Collegiate Sports Team Websites Are New Target in Privacy Class-Action Litigation
Since March of this year, at least four purported class action lawsuits have been filed against universities, their affiliated athletic organizations, and the alleged operators of their athletic team websites, Sidearm Sports LLC and Learfield Communications LLC.
These cases allege that websites using Meta (Facebook) Pixel and other technology to monitor website traffic or activity violate the federal Video Privacy Protection Act and state and federal wiretapping statutes. An uptick of class action litigation under the VPPA began in 2022 with cases brought against a wide range of businesses, including media outlets, movie studios, streaming services, restaurants and professional sports organizations. Well over 50 cases have been filed alleging VPPA violations arising from use of Meta Pixel since early 2022.
Recent cases have been filed against the University of Florida, the University of Nebraska, the University of Texas at Austin and the University of Southern California. In the most recent case, the plaintiffs identified 173 collegiate team websites that they allege use some form of website tracking technology.
This article provides an overview of the recent litigation and best practices for universities to mitigate risk related to the underlying privacy issues and potential litigation in this arena.
Meta Pixel & Other Website Tracking Tools
Meta Pixel is a tool that can be used to track website user activity. Depending on how Meta Pixel is configured on a particular website, the Pixel code can share certain information about a user’s interaction with a website from that website to Meta. If the user has independently logged onto Facebook, it may be possible for Meta to link such activity to a Facebook user.
Other website tracking tools may collect, store and/or share information about website use. Such tools may allow businesses to engage in targeted advertising, provide customized results to users or gain other insight about website activity.
Video Privacy Protection Act of 1988
VPPA is one of the earliest federal privacy laws, enacted in response to concerns about brick-and-mortar video tape rental companies disclosing information about a customer’s rental records. Congress passed the law after Robert Bork’s VHS tape rental history leaked during his Supreme Court confirmation hearings. VPPA prohibits a “video tape service provider” from disclosing certain personally identifiable information (PII) of a consumer, including information that identifies a person as having requested specific video materials, without their consent. A video tape service provider includes any person engaged in the business of the rental, sale or delivery of video tapes or “similar audio visual materials.”
Despite its analog origins, plaintiffs’ class-action attorneys have attempted to apply this statutory language to new technology. With the rise of online streaming services in the 2010s, those providers became a focus of VPPA claims. That litigation led to an amendment to the VPAA to allow disclosure of PII after obtaining informed, written consent from consumers.
Over the past 18 months, plaintiffs’ counsel have targeted other types of businesses with websites providing online video content and using Meta Pixel. These cases allege that businesses violate VPPA by using Pixel to disclose PII about a website user’s video-viewing history to Meta. In a class action, with $2,500 in statutory damages per alleged VPPA violation, the potential damages could be substantial. Plaintiffs’ attorneys may also seek punitive damages and attorneys’ fees.
The cases against universities and their team website operators are in the very earliest stages, and motions to dismiss have not yet been fully briefed or decided in the currently filed cases.
A handful of federal courts have addressed VPPA claims arising from use of Pixel on other types of websites. Those cases demonstrate that outcomes on motions to dismiss are uncertain and may be highly fact-specific and dependent on jurisdiction. For example, two district courts have dismissed VPPA claims for livestream content (in contrast to prerecorded content), and one district court dismissed a VPPA claim after concluding the Pixel settings alleged in that case did not result in disclosure of PII as defined by the VPPA. Other courts have denied motions to dismiss VPPA claims based on the use of Meta Pixel, allowing cases to proceed to discovery.
In the most recent collegiate team website case, filed against the University of Southern California, plaintiffs also allege violations of state and federal wiretapping statutes. Plaintiffs cite use of Meta Pixel, as well as Google’s Programmable Search Engine and other website tracking tools, as the foundation for claims under the Federal Wiretap Act and California statutes and common law theories. Plaintiffs allege that those tools impermissibly intercept electronic communications without adequate notice to users.
Wiretapping claims based upon website use of Meta Pixel, Google PSE or other tools are a new variation of consumer privacy litigation. At this point, there are no published decisions on motions to dismiss these claims.
Best Practices and Next Steps
Robinson Bradshaw’s lawyers are assisting clients in responding to VPPA litigation, and we regularly counsel clients on website privacy issues. For assistance in mitigating risks associated with use of these technologies and to assist with litigation that may be threatened or filed, contact Adam Doerr, David Kimball or Kate Maynard, CIPP-US/CIPM.