In re Nickelodeon is a class action lawsuit brought in the U.S. District Court for the District of New Jersey in response to the collection of users information by Nick.com. The Plaintiffs, a class of children under the age of thirteen who visited Nick.com, sued Defendants Viacom and Google for violating privacy laws. Specifically, Plaintiffs alleged violations of the Video Privacy Protection Act (VPPA) by Viacom and of the New Jersey Computer Related Offenses (CROA) by both Defendants; the Plaintiffs also brought claims of intrusion upon seclusion against both Defendants. In January 2015, the District Court dismissed the case, finding that Plaintiffs failed to state a plausible claim. Plaintiffs plan to appeal the ruling to the U.S. Court of Appeals for the Third Circuit.
Viacom operates various child directed websites including Nick.com where children are encouraged to register and create personal profiles. Through those profiles, Viacom gathers childrens’ information such as their gender, birthday, and unique profile name. When children stream videos or play games on Nick.com, Viacom creates a record of their gender and birthday—called the “rugrat” code-and the name of the video played. Viacom shares that information with Google.
Viacom also places cookies on childrens’ computers without consent of the children or their parents. These cookies allow Viacom to gather information about its users including their IP address, device and browser settings, and browsing history. Viacom shares this cookie information with Google. In addition, Viacom permits Google to place its own cookies on Plaintiffs’ computers and to access information from these cookies. Google’s cookies, alleged Plaintiffs, assign to each Plaintiff a “unique numeric or alphanumeric identifier” that becomes “connected to” the information Viacom discloses to Google about that Plaintiff. The purpose of this information is to sell and conduct targeted advertising.
District Court of New Jersey
In October 2013, Plaintiffs filed a complaint against Viacom and Google alleging seven causes of action. Three were violations of federal statutes: the VPPA, Wiretap Act, and Stored Communications Act (SCA). Four were state law causes of action: California’s Invasion of Privacy Act, and New Jersey’s CROA, intrusion upon seclusion, and unjust enrichment. Defendants moved to dismiss the case arguing that Plaintiffs’ complaint failed to claims upon which relief could be granted. The court agreed, in part, but allowed Plaintiffs to amend the complaint and cure deficiencies regarding the VPPA, CROA, and intrusion upon seclusion claims.
The next year, Plaintiffs filed an amended complaint and, again, Defendants moved to dismiss. The court dismissed the amended claims with prejudice, ruling the Plaintiffs failed to “state a claim for relief that is plausible on its face.”
Video Privacy Protection Act (VPPA)
A video tape service provider (VTSP) , violates the VPPA if it “knowingly discloses, to any person, personally identifiable information concerning any consumer of such provider . . . .” 18 U.S.C. § 2710(b). Personally identifiable information (PII) under the VPPA “includes information which identifies a person as having requested or obtained specific video materials or services from a [VTSP].” § 2710(a)(3). The court ruled that Plaintiffs failed to make a plausible claim under the VPPA because it was “entirely theoretical.” PII, according to the court, “is information which must, without more, itself link an actual person to actual video materials.” And the IP addresses and other information collected from Plaintiffs “could not, either individually or in the aggregate, identify a Plaintiff and what video they had watched.” Plaintiffs argued that the data collected by Nick.com, combined with Google’s troves of data on its registered users, was PII under the VPPA. But even if that were the case, observed the court, Plaintiffs failed to identify any particular plaintiff that had registered for Google’s services.
EPIC’s Interest in In re Nickelodeon
EPIC has an interest in protecting the privacy of consumer information entrusted to businesses. EPIC strongly supports the President’s Consumer Privacy Bill of Rights (CPBR), which establishes responsibilities for companies that collect and use personal information, and encourages the FTC to require its implementation when it settles with privacy-violating companies. In the case of video privacy, Congress has made clear through the VPPA, that consumers’ video viewing history must be kept private and only disclosed in narrow circumstances.
United States Court of Appeals for the Third Circuit