N.D. California Dismisses VPPA Class Action Against Netflix

Published On September 12, 2012 | By Melissa Maalouf | Class Action, Litigation, Privacy, Video Privacy Protection Act (VPPA)

On 8/17/12, the North District of California granted Netflix’s motion to dismiss a class action alleging that the company violated the Video Privacy Protection Act (“VPPA”) and California Civil Code § 1799.3(a) by displaying a list of recently viewed and intended-to-be-viewed videos on users’ TV screens while other individuals were also present and able to view the users’ screens.  (Mollet v. Netflix, Inc., No. 5:11–CV–01629–EJD)

Plaintiffs claimed that some subscribers access Netflix’s Internet video streaming service through a “Netflix Ready Device” (such as a video game console, a DVD or Blu-ray player, an Internet-ready TV, or a set-top box), which can then be used to stream Netflix video content to users’ TVs.  The plaintiffs alleged that once configured, the device allowed anyone who accessed the device or anyone (such as family members in the same home) watching the same screen to which the device was attached to see lists of the subscriber’s recently watched video titles, tagged titles for later viewing, and other custom-generated lists of content.  The plaintiffs argued that such unrestricted display of each of these lists on a subscriber’s TV violated the VPPA and § 1799.3, both of which prohibit video tape/rental service providers from disclosing personally identifiable information (“PII”) concerning any consumer to any person other than that consumer.   Under the statutes, PII includes information identifying the types of video content or services obtained by an individual.

The court granted the motion to dismiss for two reasons.  First, the court agreed with Netflix that the disclosures of video content were made to the subscribers themselves in accordance with the statutes.   The court explained that because during the initial set-up of a Netflix Ready Device each plaintiff had to log into his account and affirmatively agree to couple the device with the account, the plaintiffs themselves authorized their devices to access their accounts, and also authorized other members of their households to view their TV screens.  The court emphasized a provision in Netflix’s privacy policy informing users that they have the responsibility to keep their account information private, and if they share their accounts or devices with other people, they take full responsibility for such actions.  If the plaintiffs did not want their video lists to be disclosed to other members of their households, the court noted that they could have restricted access to their devices.

Second, the court agreed with Netflix that any third-party disclosures were not made knowingly under the VPPA or willingly under § 1799.3.  Although plaintiffs alleged that Netflix knew that some of its subscribers sometimes accessed their devices in the presence of other people, the court held that it was unable to draw a reasonable inference from the complaint that Netflix knew that people other than the plaintiffs were present when the devices displayed PII on any individual occasion.  Instead, the court concluded that those circumstances were necessarily outside of Netflix’s control or potential knowledge when it sent information to the devices.

 

About The Author

Melissa Maalouf’s practice focuses on advising a broad range of clients, from start-ups to established companies, on both U.S. and international data privacy and security issues. Melissa assists clients in drafting appropriate website disclosures, implementing legally-compliant e-commerce flows, responding to FTC Section 5 and state AG enforcement actions, analyzing advertising claims, and children’s online privacy and safety issues. She also regularly helps clients obtain certification under the EU-US Safe Harbor and navigate compliance with divergent international privacy laws.

Comments