In 1988, Congress enacted the Video Protection Privacy Act (“VPPA”) in response to the confirmation hearing of Judge Robert Bork, where his video rental history was disclosed during his Supreme Court confirmation hearing. Creative plaintiffs’ lawyers in recent years have asserted new claims under this statute, arguing that the use of website tracking pixels that transmit a user’s visit to a website page containing an embedded video violates the VPPA. Some courts have allowed some of these claims to pass the pleading stage, resulting in a proliferation of pre-litigation demands and complaints against companies who embed videos on their websites and use pixel analytics.
There are several defenses that have defeated these claims at the pleading stage, however.
First, courts are in agreement that the VPPA only applies to “subscribers” and not just any user who happens to watch a video on a website. What constitutes a “subscriber” can get tricky though. Some courts have held that subscribing to a mailing list or newsletter may be sufficient, while other courts have reached a different conclusion and required a subscription to video services or video content.
Second, what constitutes “personally identifiable information” under the VPPA is also litigated. The Third Circuit has held that under the VPPA, personally identifiable information (“PII”) is limited only to “information that would, with little or no extra effort, permit an ordinary recipient to identify a particular person’s video-watching habits.” Thus, in In re Nickelodeon, the Third Circuit held that “static identifiers” such as an IP address would not allow an ordinary person to determine which videos were viewed online and thus, not actionable under the VPPA. However, courts have regularly held that a Facebook ID is sufficient to constitute PII because it can be easily and directly tied to an individual through that individual’s Facebook account.
Third, the VPPA specifically pertains to pre-recorded videos, and does not apply to live-stream content.
Lastly, the statutory language provides an explicit exemption from the VPPA if a company obtains affirmative, written consent from the user prior to the collection and transmission of a user’s purported video-watching history. There are specific codified requirements to obtain consent under the VPPA including, among other things, providing “a form distinct and separate from any form setting forth other legal or financial obligations of the consumer.” Thus, obtaining consent under the VPPA may look different than obtaining consent sufficient under wiretapping statutes as detailed in our article linked here.
If you have questions about how to navigate this legal landscape, or if your company has been served a pre-litigation demand letter, please reach out to the Coblentz Data Privacy & Cybersecurity Team to discuss the various legal defenses available to your company. There is no one-size-fits-all approach. Navigating this (constantly changing) area of law requires a determination of your business needs, business model, and a well-thought-out and bespoke approach.
 See e.g., Belozerov v. Gannett Co., Inc., —F. Supp. 3d—-, 2022 WL 17832185 (D. Mass. 2022).
 Harris v. Public Broadcasting Serv., —F.Supp.3d—-, 2023 WL 2583118, at *3 (N.D. Ga. 2023)
 See Salazar v. Paramount Global d/b/a 247Sports, 22-cv-00756, Dkt No. 33 (M.D. Tenn. July 18, 2023); see also Austin-Spearman v. AMC Network Entertainment LLC, 98 F. Supp. 3d 662 (S.D.N.Y. 2015).
 In re Nickelodeon Consumer Privacy Litig., 827 F.3d 262, 284 (3d Cir. 2016).
 See also White v. Samsung Elec. Am., Inc., Civ. No. 17-1775, 2019 WL 8886485, at *5 (D. N.J. Aug. 21, 2019) (granting Samsung’s motion to dismiss the VPPA claim because allegations of only obtaining IP addresses, MAC addresses, and zip codes do not constitute PII under VPPA).
 Stark v. Patreon, 635 F. Supp. 3d 841, 852 (N.D. Cal. 2022).
 18 U.S.C. § 2710.
 Id. § 2710(b)(2)(B).