Any company that has a website that (a) contains videos, (b) uses a third-party analytics company to maintain metrics on page views and/or (c) allows users to “like” videos on the site should pay very close attention to the In re Hulu Privacy Litigation pending in the United States District Court of Northern California. In that case, the plaintiffs are seeking statutory damages of $2,500 per violation for alleged video sharing in violation of the Video Privacy Protection Act (VPPA). As there are millions of views per day on the Hulu site, the alleged statutory damages could represent significant exposures. As the practices that are being challenged in the Hulu case are so commonplace for websites, the case is being watch closely by business and could change the way many websites and mobile apps deliver streaming content.
Hulu has made several attempts to end the case through motions to dismiss and one motion for summary judgment on harm that was recently decided in December 2013. See Alston & Bird Client Alert, “2013 Ends with a Bang – Northern District of California Denies Hulu’s Motion for Summary Judgment in Video Tracking Case.” Before the court now is Hulu’s final motion for summary judgment, which is based upon the contention that Hulu has not violated the VPPA because it did not disclose any PII or video viewing. Our take-away from the hearing on Hulu’s motion for summary judgment was that the court seemed to be focused on whether the disclosure of a Facebook ID was the equivalent of disclosing a user’s name in connection with viewing information. The court announced its intention to delve further into the application of the facts to this principle in order to reach a decision as to Hulu’s motion for summary judgment, as well as the plaintiffs’ motion for class certification. No matter the outcome, the court’s decision in Hulu threatens to make VPPA litigation the next vehicle for plaintiffs’ lawyers to seek what has been described as “annihilating damages” from companies who stream video on their websites and mobile applications.
The full Cyber Alert is available here.
Written by Kim Chemerinsky, Senior Associate, Privacy & Data Security | Alston & Bird LLP