Decisions Show Courts Division on VPPA Application

The Video Privacy Protection Act (VPPA) is the legal equivalent of finding your old VHS tapes in a box labeled “DO NOT OPEN” and realizing they can still ruin your day.
Congress wrote it in 1988back when “streaming” meant what your eyes did after you stayed up too lateyet today it’s fueling some of the most modern privacy fights in America:
tracking pixels, social-media IDs, video pages, and a simple question with a surprisingly complicated answer:
When does watching a video online become a federal privacy event?

Courts are now splitsometimes circuit-to-circuit, sometimes courthouse-to-courthouseover how the VPPA applies to websites and apps that show video content while quietly sending data to ad-tech partners.
The result: the same basic fact pattern can lead to a quick dismissal in one jurisdiction and a very expensive “see you in discovery” in another.
If you’re a business that hosts video (or even just sprinkles it on your website like parmesan), the VPPA is no longer niche trivia. It’s operational risk.

What the VPPA Actually Covers (And Why It’s Back)

At its core, the VPPA makes it unlawful for a “video tape service provider” to knowingly disclose a consumer’s “personally identifiable information” tied to requested or obtained video materialsunless an exception applies or the consumer gives consent.
The statute was famously sparked by the disclosure of Judge Robert Bork’s video rental records, but the law’s language has proven durable enough to reach modern data flowseven if it sometimes creaks like an old VCR.

The Three Definitions That Decide Almost Everything

• Video Tape Service Provider (VTSP): Is the company “engaged in the business” of delivering audiovisual materials (or something similar)?
• Consumer: Is the plaintiff a “renter, purchaser, or subscriber” of goods or services from that provider?
• Personally Identifiable Information (PII): Did the disclosure identify a person as having watched specific video materials?

Modern VPPA cases usually aren’t about a company selling “video tapes.” They’re about the digital equivalent of a leaky envelope:
Meta Pixel (or similar tools) allegedly sending a third party (like Meta) the URL of the video page a user visited plus an identifier that can be tied back to the user.
Plaintiffs argue that’s PII about video viewing. Defendants argue it’s either not “personally identifiable,” not tied to a “consumer,” or not from a real “video service provider.”

The Big Split #1: Who Counts as a “Consumer” When Video Is Free?

One of the sharpest divisions is over “subscriber” status. In the pixel-lawsuit era, many plaintiffs claim they’re “subscribers” because they signed up for a free newsletter, created a free account, or registered for updatesthen watched videos on the same site.
The key fight: does a subscription have to be for audiovisual content, or can it be any subscription relationship with a business that also offers videos?

The Narrow View: Subscription Must Be About Audiovisual Materials

The Sixth Circuit’s decision in Salazar v. Paramount Global is a modern landmark for the narrow approach.
The plaintiff subscribed to a 247Sports email newsletter and alleged that watching videos on the site while logged into Facebook allowed the Meta Pixel to send his viewing history and Facebook identifier to Meta without consent.
The Sixth Circuit affirmed dismissal, reasoning that “subscriber” status must be understood in context: the VPPA is about consumers of audiovisual goods or services, and subscribing to a newsletter alone doesn’t make you a VPPA consumer of the site’s videos.

If you’re a business, the narrow view is appealing because it keeps the VPPA from becoming a federal “gotcha” for any website that hosts a couple highlight clips.
If you’re a plaintiff, the narrow view is… less appealing (and that’s putting it politely).

The Broader View: Free Accounts and Data-for-Access Can Create “Subscriber” Status

The Seventh Circuit took a more expansive approach in Gardner v. MeTV.
There, plaintiffs alleged they signed up for MeTV accounts, provided personal information (like email and zip code), and watched videos while logged into Facebookagain teeing up the pixel-to-Meta data flow.
The Seventh Circuit concluded that a paid subscription is not required; exchanging information for access to features can be enough to create a subscriber relationship under the statute.

Under this broader approach, the VPPA can apply even when videos are freely available to the public, as long as there’s a meaningful subscription relationship for goods or services from the provider.
Translation: “free” doesn’t always mean “risk-free.”

A Middle Ground That Still Narrows: The D.C. Circuit Emphasizes Nexus to the Video Content

The D.C. Circuit added more texture in Pileggi v. Washington Newspaper Publishing Company (involving the Washington Examiner).
The plaintiff alleged she subscribed to an email newsletter, watched videos on the site, and that a tracking pixel disclosed data to Meta.
The D.C. Circuit held that a general newsletter subscriptionwithout consuming the specific video materials at issue through that subscription relationshipwas not enough to qualify as a VPPA consumer in that context.

Put differently: some courts want a clear connection between the subscription and the video consumption, not just “I subscribed to something on the site once, therefore everything on the site is covered forever.”

The Big Split #2: What Counts as “PII” When Data Is Technical (Or “Only Nerds Can Read It”)

Even if a plaintiff clears the “consumer” hurdle, many VPPA cases rise or fall on PII.
And here the courts disagree not only about the standard, but about how to apply it to the same modern tracking facts.

“Ordinary Person” vs. “Reasonable Foreseeability”

Several appellate courts have embraced an “ordinary person” approach: PII is information that would let an ordinary person identify a specific individual’s video-watching behavior without specialized tools or hidden datasets.
The Ninth Circuit’s decision in Eichenberger v. ESPN is often cited for this principle.
More recently, the Second Circuit applied a similar lens in Solomon v. Flipps Media, emphasizing that technical strings or embedded identifiers that don’t readily reveal a person’s viewing history to a typical observer may not qualify as PII.

By contrast, the First Circuit has used a “reasonable foreseeability” concept in earlier casesfocusing on whether the disclosed data, when combined with what the recipient likely has, would foreseeably reveal video viewing tied to a person.
This approach can be friendlier to plaintiffs because it doesn’t require the disclosure to be human-readable on its face.

Same Test, Different Outcome: The “Ordinary Person” Split Inside the Split

Here’s where it gets spicy: even courts applying the same “ordinary person” standard are splitting on pixel allegations.
A recent analysis highlighted how some New York courts (in the Second Circuit’s orbit) have dismissed pixel-based VPPA claims as too technical or too indirect to qualify as PII,
while some Northern District of California decisions have allowed claims to proceed where the alleged disclosure included clearer identifiers (like name/email) or where a Facebook ID could be used to pull up a profile with identifying information.

The practical reality is that pleadings mattera lot. Small differences in what the pixel allegedly transmitted can change everything:

• “Video title” in the URL vs. a generic page ID
• Email or full name vs. a numeric social-media ID
• Clear “this is a Facebook ID” vs. a buried value in a long request string
• Allegations of easy look-up (“type the ID into a browser”) vs. allegations that require specialized decoding

In other words: courts aren’t just arguing about law. They’re arguing about how the internet worksand whether “an ordinary person” is allowed to know how to copy/paste.

The Big Split #3: Is Your Business a “Video Tape Service Provider” If Video Isn’t the Product?

Another recurring fault line is whether a company is truly “engaged in the business” of delivering video materials, or whether video is just a marketing side dish.
In the new wave of litigation, VPPA claims have targeted everyone from publishers to retailers to brands whose websites include embedded video.
Courts have not been uniform in deciding when that crosses the “VTSP” threshold.

Video Games and “Cut Scenes”: A Cautionary Example

The statute talks about “prerecorded video cassette tapes or similar audiovisual materials.” Plaintiffs have argued that video games qualifyespecially those with cinematic cut scenes.
But at least one recent California federal decision (discussed in a VPPA litigation update) underscored that plaintiffs can’t just say “video game” and call it a day.
They may need to allege that the particular games at issue actually contain prerecorded video content (like cut scenes) to plausibly fit within the VPPA’s scope.

This is a good example of courts pushing back on overly broad pleadingsespecially where VPPA liability would effectively treat any retailer with a checkout page and a marketing video as a federal video privacy provider.

Why the Division Matters: Litigation Risk, Forum Shopping, and Compliance Whiplash

When courts disagree this much, three things happen:

1) Early Motions Become High-Stakes Coin Flips

Many VPPA suits turn on a motion to dismiss.
If “subscriber” is read broadly, a newsletter signup can open the courthouse doors.
If “PII” is read strictly, the same pixel allegations may be tossed as too technical.
Companies can face radically different outcomes before discovery even starts.

2) Plaintiffs Shop for Favorable Jurisdictions

Different circuits (and even different districts) have shown different appetites for pixel-based VPPA claims.
Where a plaintiff files can change the legal standard appliedand the pressure to settle.

3) Businesses Get Mixed Signals on What to Fix

If your risk depends on whether a judge thinks a Facebook ID is “obviously identifying,” compliance planning becomes guesswork.
The best strategy is practical risk reduction: minimize what gets transmitted, and get consent where appropriate.

Practical Takeaways for Sites and Apps That Host Video

This isn’t legal advice, but it is reality-based guidance from the themes courts keep returning to.
If your website or app includes video pages and uses tracking pixels, these steps can reduce VPPA exposure:

Audit Your Video Pages Like They’re Their Own Product

• Inventory where video appears: article pages, help centers, landing pages, embedded players, in-app clips.
• Identify which tags/pixels fire on those pages and what data they collect or transmit.

Stop Sending “Video Titles” Through URLs (If You Can)

• Use opaque identifiers instead of human-readable titles in URLs.
• Prefer POST requests or server-side routing for sensitive parameters.
• Consider stripping query strings before third-party requests fire.

Control What Pixels Transmit

• Disable features that send advanced matching fields unless you truly need them.
• Limit event payloads on pages that contain video players.
• Use consent gates so pixels do not fire until the appropriate permission is obtained.

Make Consent Real, Not Decorative

• If you rely on consent exceptions, document the flow and ensure it’s express where required.
• Keep records of consent mechanisms and changes over timelitigation often digs into “what happened on the site” at a specific moment.

Assume Plaintiffs Will Plead the Pixel Like a Crime Scene Diagram

Modern complaints often include screenshots, network logs, and step-by-step descriptions of what gets transmitted.
If your response is “that’s impossible,” but your own tag manager says “LOL, watch me,” you’re going to have a bad time.

Where This May Go Next

The VPPA’s modern revival is driven by two forces: the law’s statutory damages and the ubiquity of tracking technology around video content.
With appellate courts diverging on who qualifies as a consumer and what counts as PII, the pressure for further clarification will continue.
Legal commentators have noted that widening splits increase the odds of higher-court reviewespecially as businesses and plaintiffs keep filing similar cases nationwide.

In the meantime, the safest assumption is simple:
if you host video and deploy pixels, courts will keep testing your definitions, your data flows, and your consent storyoften with the enthusiasm of someone who just discovered browser developer tools.

Experiences From the Front Lines (Realistic Scenarios Businesses Keep Living Through)

The VPPA court split isn’t just a law-school debate. It shows up in real work, in real meetings, with real people quietly thinking,
“How did a 1988 statute become my 2025 emergency?”

One common experience starts in marketing. A team launches a new campaign page with an embedded product videonothing fancy, just a friendly clip that says,
“Welcome! Here’s what we do!” The same page also runs the usual analytics and ad pixels because, well, that’s what modern pages do.
Weeks later, a demand letter arrives describing the exact video URL a user visited and the pixel calls that allegedly transmitted identifiers to a third party.
The internal reaction is predictable: surprise, confusion, and someone asking if “VPPA” is a new kind of VPN.

Next comes the scramble audit. Legal asks engineering what data was actually sent. Engineering asks marketing what tags are on the page.
Marketing asks a vendor. The vendor asks for a “quick call.” Suddenly, everyone learns the same lesson:
tag managers are powerful, and “we didn’t mean to transmit that” is not a technical control.
Even companies with strong privacy programs find that video pages can be overlooked because they’re scattered across the sitenews articles, blog posts,
product pages, help center tutorials, and “one-off” landing pages built in a hurry.

Another common experience is “jurisdiction roulette.” Companies operating nationally discover that the same allegations can be treated dramatically differently depending on where a case is filed.
In a jurisdiction leaning narrow on “consumer,” the company focuses on the subscription relationship: was the plaintiff truly a subscriber to audiovisual materials,
or just a newsletter recipient? In a jurisdiction more open to broader readings, the company pivots to PII and technical details:
what exactly was transmitted, and could it identify a person’s viewing history?
The work looks less like one unified defense strategy and more like a choose-your-own-adventure book where every ending costs money.

Product teams also report a “design constraint” experience. Once VPPA risk becomes real, teams start changing the way video is delivered and tracked:
replacing readable video titles in URLs with opaque IDs, decoupling account features from video consumption, and delaying third-party tag firing until consent is captured.
Sometimes the fix is simple (don’t fire pixels on video pages). Sometimes it’s politically difficult (marketing wants attribution).
The most successful teams treat it like a systems problem: minimize unnecessary disclosure, implement consent gating that actually works, and document decisions.

Finally, there’s the “posture shift” experience. Many organizations move from “Are we a video business?” to “We deliver video, so we need a video privacy posture.”
That means governance: a video-page inventory, a tag approval process, routine audits, and training so the next person who adds a player doesn’t accidentally add a lawsuit.
In a world where courts disagree on definitions, operational discipline becomes the best defensebecause even if the law is uncertain,
fewer disclosures and clearer consent rarely look bad.