Skip to content

Wayne State University

Aim Higher

Nov 30 / Isidoro Alastra

Protecting Consumer Viewing Habits: Reflections on the Video Privacy Protection Act

Written by Ann M. Schultz 

In September of 1987, I was looking forward to my eleventh birthday and completely unaware of the controversy that was brewing in regard to President Ronald Reagan’s nomination of Robert Bork to serve on the United States Supreme Court.  That fall, as I roller-skated down quiet, tree-lined suburban streets in a small Midwestern neighborhood, the U.S. Senate Judiciary Committee held a five-day long confirmation hearing to determine whether Federal Judge Robert Bork would become Supreme Court Justice Robert Bork.

During that hearing, Robert Bork’s personal video rental history came under scrutiny after Washington City Paper reporter, Michael Dolan, walked into a Washington D.C.-area video store and requested a copy of Bork’s rental records (Dolan, n.d.).  Although Bork’s taste in videos was rather unexceptional, including such popular and innocuous films as A Day at the Races, Ruthless People, and The Man Who Knew Too Much, Dolan’s public disclosure of the information in the now infamous newspaper article set off a firestorm of criticism and controversy throughout the nation regarding the right to privacy and the limits of the government’s right to know (“Robert Bork,” 2013).

Ironically, Dolan convinced his editor to print the video rental story based on Bork’s own professional legal writings, which argued that the U.S. Constitution does not directly confer broad privacy rights on citizens (Dolan, n.d.).  According to Bork’s originalist interpretation of the Constitution, the only privacy rights that individuals enjoy are those that are specifically granted by federal and state laws (“Robert Bork,” 2013).

Nevertheless, in response to the information leak and the resultant debate, Congress enacted the Video Privacy Protection Act of 1988 (VPPA) (“Robert Bork,” 2013).  This law forbids video rental stores from releasing customer rental records without the informed, written consent of the patron (Center for Democracy and Technology, 2013).  Additionally, the Act requires rental providers to destroy personally identifiable consumer information within one year of the date that it is no longer needed for the purpose for which it was originally collected (Center for Democracy and Technology, 2013).  Video rental stores that fail to adhere to the provisions of this law may be liable for actual damages in the amount of $2,500.00 per individual, as well as punitive damages, attorney fees, and court costs (18 U.S.C. § 2710).  Perhaps surprisingly, this law has become one of the strongest protections that Americans have against the disclosure of private information.

Despite the passage of time, the Video Privacy Protection Act is still relevant some twenty-five years after its introduction.  In an online article for CNET earlier this year, writer Jason Cipriani discussed ways in which customers can modify their user account settings in order to help protect their privacy in the midst of the new social integration of Netflix and Facebook.  Netflix (n.d.) is an American company that offers film and television content to viewers via an Internet streaming service, while Facebook (n.d.) is a social networking website “that connects people with friends and others who work, study, and live around them.”  While “video rental” may look vastly different now than it did in 1988, the provisions of the Video Protection Act remain applicable and enforceable (“Video Privacy Protection Act,” 2013).  In fact, even in this age of digital streaming, viewer data is still sensitive, personal information that many individuals would prefer to keep private.

Proof of this fact comes in the form of several lawsuits that have been filed against various media companies over the past five years.  For instance, consumers filed a class action lawsuit in 2008 against Blockbuster, Inc. in regards to its customer information privacy policies.  This litigation involved a Texas consumer’s complaint that Blockbuster Online disclosed customer rental and sales records to Facebook without the informed consent required by the VPPA (“Video Privacy Protection Act,” 2013).  Specifically, the complaint alleged that: “Defendant clearly knows that plaintiffs’ and class members’ personally identifiable information was and currently still is being distributed to Facebook because defendant’s Web site pop-up screen tells plaintiffs and class members that their information is being sent to Facebook every time plaintiffs and class members rent, purchase or add a movie to their queue” (Vijayan, 2008).

In practice, Blockbuster’s participation in Facebook’s Beacon advertising program resulted in a Blockbuster Online user’s video “rental” selections being transmitted to Facebook, which would then in turn automatically communicate the choice to the user’s Facebook friends (Harris v. Blockbuster Inc., 2009).  All this occurred without the permission of the affected customer.  The case was eventually settled out of court for several million dollars, but Blockbuster did agree as part of the terms of the settlement agreement to cease all participation in the Facebook Beacon program (Harris v. Blockbuster Inc., 2010).  The company also agreed to include a disclosure on its website regarding its privacy policies, as well as a disclosure regarding the terms of the Video Privacy Protection Act (Harris v. Blockbuster Inc., 2010).

In another lawsuit, Doe v. Netflix, which was filed in 2009, a California resident sued Netflix for privacy invasion after Netflix disclosed two large datasets from 480,000 customers to more than 50,000 people (Singel, 2009).  These datasets contained “100 million movie ratings, along with the date of the rating, a unique ID number for the subscriber, and the movie info[rmation]”, and were released as part of a contest to help Netflix improve its movie recommendation algorithm (Singel, 2009).  The Plaintiff, a mother and closeted-lesbian, alleged that Netflix “made it possible for her to be outed when it disclosed insufficiently anonymous information about nearly half-a-million customers as part of its $1 million contest” (Singel, 2009).  Plaintiff’s counsel argued that this action violated both fair-trade laws and the Video Privacy Protection Act (Singel, 2009).

Shortly after the contest started, two researchers from the University of Texas actually “identified several Netflix users by comparing their ‘anonymous’ reviews in the Netflix data to ones posted on the Internet Movie Database website,” including “identifying their political leanings and sexual orientation” (Singel, 2009).  In the complaint filed by the Plaintiff, her attorneys argued that “marketers [would] suck up the data, combine it with other data sets and start pigeon-holing people into marketing categories based on assumptions about the movies they rated” (Singel, 2009).  The Plaintiff’s attorneys also argued persuasively:

[M]ovie and rating data contains information of a more highly personal and sensitive nature. The member’s movie data exposes a Netflix member’s personal interest and/or struggles with various highly personal issues, including sexuality, mental illness, recovery from alcoholism, and victimization from incest, physical abuse, domestic violence, adultery, and rape.

The Plaintiffs’ and class members’ movie data and ratings, which were released without authorization or consent, have now become a permanent, public record on the Internet, free to be manipulated and exposed at the whim of those who have the Database.

(Singel, 2009)

Moreover, Jane Doe reported in the complaint that she instigated the lawsuit against Netflix because she believed that “were her sexual orientation public knowledge, it would negatively affect her ability to pursue her livelihood and support her family and would hinder her and her children’s ability to live peaceful lives” (Singel, 2009).  Ultimately, this case was dismissed in 2010 (Jane Doe v. Netflix, 2010).  Unfortunately, because the settlement agreement was confidential in nature, it is not entirely clear what impact this lawsuit has had on Netflix’s privacy policies and practices (Jane Doe v. Netflix, 2010).  Notably, however, Netflix did modify its privacy policy in 2012 so that it no longer retains the viewing history records of former customers (Farivar, 2012).  In addition, Netflix altered its data retention policy so that it decouples viewing history from personally identifiable information for those customers whose accounts have been inactive for at least one year (Farivar, 2012).

With the recent marriage of Facebook and Netflix, it will be interesting to see whether these two Internet giants have learned anything from the events of the last few years.  In the meantime, while consumers wait to see how this new partnership works out in the legal arena, Netflix customers can take certain steps to help protect themselves and their viewing habits from the scrutiny of strangers.  Consumers can opt out of sharing their viewing history with their Facebook friends by visiting their account settings page (Cipriani, 2013).  Currently, sharing viewing habits with Facebook friends on Netflix is enabled by default, “while sharing directly to Facebook is disabled by default” (Cipriani, 2013).  Users can make any desired changes “by logging in [at] Netflix.com,” “clicking on the ‘my account’ link at the top” of the page, clicking on the “preferences” category, and then clicking on “social settings” (Cipriani, 2013).  From the “social settings” menu, users “can disable sharing to Netflix across the board, or enable sharing what [they are] watching to Facebook” (Cipriani, 2013).  Users “can also unshare items individually on a title-by-title basis” (Cipriani, 2013).

As technology enables people, companies, and governments to increasingly intrude into the private affairs and the everyday lives of individuals, to trespass on personal boundaries, and to divulge closely-guarded secrets, it is good to know that there are laws like the Video Privacy Protection Act in place to protect Americans.  However, even the strongest piece of legislation cannot protect a citizenry that is unwilling to stand up and demand that these laws be followed and that their rights be respected and honored.  It is disheartening that major corporations are still knowingly violating the VPPA two and a half decades after Robert Bork’s unsuccessful bid to become a U.S. Supreme Court Justice.

Discussion Question(s):

  1. Do you think that the Video Privacy Protection Act is still sufficient to protect the privacy rights of American citizens?  Why or why not?
  2. What purposes do you think are served by protecting the viewing and borrowing histories of American citizens (e.g., national purposes, personal purposes, etc.)?

Ann M. Schultz is a licensed Michigan attorney.  She received her Juris Doctor from Michigan State University College of Law, and her Bachelor of Arts in English and Psychology from Albion College.  She expects to receive her Master in Library and Information Science with a Certificate in Information Management in 2014 from the Wayne State University School of Library and Information Science.

References

Bork, R. H.  (1990).  The right of privacy: The construction of a Constitutional time bomb. Principles of Constitutional Interpretation, pgs. 311-14. Reprinted from The Tempting of America: The Political Seduction of the Law.

Center for Democracy and Technology.  (2013).  Existing Federal privacy laws.  Cdt.org. Retrieved November 24, 2013, from https://www.cdt.org/privacy/guide/protect/laws.php#ecpa

Cipriani, J.  (2013, Mar. 15).  Get to know Netflix and its new Facebook integration.  CNET. Cnet.com.  Retrieved November 24, 2013, from http://howto.cnet.com/8301-11310_39-57574554-285/get-to-know-netflix-and-its-new-facebook-integration/

Dolan, M. (n.d.).  The Bork tapes saga.  The American Porch: An Informal History of an Informal Place.  Theamericanporch.com.  Retrieved November 24, 2013, from http://www.theamericanporch.com/bork2.htm

Facebook.  (n.d.).  Home.  Facebook.com. Retrieved November 24, 2013, from www.facebook.com/home.php‎

Farivar, C.  (2012, July 30).  Class-action lawsuit settlement forces Netflix privacy changes. Arstechnica.  Arstechnica.com.  Retrieved November 24, 2013, from http://arstechnica.com/tech-policy/2012/07/class-action-lawsuit-settlement-forces-netflix-      privacychanges/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29

Harris v. Blockbuster Inc., 622 F.Supp.2d 396 (N.D. Tex. Apr. 15, 2009), Memorandum Opinion

Harris v. Blockbuster Inc., 622 F.Supp.2d 396 (N.D. Tex. Feb. 1, 2010), Settlement Agreement

(aka, Lane v. Facebook – Blockbuster Settlement) (Civil Action No. 3:09-cv-217-M), Retrieved November 24, 2013, from http://www.scribd.com/doc/28540910/Lane-v-Facebook-Blockbuster-Settlement

Jane Doe v. Netflix, (N.D. Cal. Mar. 19, 2010), Notice of Dismissal (Case No. C09-05903-JW-PVT)

Netflix.  (n.d.).  Company overview.  Netflix.com.  Retrieved November 24, 2013, from https://signup.netflix.com/MediaCenter/Overview

Robert Bork.  (2013, November 22).  In Wikipedia, The Free Encyclopedia.  Retrieved November 24, 2013, from http://en.wikipedia.org/w/index.php?title=Special:Cite&page=Robert_Bork&id=582838191

Singel, R.  (2009, Dec. 17).  Netflix spilled your Brokeback Mountain secret, lawsuit claims. Wired.  Wired.com.  Retrieved November 24, 2013, from http://www.wired.com/threatlevel/2009/12/netflix-privacy-lawsuit

Video Privacy Protection Act.  (2013, June 28).  In Wikipedia, The Free Encyclopedia. Retrieved November 24, 2013, from http://en.wikipedia.org/wiki/Video_Privacy_Protection_Act

Video Privacy Protection Act of 1988.  18 U.S.C. § 2710.

Vijayan, J.  (2008, Apr. 18).  Blockbuster sued over Facebook Beacon information sharing. Computerworld.  Computerworld.com. Retrieved November 24, 2013, from http://www.computerworld.com/s/article/9078938/Blockbuster_sued_over_Facebook_Beacon_information_sharing?taxonomyId=146&taxonomyName=standards_and_legal_issues

Zetter, K.  (2009, Nov. 6).  Lawsuit accuses Facebook of conspiring to break video-privacy law. Wired.  Wired.com. Retrieved November 24, 2013, from http://www.wired.com/threatlevel/2009/11/beacon/