Blog
Paramount Hit With VPPA Class Action
November 5, 2024
Want to receive these privacy recaps that matter to consent management, adtech and martech in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
USA
Paramount Hit With VPPA Class Action
A class action complaint (Case 1:24-cv-08312) was filed in the Southern District of New York (SDNY) November 1, 2024 alleging that Paramount Global violated the Video Privacy Protection Act (VPPA) by knowingly disclosing subscriber viewing information to Facebook, TikTok and other third parties through tracking tools on the company’s website and apps without subscriber consent.
TAKEAWAY
This complaint comes less than three weeks after the Second Circuit Court of Appeals reversed a SDNY dismissal of a VPPA class action against the NBA, finding that the SDNY court erred in holding that individuals who signed up for an online newsletter are not “subscribers” under the law. In this case against Paramount, the “subscribers” at issue, according to the complaint, must have registered with Paramount to be granted access to on-demand prerecorded video content, the delivery of which is Paramount’s primary business. The complaint alleges that subscribers’ granular website and app activity, including the names of specific videos that subscribers requested and/or viewed, were sent to Facebook and other third parties through tracking tools and pixels.
To mitigate risk of class action litigation under VPPA and other laws, compliance monitoring is a must. To learn more, view our on-demand webinar with BakerHostetler.
CPPA Announces Enforcement Sweep of Unregistered Data Brokers
The California Privacy Protection Act’s Enforcement Division announced that it will be conducting an investigative sweep to take action against data brokers that have failed to register with the CPPA under the Delete Act. Companies that fall into the definition of a “data broker” (specifically, “a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship”) were required to register with the CPPA by January 31, 2024 or be subject to a penalty of $200 per day of failing to register.
TAKEAWAY
A company’s designation as a “data broker” under the Delete Act currently only comes with certain registration and disclosure requirements, but starting in 2026, data brokers will be required to listen for and respect deletion requests submitted by consumers to a central deletion mechanism maintained by the CPPA, which, depending on the implementation and popularity of the mechanism, may have operational and revenue impacts far greater than the threat of regulatory penalties. Companies that are unsure whether they fall under the “data broker” definition may therefore be hesitant to error on the side of registration.
Want more of the privacy highlights that matter for consent management, adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
FTC and Sensitive Location Data; New Pen Register Class Actions
December 9, 2024FTC takes action against the sale of sensitive data...
California CPPA Issues Notice of Proposed Rulemaking
November 25, 2024News out of California this week. The CPPA moved...
Mitigating risk under the Video Privacy Protection Act (VPPA)
November 23, 2024Because VPPA is just one of many tools being...
Latest White Papers
E-book: Enterprise Guide To Cookie management & Tracker List Curation
July 1, 2024How to review the tracking tech on your websites...
Benchmark Report: US Privacy Compliance
August 19, 2022The current state of publisher compliance with CCPA, and...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.