Court Rules Video Privacy Act Applies Online

By John Wagley

A Northern California court has ruled that the Video Privacy Protection Act (VPPA), passed in 1988, applies to online streaming video companies just as it has to older brick-and-mortar video stores.

The decision means that a class action lawsuit against the streaming video company Hulu can proceed. Plaintiffs have accused Hulu of unlawfully sharing their video selections and other personal data with third parties including ad networks, marketing firms, and social networking sites. The decision is the first time a court has ruled the VPPA applies to streaming services.

The ruling noted that the VPPA applies to “video service providers.” This refers to “any person, engaged in the business, in or affecting interstate or foreign commerce, of rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials.” The ruling therefore stated that whether Hulu is a “video tape service provider” depends on the scope of the phrase “similar audio visual materials.”

Hulu contended that “materials” are “composed of physical matter,” according to the ruling. But the judge disagreed, stating that the law could also apply to digital content provided online.

Hulu also stated that the plaintiffs were not actual “consumers” under the VPPA, which defines them as a “renter, purchaser, or subscriber of goods or services from a video tape service provider,” because the plaintiffs didn’t pay for Hulu’s services. But the court ruled that the word “subscriber” didn’t necessarily only mean paid subscribers.

Hulu also argued that it had not violated the VPPA because the act says businesses can share such information if it is “incident to the ordinary course of business.” Hulu argued that the information sharing was needed to “facilitate many aspects of their businesses, including in-stream advertising, analytics, and transmission to users.” But the court disagreed, saying such activities were not required to deliver video content to consumers.

The company allegedly allowed a metrics company called Kissmetrics to place tracking mechanisms, or Internet cookies, on users’ computers that would continue to collect data even after users had taken steps to delete them.

♦ Photo by Flickr/Evan Hamilton



View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.