The Video Privacy Protection Act is no longer a niche statute from the video rental era. Already this year it has become one of the most aggressively litigated privacy laws in the United States, driven by a wave of lawsuits targeting modern tracking technologies and reinforced by a surprising new development: intervention from the Trump administration.
In recent filings, the administration urged federal courts not to weaken or strike down the VPPA, signaling a clear federal interest in preserving the law’s role as a viable privacy enforcement mechanism. That position arrives at a moment of deep uncertainty, as courts across the country reach conflicting conclusions on whether common tools like Meta Pixel violate the statute.
The result is a rapidly evolving legal landscape where VPPA liability may depend less on what a company does and more on where it gets sued.
A Law From 1988 Now Driving Modern Litigation
The VPPA was enacted in 1988 after the disclosure of Supreme Court nominee Robert Bork’s video rental history. Congress responded by creating strict protections against the unauthorized disclosure of a person’s video viewing behavior.
At the time, the law targeted video rental stores. Today, it is being used to regulate digital ecosystems involving:
- Streaming platforms
- Media publishers
- Ecommerce sites with video content
- Educational and nonprofit platforms
The shift has been driven by one core technological reality: websites increasingly embed tracking tools that transmit user activity—including video engagement—to third parties in real time.
These transmissions often include combinations of:
- Video titles or URLs
- Unique identifiers such as cookies or Facebook IDs
- Device or session-level metadata
Plaintiffs argue that when these elements are combined, they constitute the disclosure of “personally identifiable information” tied to video viewing—triggering VPPA liability.
Trump Administration Signals Support for VPPA Enforcement
Against this backdrop, the Trump administration has entered the debate with a clear message: courts should not dismantle the VPPA simply because it is being applied to modern technology.
Government filings emphasize that the core purpose of the law remains intact. Video viewing behavior is inherently sensitive, and technologies that expose that behavior to third parties raise legitimate privacy concerns regardless of whether the medium is a VHS tape or a streaming player.
This position is notable because it reflects continuity in privacy enforcement priorities across administrations. While broader federal privacy legislation remains stalled, existing statutes like the VPPA are increasingly being used to fill the gap.
The administration’s argument also reinforces a growing regulatory theme: legacy privacy laws are not obsolete—they are adaptable.
Courts Split on Meta Pixel and VPPA Liability
While federal policymakers are signaling support for enforcement, courts are moving in different directions. Two recent decisions illustrate just how fractured the legal landscape has become.
Goodman v. Hillsdale College: Expanding VPPA Exposure
In Goodman v. Hillsdale College, a federal court in Michigan allowed a VPPA claim to proceed based on allegations that the college used Meta Pixel to transmit users’ video viewing activity along with Facebook identifiers.
The court found that pairing a Facebook ID with specific video content could plausibly constitute the disclosure of personally identifiable information under the statute. This interpretation significantly broadens VPPA risk, extending it to entities far beyond traditional media companies.
The case quickly settled, but its impact remains. It signaled that nonprofits, educational institutions, and content-driven organizations could all face liability if they use third-party tracking tools in connection with video content.
Berryman v. Reading International: A Narrower Approach
Just weeks later, a federal court in New York reached the opposite conclusion in Berryman v. Reading International, Inc..
There, the court dismissed a similar VPPA claim, holding that the data transmitted through Meta Pixel did not meet the statute’s definition of personally identifiable information. The court applied an “ordinary person” standard, asking whether a typical individual could identify a user based on the data being shared.
The answer, according to the court, was no.
This narrower interpretation limits VPPA exposure and aligns with prior appellate precedent in the Second Circuit. But it also creates a direct conflict with the reasoning in Goodman.
Forum Shopping Becomes a Real Risk
The divergence between these cases highlights a critical trend: VPPA liability is becoming jurisdiction-dependent.
In practical terms, this means:
- The same technology could be lawful in one jurisdiction and actionable in another
- Plaintiffs may strategically file cases in favorable courts
- Companies face inconsistent compliance obligations across the country
This type of fragmentation is not new in privacy law, but the speed at which it is emerging in VPPA litigation is striking.
Supreme Court Steps In: Defining a “Consumer”
The U.S. Supreme Court is already preparing to weigh in on a key VPPA issue in Salazar v. Paramount Global, a case that could reshape the scope of the statute.
At issue is a deceptively simple question: who qualifies as a “consumer” under the VPPA?
Lower courts are divided on whether individuals who sign up for free services—such as email newsletters—can be considered consumers when they later interact with video content on the same platform.
If the Supreme Court adopts a broad definition, the VPPA could apply to a much larger pool of users, dramatically expanding potential liability.
If it adopts a narrow definition, many current lawsuits could collapse.
Either way, the decision will provide much-needed clarity in a space where uncertainty currently dominates.
Why the VPPA Is Driving So Much Litigation
The VPPA’s resurgence is not accidental. It reflects a structural gap in U.S. privacy law.
Unlike the GDPR in Europe, the United States does not have a single comprehensive federal privacy statute. Instead, enforcement relies on a mix of sector-specific laws, state statutes, and regulatory authority.
The VPPA stands out because it offers:
- A clear prohibition on disclosure of video viewing data
- A private right of action
- Statutory damages of up to $2,500 per violation
Those features make it an attractive tool for plaintiffs’ attorneys, particularly in class action contexts where damages can scale quickly.
At the same time, companies often deploy tracking technologies without fully understanding how they interact with video content, creating exposure that is both widespread and, in many cases, unintended.
Old Laws, New Technology, New Plaintiffs
The VPPA litigation wave is part of a larger pattern in U.S. privacy enforcement.
Courts are increasingly being asked to apply older statutes to modern technologies, including:
- Wiretapping laws like CIPA and ECPA
- Biometric privacy laws
- Sector-specific statutes like the VPPA
These laws were not designed for the internet as it exists today. But they are being adapted in real time, often through litigation rather than legislation.
The Trump administration’s position suggests that federal policymakers are comfortable with this approach. Instead of waiting for new laws, they are supporting the continued use of existing frameworks.
What This Means for Companies
For businesses, the implications are immediate.
VPPA risk is not limited to streaming platforms or media companies. It can arise anywhere video content and third-party tracking intersect.
Common exposure points include:
- Marketing pages with embedded videos and tracking pixels
- Product pages featuring video demonstrations
- Educational content platforms
- Blogs or content hubs using video players
In many cases, the risk is not obvious. It arises from backend data flows rather than visible functionality.
That is why companies need to understand:
- What data is collected when a video is viewed
- Where that data is transmitted
- Whether identifiers are included
- What consent mechanisms are in place
Captain Compliance Takeaway
First of all if you’ve read this far you will want to get compliant and make sure that you get a free privacy audit from our team to get your site compliant. The VPPA is no longer a legacy statute. It is a frontline enforcement tool shaping how companies manage video-related data.
With the Trump administration backing its continued application, courts divided on key issues, and the Supreme Court preparing to weigh in, the trajectory is clear: VPPA litigation is not slowing down.
Companies that rely on video content should treat this as a compliance priority, not a theoretical risk.
Because the reality is that today privacy enforcement is not waiting for new laws. It is being built from the ones already on the books and legal AI tools are making it so easy to file video lawsuits and other private right of action privacy suits that the only protection option is Captain Compliance. As they said in the video tape heydays: “Anything less would be uncivilized.”
