A judge in the Northern District of California recently agreed with the Seventh Circuit that the Video Privacy Protection Act (“VPPA”) does not provide a private right of action premised solely on an allegedly unauthorized retention of information. 

Plaintiffs sued Sony Computer Entertainment America LLC (“SCEA”) and Sony Network Entertainment International LLC (“SNEI”) for alleged violations of the VPPA.  The VPPA limits the retention and disclosure of “personally identifiable information,” including information about a person’s requesting or obtaining video materials or services from a “video tape service provider.”  Plaintiffs were a class of Sony customers whose video watching and gaming information the company allegedly retained for longer than 30 days. 

In addition to dismissing claims that Sony unlawfully retained plaintiffs’ information, the court dismissed plaintiffs’ claims (1) that SCEA unlawfully disclosed such information to SNEI and (2) that SNEI subsequently disclosed the information to unnamed third parties.  The court dismissed the first claim on the basis of the VPPA’s “ordinary course of business” exception, which authorizes (among other things) disclosures made in the context of a “transfer of ownership.”  Because SCEA had diclosed the alleged PII in connection with a transfer of “certain assets” to SNEI, the court held that the ordinary course of business exception applied.   

The court also dismissed the second disclosure claim, holding that the plaintiffs did not state that a disclosure was made, identify anyone to whom the disclosure was made, or state that the disclosure falls outside the scope of the VPPA. 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the…

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the U.S. Congress, and other federal and state regulators on a proactive basis, she has experience helping clients respond to informal investigations and enforcement actions, including by self-regulatory bodies such as the Digital Advertising Alliance and Children’s Advertising Review Unit.

Ms. Tonsager’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, behavioral advertising, e-mail marketing, artificial intelligence the processing of “big data” in the Internet of Things, spectrum policy, online accessibility, compulsory copyright licensing, telecommunications and new technologies.

Ms. Tonsager also conducts privacy and data security diligence in complex corporate transactions and negotiates agreements with third-party service providers to ensure that robust protections are in place to avoid unauthorized access, use, or disclosure of customer data and other types of confidential information. She regularly assists clients in developing clear privacy disclosures and policies―including website and mobile app disclosures, terms of use, and internal social media and privacy-by-design programs.