Sports streaming site settles for $2.6MM in VPPA class suit

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

United States

$2.6MM VPPA Class Settlement Receives Preliminary Approval

A Massachusetts federal judge granted preliminary approval of a $2.6MM settlement in a class action against event streaming company FloSports (case 1:22-cv-11502-AK).

The lawsuit alleged FloSports violated the Video Privacy Protection Act by installing and running the Facebook Pixel on its website, thereby disclosing identifiable video viewing information.

A final hearing is scheduled for January 2024.

TAKEAWAY

This is not the first major VPPA settlement regarding use of the Facebook (Meta) pixel coming out of Massachusetts.

Boston Globe entered into a $4MM settlement agreement earlier this year over similar allegations (case 1:22-cv-10195-RGS).

As part of the FloSports and Boston Globe settlements, the defendants agreed to either (a) suspend operations of the Facebook pixel on webpages that both include video content and have a URL that identifies the video content viewed; or (b) obtain VPPA-compliant consent for use of the pixel in such manner. 

Wondering what’s behind the surge in VPPA class actions? Read more on our blog.

GLOBAL

Global DPAs Issue Joint Statement on Data Scraping Privacy

In a joint statement issued August 24, 2023, data protection authorities from 12 countries worldwide set out their expectations of websites to ensure the protection of publicly available personal information from data scraping in compliance with applicable privacy laws.

In particular, the statement first noted that websites are responsible for protecting individuals’ personal information from unlawful data scraping and should implement multi-layered technical and procedural controls to mitigate the risks, including to protect against, monitor for, and respond to scraping activities.

Some examples of possible measures suggested by the statement include limiting the number of visits by one account to other account profiles, monitoring for abnormally high activity, identifying patterns in bot activity to detect scrapers, blocking IP addresses and/or taking legal action where data scraping is identified, notifying users of scraping that constitutes a security breach, creating user awareness of scraping and measures to protect against it, and responding to threats of malicious activity.

The statement included DPA signatories from Australia, Canada, UK, Hong Kong/China, Switzerland, Norway, New Zealand, Columbia, Jersey, Morocco, Argentina and Mexico.

TAKEAWAY

Web scraping has been identified as a global focus area in recent years.

A resolution on the strategic direction of the Global Privacy Assembly (GPA) for 2021-2023 and a subsequent September 2022 report by the GPA Digital Economy working group identified web scraping as one of many focus topics relating to surveillance of citizens and consumers in the digital economy.

The GPA Digital Economy working group includes members from Morocco, UK, France, Luxembourg, Philippines, Turkey, Gabon, Mexico, EDPB (European Data Protection Board), USA, San Marino, Senegal, Côte d’Ivoire, Germany, Macao, Argentina, Burkina Faso, and Andorra.       

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.