everal prominent companies have been hit with digital privacy class action suits over the past week in the Northern District of Illinois. Lisa Cuevas filed a class action in the Northern District of Illinois against Bloomberg L.P., alleging violations of the federal Video Privacy Protection Act, 18 U.S.C. Section 2711 (“VPPA”). Plaintiff claims that Defendant’s knowingly disclosure digital privacy information of its digital subscribers to a third-party. Namely, the purported information was distributed to Meta (parent company of Facebook).Brittney Wright’s case against Buzzfeed brings forward a largely identical claim as the one brought against Bloomberg just a few weeks prior. Likewise, there is another similar suit pending, which was filed recently, against Warner Brothers by the same firm, Peiffer, Wolf, Carr, Kane, Conway & Wise. A similar suit was filed against Time Warner.
The Bloomberg LP complaint alleges the company distributed personal Facebook Identification information and viewed video URL information to Meta. This information was distributed via the Facebook Pixel, which facilitates the transfer of personal data.
While cookies are a near constant across the internet, each of these complaints include a fairly robust discussion of the respective obligations under federal Video Privacy Protection Act, specifically for subscription services. Each of these complaints indicate that paid subscribers to premium services, had their personally identifiable viewing information released to the third-party, Meta, without first obtain written consent from the user.
One provision cited in the complaints of the Video Privacy Protection Act requires that consent to collect personally identifiable information must be collected “in a form distinct and separate from any form setting forth other legal or financial obligations of the consumer.”
While these suits seem on their surface similar to the numerous recent claims under Illinois’ Biometric Information Privacy Act (740 ILCS 14/5), there are some stark differences. For starters, the Illinois Act was passed in 2008, and it largely sought to protect consumers from the issues discussed in the Act. The Video Privacy Protection Act, on the other hand, was passed in 1988 in response to Robert Bork’s VHS rental history being released during his Supreme Court nomination history.
Besides the expansion beyond VHS or video rentals, another stark difference arises as well. The federal law authorizes up to $2,500 in actual damages for disclosure outside the ordinary course of business. This stands in stark contrast to the Illinois biometric law, which does not require a showing of actual damages.
One thing that stands out in this case is not just that it alleges a violation of BIPA, but it also alleges a violation of a several decades-old Video privacy law. The Facebook Pixel has been a point of controversy for many companies, evidently in the video space especially.