Data Mapping: Frequently Asked Questions
Most people find data privacy compliance to be complicated enough....Read Now
December 14, 2023
When it was enacted in 1988, the Video Privacy Protection Act (VPPA) was meant to protect consumer data from being shared by video rental companies like Blockbuster. As video rentals have given way to streaming, however, its application has evolved.
Class action lawsuits have cropped up throughout the United States, including dozens of filings against Meta’s Pixel tracking tool — they assert that Meta’s pixel tool use violates the VPPA by tracking viewing history and protected consumer data. And this is just one of many ways the VPPA has been interpreted in the last 35+ years.
As rulings based on this law continue to transform in the digital age, businesses face uncertainties regarding online practices.
Initially, the VPPA aimed to hold videotape service providers liable for knowingly disclosing personal information without written consent. Until 2022, the VPPA was rarely cited in consumer privacy lawsuits. These cases reframed “video tape service providers” as any website with video content and user-tracking pixel tools. Additionally, users don't need to be paying customers to assert a VPPA claim.
Recent legal disputes underscore the complexity of data sharing in the online space, where user expectations clash with a lack of legislation for data governance. The wave of VPPA claims in 2023 has resulted in over 70% being dismissed by a judge or voluntarily before the defendant responded. In Carroll v. General Mills, the court dismissed the claim of video data sharing when the videos in question were “a peripheral part of its marketing strategy.”
The two largest settlements involving video data tracking – Sony Corp. and the Boston Globe – have largely limited the law’s reach to businesses and websites that offer video content. At a minimum, companies violating the VPPA may pay a fine of up to $2,500, plus punitive damages, attorney fees, litigation costs, and additional equitable relief.
But even the minimum legal costs to file a motion to dismiss can be avoided with proactive data management.
To mitigate any risks associated with the VPPA, you need to invest in privacy compliance. In general, your company should aim to disclose all of your tracking methods and give your customers the option to decline tracking. These four tips will guide you in that direction and potentially help you avoid unnecessary litigation.
Complying with the VPPA today demands the same commitment to transparency as it did when enacted in 1988. Communications should answer key questions about how data is collected, processed, and shared with third parties, such as:
Obtaining explicit consent from users before collecting any data is vital. Proactive consent can be as simple as incorporating proper language into cookie preference banners. For example, a GDPR-compliant consent form must:
Prioritizing user awareness and control over how data is used reflects your commitment to privacy best practices.
Any time you add new cookies or make updates to comply with new data laws you have the opportunity to audit your policies. For instance, the Utah Consumer Privacy Act (UCPA) – one of many state laws that requires businesses to inform consumers on how data is used – goes into effect on December 31, 2023 and mandates a privacy notice that includes:
With tracking tools like Meta’s Pixel serving as a common target for VPPA claims, minimizing your exposure to this type of tracking is a proactive strategy. Data collecting technologies should be tailored to limit the data they collect or share by:
Partnering with Osano helps keep data privacy compliance simple for your organization – from starting your privacy program to reducing risk and sustaining customer trust.
Rather than reacting to privacy challenges, our consent solutions can help you take a proactive stance in identifying and managing VPPA risks to reduce potential fines or penalties — before they happen.
From initial assessments to adapting to regulatory changes, Osano ensures that your business remains well-prepared to navigate the complexities of the VPPA and other data privacy regulations.
Stay ahead of shifting regulatory landscapes and protect your business with Osano's comprehensive platform. Schedule a demo today.
If you tackle the steps in this data privacy compliance checklist in order, you should be in a good place to tailor your privacy program for compliance with the laws that matter most to your organization.Download Now
Seanna Tucker is the Brand & Communication Manager at Osano. She’s been a writer, brand strategist, and content strategist for over ten years, bringing marketing expertise to consulting firms, manufacturing companies, and IT enterprises. Outside work, she enjoys reading, analyzing TV and films with her wife, and cuddling her two bunnies (when they let her).