In a recent decision from the Southern District of Florida, U.S. District Judge Robert N. Scola, Jr. denied class certification of a proposed class of paid Univision NOW subscribers who assert that Univision NOW’s use of the Meta Pixel violates the Video Privacy Protection Act (VPPA). The three proposed class representatives allege D2C, LLC, doing business as Univision NOW, violated the VPPA by disclosing their personal viewing information using pixel software from Meta Platforms. The plaintiffs claim Univision NOW disclosed information linking them to specific videos that they watched. The plaintiffs sought class certification of Univision NOW subscribers whose viewing information was allegedly disclosed to Meta between April 2021 and May 2023. Judge Scola denied class certification, finding the plaintiffs failed to meet the numerosity requirement for class certification.
What is the VPPA?
In 1988, Congress passed the VPPA in response to concerns about consumer privacy in the age of video rentals. This legislation was spurred by concerns over disclosure of Judge Bork’s video rental history, which emerged during his SCOTUS confirmation hearing. The VPPA precludes videotape service providers from disclosing a consumer’s personal identifying information (PII), together with their video viewing history, and it provides for actual or liquidated damages of $2,500 per violation of the law. In recent years, there has been an increase in new privacy class actions under the VPPA against website owners with video functionality on their websites.
The Univision Now Case
Judge Scola’s decision hinged primarily on the issue of numerosity—one of the four key requirements for class certification under Federal Rule of Civil Procedure 23(a). To satisfy the numerosity requirement, plaintiffs were required to show that the number of individuals affected by the purported VPPA violation was large enough that it would be impractical to bring each case individually. The plaintiffs initially argued that Univision NOW automatically disclosed the viewing information of its 35,845 subscribers, but acknowledged there were several impediments to Univision NOW’s transmission of information to Meta.
The court explained that the plaintiffs’ theory of automatic data transmission was undercut by their own concessions and Univision NOW’s expert testimony, which suggested several conditions must be met for the Pixel to actually transmit PII. Specifically, the court found that in addition to viewing or selecting a prerecorded video through Univision NOW’s website, a subscriber also must have (1) had a Facebook account at the time the video was selected; (2) used a web browser that did not block the Pixel by default; (3) been simultaneously logged into the subscriber’s own Facebook account while selecting the video; (4) been simultaneously logged into Facebook on the same device that the subscriber used to select the video; (5) been simultaneously logged into Facebook using the same browser through which the subscriber selected the video; and (6) not deployed any number of browser settings or add-on software that would have blocked the Pixel. Crucially, while the court found that the class was ascertainable, it also found that class certification was not warranted because the plaintiffs failed to carry their burden to show that Univision NOW disclosed the personally identifiable information of and record of videos viewed by even a single subscriber—including that of the three named plaintiffs.
Although the plaintiffs attempted to save prospects of class certification by reducing the potential class to approximately 17,000 individuals based on estimates of individuals who use Facebook and individuals who use certain popular web browsers, Judge Scola ruled that these estimates were too speculative. Without a means to determine class size, the court found the plaintiffs failed to meet the numerosity requirement.
Conclusion
Judge Scola’s decision to deny class certification in this case is a significant victory for Univision NOW. While the plaintiffs can still pursue individual claims, their failure to secure class certification limits the scope and potential impact of their lawsuit.
For companies that provide video content and use tracking technologies like pixels, this decision reinforces the need to closely monitor their data-sharing practices and ensure compliance with privacy laws.