On June 8, magazine publisher Trusted Media Brands, Inc. settled a class action lawsuit for $8.2 million after purportedly disclosing the personal information and magazine choices of customers to third parties. The lawsuit, Taylor v. Trusted Media Brands, Inc., No. 7:16-cv-01812 (S.D.N.Y. June 8, 2017), alleged that the publisher’s actions violated Michigan’s Video Rental Privacy Act (VRPA), demonstrating the sometimes hidden legal risks of data monetization.
VRPA, inspired by the federal Video Privacy Protection Act, was passed in 1988 and applies to the purchase, rental, or borrowing of certain materials. In essence, the law prohibits a person engaged in the business of selling, renting or lending written material, sound recordings, or video recordings from disclosing a “record or information that personally identifies the customer as having purchased, leased, rented, or borrowed those materials.” Courts have previously ruled that the law applies more broadly than one might expect, and Taylor is just the latest VRPA case involving the sale of magazine subscriber data. Trusted Media Brands is alleged to have violated VRPA by selling a host of information about its subscribers, including name, age, ethnicity, gender, and religion, to list brokers. The list brokers in turn sold that information to telemarketers and other advertisers. These disclosures occurred without consent of or prior notice to the data subjects.
Taylor and cases like it demonstrate the sometimes hidden legal hurdles facing data monetization and other secondary data use initiatives. While such efforts may not generally implicate federal laws, some states have privacy and privacy-related laws on the books, including laws which allow for private lawsuits. These overlooked laws may pose a serious risk to companies that are looking to monetize customer data. Notably in the case of VRPA, however, a July 2016 amendment clarifying that only individuals with actual damages could sue may limit the number of future lawsuits.