2022 has seen a remarkable spike in video privacy litigation. Bloomberg Law reports that September 2022 saw the most significant rise in video privacy lawsuits, accounting for more than half of the cases filed across the year to date. The lawsuits, some of which have been filed as class action lawsuits, have been taken out against a variety of businesses and organizations, ranging from the NFL to CNN to DoorDash. The litigation accuses these bodies of violating the VPPA, a law that came into force in 1988. In the simplest terms, the VPPA prohibits the sharing of a viewer’s viewing information with third parties without informed consent. And many of these organizations are accused of breaking the VPPA by sharing data without users’ knowledge or permission.
The Video Privacy Protection Act is a piece of legislation that forms part of Federal Law in the United States. Among other things, it states that businesses and organizations are not permitted to share information about your viewing habits with third parties. If, for example, you watch a football video online on the ESPN website, ESPN is not permitted to share the information with a third party without your consent. And it’s crucial to point out that the basic user agreement or cookie consent forms you tick on a website do not usually satisfy VPPA. It states that the consent must be “informed” and, in some cases, obtained in writing.
If the online privacy of you or a loved one was invaded you may be entitled to compensation.
The VPPA is a Reagan-era principle that was signed into law in 1988. It came about after the video-rental history of Robert Bork, a Supreme Court Justice nominee, was leaked to the media. The publishing of Bork’s rental history, while not scandalous in and of itself, was regarded by some lawmakers as a serious breach of privacy. The legacy of that leak was the creation of the VPPA. Of course, lawmakers back then were legislating in a world of physical VHS tapes. But the principles of VPPA still apply today, even if you watch a short video clip on a platform like YouTube, Facebook, or a news website.
The issue of data privacy is one of the great questions of our time. In terms of litigation, there were very few online privacy lawsuits that cited the VPPA in the late 1990s and early 2000s when we first experienced mainstream internet adoption. But things changed in 2007, a pivotal year that saw a seminal class-action lawsuit taken out against Facebook, as well as 33 other companies linked to its Facebook Beacon program. Since then, we have seen numerous cases come to the courts in the United States and abroad, with many of the world’s largest companies sued for huge amounts of money over how they have used – and misused – our data. Below we list some of the significant cases:
Facebook (now Meta) has been subject to several major privacy lawsuits throughout the years, some of which have resulted in the Big Tech company paying out huge sums of money in compensation. For instance, the company was forced to pay $650 million in a privacy lawsuit settlement by an Illinois judge in 2021.
Samsung, one of the world’s largest manufacturers of smartphones and electronics, has faced numerous data violation lawsuits, including the unlawful collection of biometric data and failure to protect users from data breaches.
The parent of TikTok, one of the world’s most popular social media apps, was forced to pay $92 million in a settlement after violating privacy laws. The company was accused of improperly holding users’ facial recognition data.
After searching, could not find anything about a specific lawsuit addressing privacy issues with Galaxy. If you want, you can use this vague paragraph:
The Galaxy range of smartphones and tablets is among the most popular devices made by Samsung. Users of those devices, millions of whom are American, may have seen their privacy violated due to Samsung’s alleged misuse of biometric data.
In August 2022, Snapchat agreed to pay a $32 million settlement to resolve a privacy class action lawsuit. The company was accused of offering features that violated the Biometric Information Privacy Act.
The video conferencing software company Zoom agreed to pay $86 million to settle a data privacy class action lawsuit in 2021. The company was accused of sharing users’ information with third parties, including Facebook and Google.
While Apple often promotes itself on the privacy and security of its products, it has faced several privacy lawsuits from users over the years. This includes a 2021 Apple class action lawsuit where users claimed the company’s SIRI voice assistant feature recorded private conversations.
Instagram, which is owned by Facebook/Meta, has faced several data privacy lawsuits, including a 2020 lawsuit that accused the company of collecting users’ facial data without consent.
As with rival product SIRI, Amazon’s Alexa assistant was involved in a lawsuit where the company was accused of recording users’ conversations.
Netflix has faced many different privacy violation lawsuits going all the way back to its days as a DVD rental service. It has paid millions of dollars in fines and has been forced to update its privacy policies as a result.
Twitter has also faced numerous user privacy lawsuits. For instance, in 2020, a class action lawsuit was launched against the company for sharing security information, including user phone numbers, with advertisers.
Plaid is a financial technology company that acts as something of a middleman between customers and banks. Last year, it agreed to settle a class action for $58 million after obtaining users’ financial information without their permission.
If the online privacy of you or a loved one was invaded you may be entitled to compensation.
The Children’s Online Privacy Protection Act (COPPA) was a federal law signed in 1998, coming into effect in April 2000. The law requires operators of websites, apps, and other digital platforms to comply with several provisions covering data protection and confidentiality around children’s (anyone under 13) online activity. For example, an online platform might be required to seek parental consent if it intends to obtain information from a minor using its product. COPPA is widely regarded as being difficult and expensive for major platforms to comply with, leading to many social media platforms disallowing anyone under the age of 13 to sign up for an account.
There isn’t a single coordinated series of VPPA lawsuits happening right now in the United States. Instead, we might look at it as a growing trend. As mentioned above, September 2022 saw over 20 separate VPPA lawsuits launched in the United States. In October 2022, we saw new cases also reach the courts. For instance, in late October 2022, a Louisiana woman started legal action against WTOP News, alleging that it violated the VPPA by collecting personal information obtained through video content on its platforms. The plaintiff is seeking class-action status on her lawsuit, meaning it could be a case that other WTOP News subscribers could join. Other organizations that are facing video privacy class-action lawsuits linked to VPPA infringements in 2022 include the Boston Globe, NBA, NFL, and FloSports.
Most of the lawsuits that cite VPPA can broadly be regarded as litigations that allege invasion of privacy. That was part of the legal reasoning back in 1988 when the VPPA became law. Of course, the digital world makes things somewhat trickier. It is widely accepted that some online platforms do – and should – collect our data. For instance, Netflix will use your viewing habits to inform its algorithms of the type of content you enjoy, allowing it to make personalized recommendations. That type of ‘in-house’ data collection does not violate the VPPA. The violation of the law comes when that data is handed over to third parties without our permission.
There have been many notable privacy lawsuit cases linked to violations of the VPPA over the last 15 years. A large number of the cases were linked to Facebook (now called Meta), which had operated a system known as Beacon. Facebook partnered with dozens of other online websites to feed information into Beacon, which would then place targeted advertisements on their Facebook feed. Facebook shut down Beacon as part of the settlement agreement for a class-action lawsuit. Of course, there are many other privacy lawsuit cases not linked to Facebook, but they all follow a similar structure. In the simplest sense, a platform that sells your data obtained through watching video content to a third party will be in violation of the VPPA if they do not have your permission to do so.
It is often the case in class action lawsuits that it can be difficult to estimate the amount the defendant must pay in a settlement. However, VPPA class action lawsuit lawyers can cite a very specific figure in this case – $2500 per claimant. The reason for this figure goes back to the VPPA, which states that businesses violating the act can be liable to pay up to $2500 in damages. Does this mean you will get $2500 for joining one of the VPPA class action lawsuits happening today? Not necessarily, as the VPPA lawsuit payout will depend on many different factors, but it acts as an important benchmark figure for claimants and privacy lawyers to consider.
In May 2022, the BBC released the results of a comprehensive study on how often our data is shared online. The numbers were staggering, showing that Americans, on average, had their data shared for advertising purposes up to 747 times per day, often without our consent. The study, and others like it, has caused regulators worldwide to examine how online companies are using our personal information for financial gain. Cases linked to VPPA violations represent just one portion of litigation against companies with an online presence accused of mishandling and profiting from our data. There are numerous regulations and data protection laws in the United States, including both federal and state laws, that prohibit companies from misusing our online data.
It is certainly the case that online privacy violations represent a specific area of the law. It is usually governed by civil – not criminal – law. Nonetheless, anyone hoping to litigate against a company will need the services of a specialist data privacy law firm or join an ongoing data privacy class action lawsuit.
What does the Video Privacy Protection Act do?
The VPPA prohibits companies from sharing information on your viewing habits to third parties. This covers both physical videos (VHS, DVDs) and online media.
Does VPPA apply to streaming services?
Yes. In 2012, a federal judge held that the VPPA applied to streaming services. The ruling came in a court case involving the streaming platform Hulu.
When was the VPPA passed?
The VPPA was passed in 1988. While it originally covered information held by video-rental companies, the law applies to the digital environment today. Effectively, any video you watch online is subject to the regulations set out in the VPPA.
Does the VPPA apply to Netflix?
Yes. As with Hulu mentioned above, Netflix is a streaming platform. While, per the user agreement, Netflix can collect data based on your viewing history, the VPPA restricts it from giving that data to third parties.
If the online privacy of you or a loved one was invaded you may be entitled to compensation.