While more U.S. states are introducing and enacting privacy legislation, plaintiffs are turning to decades-old laws regarding wiretapping and video content to pursue claims against companies using ad tracking technology such as Meta Platforms Inc.’s Pixel tracking tool. There has been a significant increase in privacy litigation, particularly by private litigants in the last year.
Meta Pixel Cases
In 2022, dozens of class action lawsuits were filed regarding the Meta Pixel tracking tool. The Meta Pixel is code that can be used on a company’s website to track user activity. Used by companies for targeted advertising, the code transmits certain information about a user’s interaction with a website that uses the Pixel to Meta, including the HTTP headers, pixel-specific data (Pixel ID and cookie), and other information based on company configuration.
Video Privacy Protection Act of 1988 (VPPA)
Many of these cases allege a violation of the Video Privacy Protection Act of 1988 (VPPA) by use of the Meta Pixel. The VPPA is a federal law that prohibits videotape service providers from “knowingly disclos[ing], to any person, personally identifiable information concerning any consumer of such provider...” Under the VPPA, “personally identifiable information” is defined as “includ[ing] information which identifies a person as having requested or obtained specific video materials or services from a video tape service provider.” According to the VPPA, a “video services provider” is defined as “any person, engaged in the business, in or affecting interstate or foreign commerce, of rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials…” which has been interpreted in court cases as extending to websites streaming online video. States followed by enacting their own versions of the federal law, some of which expanded protected materials.
These lawsuits allege that companies that stream online video content on their websites and use the Meta Pixel violated the VPPA by transmitting personally identifiable information about a user to Meta. Earlier lawsuits filed focused on companies whose business significantly involved video content (e.g., Patreon).
Some courts have dismissed these VPPA Meta Pixel cases already while others have allowed them to survive the motion to dismiss stage. Ambrose v. Boston Globe Media Partners LLC, a case in federal court in the District of Massachusetts, was one of the earliest VPPA Meta Pixel class action lawsuits filed. In September 2022, the case survived the defendant’s motion to dismiss as the judge ruled that the plaintiff had stated a viable claim, although the court may later determine that the website does not transfer the plaintiff’s personally identifiable information to Meta as alleged.
Martin v. Meredith Corp. was a Meta Pixel case filed in the SDNY alleging the media company, which operates various websites including People.com, violated the VPPA. The court dismissed the case on the grounds that the “version of the Facebook Pixel used on People.com sends only the Facebook ID and the name of the webpage that a user accessed” and thus it did not send personally identifiable information under the definition of the statute (i.e., information about whether an individual “requested or obtained specific video materials or services.”)
Lawsuits involving the Meta Pixel are also being filed alleging violations of federal and state wiretapping laws. These cases are a variation of the lawsuits filed regarding session-replay software and similar technology. Stewart v. Advocate Aurora Health, Inc. was filed in October of 2022 against Advocate and Meta alleging, among other claims, that they violated the Electronic Communications Privacy Act. This case has been transferred to the Eastern District of Wisconsin and it is yet to be seen whether it survives the motion to dismiss.
Plaintiffs are also utilizing strong state wiretapping laws. Earlier this year, a class action lawsuit was filed in California against the UCSF Medical Center, Doe v. Regents of the University of California, alleging a violation of the California Invasion of Privacy Act among other claims for its use of the Meta Pixel on its website and patient portal. There has been no ruling on the defendant’s motion to dismiss yet. Wiretapping cases regarding the use of the Meta Pixel appear to be in the early stages, but it is likely there will be a drastic uptick in these lawsuits as well.
In these cases, plaintiffs are also often asserting common law invasion of privacy violation claims. The cases generally assert that plaintiffs had a legitimate expectation of privacy regarding their private information and expectation that the defendant would not disclose this information to third parties without their consent.
Given the significant increase in class action lawsuits alleging violations of the VPPA or wiretapping laws for use of Meta Pixel tools, companies should be aware of whether they are using Meta Pixel and, if so, what information it is collecting and transmitting to Meta. Buchanan's class action defense team can assist companies mitigate the risk of potential lawsuits and defend companies in these types of lawsuits.