Yesterday, the Supreme Court denied certiorari in In re Nickelodeon Consumer Privacy Litigation, a case addressing whether static digital identifiers like internet protocol (IP) addresses qualify as personally identifiable information (PII) under the Video Privacy Protection Act (VPPA). As a result, the Third Circuit’s June 27, 2016 decision in the case—which held that IP addresses do not qualify as PII under the VPPA and therefore fall outside of the VPPA’s protections—stands.
Specifically, as explained in our previous post, the Third Circuit held that:
- Digital identifiers such as MAC addresses and IP addresses are not PII because the VPPA’s definition of PII “applies only to the kind of information that would readily permit an ordinary person to identify a specific individual’s video-watching behavior.” The Third Circuit explained that the VPPA’s history suggests Congress did not intend to adopt an extremely broad definition of PII or to borrow the definition of PII from other laws and rules.
- The VPPA creates liability only for disclosure, and not merely receipt, of PII.
- The Supreme Court’s May 16, 2016 decision in Spokeo, Inc. v. Robins—which held that it was error for a court to focus on only whether a plaintiff’s purported injury was “particularized” without also assessing whether it was sufficiently “concrete”—did not bar the plaintiffs’ VPPA claim because Congress has long provided plaintiffs with the right to seek redress for unauthorized disclosures of private information.