The Return of the Video Privacy Protection Act (VPPA)

Introduction

In recent years, there has been a significant rise in cases alleging violations of the Video Privacy Protection Act (VPPA), 18 U.S.C. § 2710. Enacted in 1988, the VPPA was originally intended to protect the privacy of consumers’ video rental records following a scandal involving the publication of Supreme Court nominee Robert Bork's video rentals. Despite the decline of video rental stores, the VPPA is experiencing a resurgence, largely due to its adaptable language, which now applies to online privacy. Plaintiffs' lawyers are using the VPPA to target a wide array of companies offering video content on websites and mobile apps, claiming that the sharing of consumer information with third parties violates the VPPA.

 

Understanding the VPPA

The VPPA prohibits a "video tape service provider" from knowingly disclosing "personally identifiable information" (PII) concerning any "consumer" without their consent, except for a few exceptions. To grasp the statute’s current relevance, it is essential to understand the definitions and interpretations of these terms:

 

1. **Video Tape Service Provider:** Defined as any person engaged in the business of rental, sale, or delivery of prerecorded video cassette tapes or similar audiovisual materials. Courts have interpreted "similar audiovisual materials" to include online videos, excluding live streaming content.

2. **Consumer:** This term includes any renter, purchaser, or subscriber of goods or services from a video tape service provider. Courts generally require an ongoing relationship between the user and the website or app operator to qualify as a "subscriber," though the exact level of commitment required varies.

3. **Personally Identifiable Information (PII):** PII includes information that identifies a person as having requested or obtained specific video materials or services. The definition of PII has evolved to include new technologies and state privacy laws like the California Consumer Privacy Act. However, courts are divided on what constitutes PII, with some circuits considering device IDs and GPS coordinates as PII, while others do not.

 

Successful Defenses at the Motion to Dismiss Stage

The broad interpretation of the VPPA has led to mixed outcomes at the motion to dismiss stage. However, two defenses have seen increasing success:

 

1. **Definition of "Consumer":** Defendants have successfully argued that plaintiffs do not qualify as "consumers" under the VPPA if they do not have a subscription related to audiovisual materials. For instance, in *Gardener v. MeTV*, the court dismissed the case because the plaintiffs' general subscription did not specifically pertain to audiovisual content. Similarly, in *Jefferson v. Healthline Media, Inc.*, the court ruled that providing a name and address without receiving related audiovisual goods or services did not make one a "consumer" under the VPPA.

  

2. **Personally Identifiable Information (PII):** Outside of the First Circuit, defendants have argued successfully that the information disclosed did not constitute PII. For example, a Northern District of California case dismissed claims under the VPPA because sharing Facebook IDs with video URLs did not directly identify individuals.

 

Implications for Companies

While some courts have accepted that any company offering recorded video content qualifies as a "video tape service provider," others, such as those in the Central District of California, have ruled that companies not primarily focused on audiovisual content do not fall under the VPPA. This defense could limit the statute's scope if adopted more broadly.

 

Next Steps for Businesses

Companies offering recorded video content on websites or mobile apps should:

 

1. **Review Tracking and Data Collection Tools:** Ensure that tracking technologies do not inadvertently share information identifying users and their viewed videos with third parties.

2. **Evaluate Privacy Policies:** Work with privacy counsel to align privacy policies with actual data collection and sharing practices.

3. **Implement Precautionary Measures:** Consider reducing or eliminating the use of tracking pixels that collect sensitive user data.

 

Conclusion

The VPPA’s resurgence highlights the need for companies to stay vigilant about their data practices, particularly when offering video content. By understanding the statute's requirements and implementing appropriate measures, businesses can mitigate the risk of costly litigation and protect consumer privacy.

 

---

 

References

- For more information, visit [Minding Your Business Litigation](https://www.mindingyourbusinesslitigation.com/2023/10/the-return-of-the-vppa/).

- Details on the Video Privacy Protection Act (VPPA) can be found [here](https://www.law.cornell.edu/uscode/text/18/2710).

- Information on the California Consumer Privacy Act is available [here](https://oag.ca.gov/privacy/ccpa).

 

Read more at: [Minding Your Business Litigation](https://www.mindingyourbusinesslitigation.com/2023/10/the-return-of-the-vppa/).