Federal Court Rejects VPPA Claim Based on Disclosure of IP Addresses and Unique Device Identifiers
In an important decision that has the potential to stem the tide of Video Privacy Protection Act (“VPPA”) lawsuits, a federal judge in the District of New Jersey dismissed on the pleadings a VPPA claim against Viacom on the grounds that device identifiers, cookie IDs, and IP addresses when linked to video titles are not personally identifiable information under the VPPA. Rather, “PII is information which must, without more, itself link an actual person to actual video materials.” In so ruling, the court made clear that it is not sufficient for plaintiffs to allege that the information that may be disclosed along with a video title could, after further investigation, lead to the identification of a specific person. Instead, the disclosed information itself, standing alone, must be akin to a name, and must provide a “tangible, immediate link.”
This decision helps clarify the mild uncertainty that existed after the Hulu decision earlier this year, in which the court ruled that disclosing a Facebook ID to Facebook in connection with a video title, could result in a violation of the VPPA, while the disclosure of certain anonymous identifiers in connection with a video title to ComScore could not. As the court in In re Nickelodeon Consumer Privacy Litigation explained, “in a socially networked world a Facebook ID is at least arguably ‘akin’ to an actual name that serves to identify an actual person.” However, in the court’s view, where a disclosure could result in the identification of a person only after the recipient connects the disclosed data with data obtained from other sources, the VPPA is not violated.
The court dismissed the VPPA claim without prejudice.