNEI subsequently disclosed the information to unnamed third parties.  The court dismissed the first claim on the basis of the VPPA’s “ordinary course of business” exception, which authorizes (among other things) disclosures made in the context of a “transfer of ownership.”  Because SCEA had diclosed the alleged PII in connection with a transfer of “certain assets” to SNEI, the court held that the ordinary course of business exception applied.   

The court also dismissed the second disclosure claim, holding that the plaintiffs did not state that a disclosure was made, identify anyone to whom the disclosure was made, or state that the disclosure falls outside the scope of the VPPA. 

Tags: Data Retention, Litigation, Video Privacy Protection Act, VPPA
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Read more about Lindsey TonsagerEmail
Show more Show less