It’s no secret that plaintiffs firms have been developing legal theories relating to third-party software technologies used on websites. This includes a recent spike in lawsuits alleging that websites running the Meta “Pixel” code are violating the Video Privacy Protection Act (VPPA) by sharing information about visitors’ video-viewing habits and history with Meta. These lawsuits continue the growing trend of consumer privacy class action litigation across the country and represent a significant risk to a wide variety of companies. This article provides an overview of the VPPA and best practices for your company to mitigate these potential risks.

VPPA Overview

The VPPA was enacted by Congress in 1988 after then-Supreme Court nominee Robert Bork’s video rental history was leaked to a news organization without his consent. Under the VPPA, a “video tape service provider” is generally prohibited from disclosing the personally identifiable information (PII) of a consumer derived from specific video materials or services without their consent. A video tape service provider includes any person engaged in the business of the rental, sale, or delivery of video tapes or “similar audio-visual materials.” The open-ended language of that definition has allowed the VPPA to evolve with technology over the last 35 years and is now being used by plaintiffs counsel to target companies in a variety of industries.