Blog

Paramount Hit With VPPA Class Action

Julie Rubash, General Counsel and Chief Privacy Officer
November 5, 2024

USA

Paramount Hit With VPPA Class Action

A class action complaint (Case 1:24-cv-08312) was filed in the Southern District of New York (SDNY) November 1, 2024 alleging that Paramount Global violated the Video Privacy Protection Act (VPPA) by knowingly disclosing subscriber viewing information to Facebook, TikTok and other third parties through tracking tools on the company’s website and apps without subscriber consent.

TAKEAWAY

This complaint comes less than three weeks after the Second Circuit Court of Appeals reversed a SDNY dismissal of a VPPA class action against the NBA, finding that the SDNY court erred in holding that individuals who signed up for an online newsletter are not “subscribers” under the law. In this case against Paramount, the “subscribers” at issue, according to the complaint, must have registered with Paramount to be granted access to on-demand prerecorded video content, the delivery of which is Paramount’s primary business. The complaint alleges that subscribers’ granular website and app activity, including the names of specific videos that subscribers requested and/or viewed, were sent to Facebook and other third parties through tracking tools and pixels.   

To mitigate risk of class action litigation under VPPA and other laws, compliance monitoring is a must. To learn more, view our on-demand webinar with BakerHostetler.

CPPA Announces Enforcement Sweep of Unregistered Data Brokers

The California Privacy Protection Act’s Enforcement Division announced that it will be conducting an investigative sweep to take action against data brokers that have failed to register with the CPPA under the Delete Act. Companies that fall into the definition of a “data broker” (specifically, “a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship”) were required to register with the CPPA by January 31, 2024 or be subject to a penalty of $200 per day of failing to register.

TAKEAWAY

A company’s designation as a “data broker” under the Delete Act currently only comes with certain registration and disclosure requirements, but starting in 2026, data brokers will be required to listen for and respect deletion requests submitted by consumers to a central deletion mechanism maintained by the CPPA, which, depending on the implementation and popularity of the mechanism, may have operational and revenue impacts far greater than the threat of regulatory penalties. Companies that are unsure whether they fall under the “data broker” definition may therefore be hesitant to error on the side of registration. 

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

The CNIL Orders Website Publishers to Modify Misleading Cookie Banners

December 16, 2024

The CNIL orders website publishers to modifying misleading cookie...

What I’ve Learned About Privacy Law as a Marketer for a Privacy Company

December 16, 2024

I recently attended a privacy law event that Sourcepoint...

FTC and Sensitive Location Data; New Pen Register Class Actions

December 9, 2024

FTC takes action against the sale of sensitive data...

Latest White Papers

E-book: Enterprise Guide To Cookie management & Tracker List Curation

July 1, 2024

How to review the tracking tech on your websites...

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]