App Users Aren’t “Subscribers” Under the VPPA–Ellis v. Cartoon Network

Many VPPA cases involve free online streaming services. Here, plaintiff alleged that he downloaded the Cartoon Network app, and Cartoon Network then disclosed to Bango, an ad network, plaintiff’s device ID and the videos he viewed. Plaintiff also alleged that Bango easily could derive his identity and thus knew both his identity and the videos he viewed.

The district court rejected plaintiff’s arguments, concluding that plaintiff was a “subscriber” of Cartoon Network, but it did not disclose personally identifiable information to Bango. (Blog post on the district court ruling here: “Android ID Isn’t Personally Identifiable Information Under the Video Privacy Protection Act“.) The Eleventh Circuit affirms on alternate grounds, holding that the plaintiff wasn’t a “subscriber.” Reviewing the case law, the Eleventh Circuit says the following about a subscription relationship:

The dictionary definitions of the term “subscriber” we have quoted above have a common thread. And that common thread is that “subscription” involves some type of commitment, relationship, or association (financial or otherwise) between a person and an entity. As one district court succinctly put it: “Subscriptions involve some or [most] of the following [factors]: payment, registration, commitment, delivery, [expressed association,] and/or access to restricted content.” Yershov, 2015 WL 2340752, at *9. See also Austin-Spearman, 2015 WL 1539052, at *6 (“Whatever the nature of the specific exchange, what remains is the subscriber’s deliberate and durable affiliation with the provider: whether or not for payment, these arrangements necessarily require some sort of ongoing relationship between provider and subscriber, one generally undertaken in advance and by affirmative action on the part of the subscriber, so as to supply the provider with sufficient personal information to establish the relationship and exchange.”).

The court says this ongoing affiliation is lacking here. While the district court relied on the Hulu case for a broad reading of the term “subscriber,” the court says this was incorrect. In the Hulu case, the subscriber created an account and profiles, which is not the case here.


There have been a slew of attempts to hold online service providers liable under the VPPA, but aside from the Beacon lawsuit (which settled), all others have failed. The net result has been unhelpful for privacy advocates because the rulings have limited the VPPA’s reach.

This ruling is common-sensical and provides some much-needed clarity to service providers (perhaps too little too late). There is an argument to be made that downloading an app creates a relationship that is different from merely surfing a website, for example because it may allow (at the user’s election) notifications and updates. Media entities have poured significant resources into developing apps with the hopes of building up subscriber bases. There’s an argument that from their point of view (and perhaps from the average consumer’s as well) people who download apps should be considered subscribers.

Eric’s Comment: the VPPA was a highly specific solution to a narrow problem. It’s unfortunate–and entirely predictable–to see plaintiffs’ lawyers try to stretch this focused solution to cover new technological situations that bear little resemblance to the initial problem motivating the VPPA in the first place; and it’s heartening to see judges not falling for it, even if they have to do highly technical grammar parsing to reach that result. Still, I bet many consumers would be shocked that using Cartoon Network’s app could lead to their reidentification by a third party ad network. It’s hard not to think less of the Cartoon Network brand based on how they handled that relationship.

Case citation: Ellis v. The Cartoon Network, Inc., 2015 WL 5904760 (11th Cir. Oct. 9, 2015)

Related posts:

9th Circuit Rejects VPPA Claims Against Netflix For Intra-Household Disclosures

Court Rejects VPPA Claim Against Viacom and Google Based on Failure to Disclose Identity

Court Says Plaintiff Lacks Standing to Pursue Failure-to-Purge Claim Under the VPPA – Sterk v. Best Buy

Judge Dismisses Claims Against Pandora for Violating Michigan’s Version of the VPPA – Deacon v. Pandora Media

Ninth Circuit Rejects Video Privacy Protection Act Claims Against Sony

AARP Defeats Lawsuit for Sharing Information With Facebook and Adobe

Lawsuit Fails Over Ridesharing Service’s Disclosures To Its Analytics Service–Garcia v. Zimride

Android ID Isn’t Personally Identifiable Information Under the Video Privacy Protection Act

Minors’ Privacy Claims Against Viacom and Google Over Disclosure of Video Viewing Habits Dismissed

Video Privacy Protection Act Plaintiffs Can Proceed Against Hulu Absent Showing of Actual Injury

Judge Boots Privacy Lawsuit Against Pandora but Plaintiffs Can Replead – Yunker v. Pandora

Split 9th Circuit Panel Approves Facebook Beacon Settlement – Lane v. Facebook

No Privacy Claim Against Netflix for Disclosing Viewing Histories and Instant Queue Titles Through Netflix-Enabled Devices — Mollett v. Netflix

Court Declines to Dismiss Video Privacy Protection Act Claims against Hulu

Granick on CISPA’s Deficiencies (With Some of My Own Comments)

Seventh Circuit: No Private Cause of Action Under the Video Privacy Protection Act for Failure to Purge Information–Sterk v. Redbox

Jan.-Feb. 2012 Quick Links, Part 6 (Privacy and more)

Redbox Can be Liable Under the Video Privacy Protection Act for Failure to Purge Video Rental Records — Sterk v. Redbox

Beacon Class Action Settlement Approved — Lane v. Facebook