As Halloween has people thinking of ghosts and ghouls, creative plaintiffs’ attorneys have turned an arcane New Jersey law into a true source of fright for virtually anybody who offers services that are even potentially available within the Garden State.
The law at issue is the New Jersey Truth in Consumer Contract, Warranty, and Notice Act (“TCCWNA”), which was enacted in 1981 with good intentions: to prevent businesses from advertising terms that violate state law in order to cow consumers into doing business under those terms even though they were unenforceable. For example, a storage space rental company might violate the law by requiring a consumer to release it from liability for personal injuries on company property, even though such a waiver is unenforceable under New Jersey Law. The statute provides seemingly modest damages of $100 per violation.
But the TCCWNA does not require a consumer to actually have been hurt by any illegal term or provision and, in fact, it allows for a cause of action to be brought even by a mere “prospective consumer.” In 1981, this likely made little difference to brick-and-mortar businesses, for whom the only individuals who may have seen a violative contract or term would be those who sought it out. But in the age of the Internet, everybody is a potential consumer, and one may shop for dozens of products from the comfort of one’s own desk in a single afternoon. Each time that one of these individuals views the website and, even theoretically, considers purchasing a product or service, that individual becomes a potential plaintiff under the TCCWNA.
This has opened the door to suits against virtually any retailer that has a website that can be accessed in New Jersey—unless the terms offered by such retailers are fully compliant with New Jersey law or clearly indicate what provisions would be invalid in New Jersey, there is a chance that those retailers could be found to violate the TCCWNA. And although statutory damages of $100 may not seem scary, those damages are awarded on a per-violation—that is, per-consumer—basis. And plaintiffs’ attorneys have begun to bring class actions alleging that every single New Jerseyan who has accessed a given website is a “potential consumer” under the statute, opening the door to potentially massive liability.
The news is not all bleak: a federal judge in New Jersey recently dismissed a TCCWNA case against the car rental company Hertz relying on a recent Supreme Court case that bars lawsuits by plaintiffs who have suffered no more than a “bare procedural harm” without any real injury. But it is not yet clear if other judges will follow suit, and even if they do, that ruling will not help defendants who may find themselves stuck in state court. Until the courts or the New Jersey legislature provide clearer and more meaningful protection, businesses may find themselves being forced to comply with New Jersey law no matter where they may be located.
In an important decision in a federal court case in New Jersey, In Re Nickelodeon Privacy Litigation, Google and Viacom obtained a dismissal of a claim against them under the Video Privacy Protection Act (“VPPA”). The decision narrows the scope of who can be liable under the VPPA and what information is within the scope of the statute.
Congress passed the VPPA in 1988 after Robert Bork, a nominee for the U.S. Supreme Court, had his video rental history published during the nomination process. While Judge Bork’s viewing habits were unremarkable, members of Congress became understandably concerned that any individual’s private viewing information could easily be made public. The VPPA makes any “video tape service provider” that discloses rental information outside the ordinary course of business liable for $2,500 in damages per person, in addition to attorneys’ fees and punitive damages. There is no cap on the damages that plaintiffs can be awarded under the statute and cases are typically brought as class actions with large groups of plaintiffs.
In 2013, Congress passed and President Obama signed the first major change to the VPPA since it was enacted, the Video Privacy Protection Act Amendments Act of 2012. These amendments made it easier for companies to obtain consent from consumers to share their video viewing history. The amendment removed the requirement that video service providers obtain written consent from users every time a user’s viewing choice is disclosed. Additionally, the amendment allowed for a provider to obtain a user’s consent online and that the consent can apply on an ongoing basis for two years as long as the user is given the opportunity to withdraw that consent. The amendments were enacted in response to the interest by consumers in sharing videos on social media platforms.
Viacom owns and operates three websites through which users can stream videos and play video games. The plaintiffs in the lawsuit were registered users of those websites. When a user registered with the site, that individual would be assigned a code name based on that user’s gender and age. The plaintiffs alleged that the user code name would be combined with a code that identified which videos the user watched and that code was disclosed by Viacom to Google. The plaintiffs sued Viacom and Google alleging among other things that this disclosure was a violation of the VPPA.
The VPPA claim against Google was dismissed because the court found that Google was not a “video tape service provider” (“VTSP”) as required for liability under the statute. The court reasoned that Google is not “engaged in the business of renting, selling, or delivering either video tapes or similar audio materials.” Some courts have shown a willingness to extend the definition of a VTSP to companies such as Hulu and Netflix that offer video-streaming services, but the court in this case stopped short of extending it to Google, a company that does not offer video services as its main business.
The VPPA claim against Viacom failed because the court found that, even if Viacom were a VTSP, an issue the court did not reach, Viacom did not release personally identifiable information to Google, which is required to have occurred under the VPPA. The court concluded that “anonymous user IDs, a child’s gender and age, and information about the computer used to access Viacom’s websites” – even if disclosed by Viacom – were not personally identifiable information.
With its potential for large damages there has been a recent uptick in cases filed under the VPPA. Recently, plaintiffs have filed cases against well-known media companies including Hulu, Netflix, ESPN, the Cartoon Network, and The Wall Street Journal. These cases have started to show a trend in shifting away from the intended defendants, companies whose main line of business is renting and selling videos, and toward companies that provide streaming video as part of their business.
The line drawn by the court in this case of who can be considered a VTSP could be a significant win for companies that offer mobile apps with streaming video capabilities by limiting the definition of a VTSP to companies that are in the business of renting or selling videos. Such a limitation would be welcome by many operators of new technologies. Given the vast number of devices and platforms that deliver video content of some kind, an expansion of the definition of a VTSP could lead to a flood of litigation involving companies that are not in the business of renting or selling videos and were not the intended defendants under the statute.
While this decision will not stop the recent uptick in VPPA litigation, it will provide courts with guidance as how to determine who should be liable under the VPPA. The text of the VPPA was written in a way that did not anticipate the current environment where streaming video is available on a multitude of devices. As more cases are filed, the limits of the statute’s scope will be tested. However, this court’s decision provides precedent for a common sense approach to determining who should be held liable under the VPPA.