- Emergency Consultation Services
- Risk Management Services
- Who We Are
- Our People
- What We Do
- Why We Are Different
- What’s New
- Where We Are
By: Jonathan Romvary
A federal court recently determined that the sharing of an individual’s device identification number and the videos watched does not violate federal privacy laws. In Eichenberger v. ESPN, Inc. , 2017 BL 427074, 9th Cir., No. 15-35449 (Nov. 29, 2017), the Ninth Circuit held that an individual’s Roku Inc. device serial number and a list of the ESPN videos watched does not qualify as personally identifiable information (PII) under the Video Privacy Protection Act (VPPA) such that ESPN’s sharing of the information with a third party did not violate VPPA protections.
What did the Court hold?
The three-judge panel held that while the plaintiff had standing under the Court’s Spokeo ruling, he could not continue with his suit because the shared information was not personally identifiable under the VPPA. The panel adopted and expanded the Third Circuit’s 2016 Viacom ruling that information can only be considered personally identifiable if an ordinary person could use it to pinpoint a specific individual’s video-watching behavior. Here, an individual would require the data to be combined with other personal information that ESPN never shared or possessed.
Why is this important?
The impact of the Ninth Circuit’s ruling may be far reaching. Nowadays, technology service providers and app developers are moving away from identifying their users by their names. They now utilize a variety of alphanumeric identifiers to identify their users, whether it is the unique identification number of the user’s device (see ESPN) or a unique user account identification number. Without more, the average user is unable to identify the person who watched. As one observer noted, this ruling may pave the way for companies such as Hulu, Netflix, Google and Facebook to optimize their user experience to provide more targeted marketing without violating federal statute.
In recent years, plaintiffs have filed a serious of class actions alleging violations of the VPPA against companies such as Fandango, Blockbuster, Overstock.com, Gamefly, Redbox, Best Buy, Netflix, and Hulu. The attractiveness of these suits is likely because plaintiffs can argue that violations are punishable by $2,500 in statutory damages per violation. However, as this court’s ruling indicates, every technological advancement away from the brick and mortar video rental stores away will make it harder for a plaintiff to sustain a successful claim.
However, the impact should also not be overstated. Despite this win for technology providers in the Ninth Circuit, there remains the matter of Yershov v. Gannett Satellite Information Network, Inc., No. 15-1719 (1st Cir. Apr. 29, 2016) which held that the disclosure of an individual’s viewing data along with the device’s unique identifier and device’s GPS information constituted PII such that the disclosure may violate the VPPA. The fact remains that there is still much uncertainty about the scope and viability of the VPPA.
If you have any questions or would like more information on this developing issue please contact Jonathan Romvary at [email protected].